Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exe

Overview

General Information

Sample name:Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exe
Analysis ID:1525542
MD5:9ccb17aea35fa5197fcd4d56152c200d
SHA1:16818b455637cf8f15c0e6d93d24ea554f08071f
SHA256:50eae2b11320442a2ac89762a8bac816626850ac2563312a9b421d692fdd8ac2
Tags:DHLexeFormbookuser-abuse_ch
Infos:

Detection

AgentTesla
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected AgentTesla
Yara detected AntiVM3
AI detected suspicious sample
Check if machine is in data center or colocation facility
Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)
Contains functionality to detect sleep reduction / modifications
Contains functionality to log keystrokes (.Net Source)
Machine Learning detection for sample
Maps a DLL or memory area into another process
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Switches to a custom stack to bypass stack traces
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Writes to foreign memory regions
Yara detected Generic Downloader
Checks if the current process is being debugged
Contains functionality for read data from the clipboard
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to launch a program with higher privileges
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Creates processes with suspicious names
Detected potential crypto function
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May check the online IP address of the machine
OS version to string mapping found (often used in BOTs)
PE file contains an invalid checksum
Potential key logger detected (key state polling based)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara signature match

Classification

  • System is w10x64
  • cleanup
NameDescriptionAttributionBlogpost URLsLink
Agent Tesla, AgentTeslaA .NET based information stealer readily available to actors due to leaked builders. The malware is able to log keystrokes, can access the host's clipboard and crawls the disk for credentials or other valuable information. It has the capability to send information back to its C&C via HTTP(S), SMTP, FTP, or towards a Telegram channel.
  • SWEED
https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla
{"Exfil Mode": "FTP", "Host": "ftp://ftp.elquijotebanquetes.com", "Username": "urchman@elquijotebanquetes.com", "Password": "-GN,s*KH{VEhPmo)+f"}
SourceRuleDescriptionAuthorStrings
00000002.00000002.3474966550.0000000002555000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
    00000002.00000002.3473775659.0000000000502000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
      00000002.00000002.3473775659.0000000000502000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
        00000000.00000002.2265088718.0000000004240000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
          00000000.00000002.2265088718.0000000004240000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
            Click to see the 8 entries
            SourceRuleDescriptionAuthorStrings
            0.2.Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exe.4240000.1.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
              0.2.Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exe.4240000.1.raw.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                0.2.Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exe.4240000.1.raw.unpackJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
                  0.2.Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exe.4240000.1.raw.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
                    0.2.Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exe.4240000.1.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
                      Click to see the 9 entries
                      No Sigma rule has matched
                      No Suricata rule has matched

                      Click to jump to signature section

                      Show All Signature Results

                      AV Detection

                      barindex
                      Source: 0.2.Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exe.4240000.1.raw.unpackMalware Configuration Extractor: Agenttesla {"Exfil Mode": "FTP", "Host": "ftp://ftp.elquijotebanquetes.com", "Username": "urchman@elquijotebanquetes.com", "Password": "-GN,s*KH{VEhPmo)+f"}
                      Source: Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exeVirustotal: Detection: 31%Perma Link
                      Source: Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exeReversingLabs: Detection: 31%
                      Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                      Source: Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exeJoe Sandbox ML: detected
                      Source: Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                      Source: Binary string: wntdll.pdbUGP source: Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exe, 00000000.00000003.2262371854.0000000004560000.00000004.00001000.00020000.00000000.sdmp, Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exe, 00000000.00000003.2261403362.0000000004700000.00000004.00001000.00020000.00000000.sdmp
                      Source: Binary string: wntdll.pdb source: Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exe, 00000000.00000003.2262371854.0000000004560000.00000004.00001000.00020000.00000000.sdmp, Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exe, 00000000.00000003.2261403362.0000000004700000.00000004.00001000.00020000.00000000.sdmp
                      Source: C:\Users\user\Desktop\Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exeCode function: 0_2_00452126 FindFirstFileW,Sleep,FindNextFileW,FindClose,0_2_00452126
                      Source: C:\Users\user\Desktop\Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exeCode function: 0_2_0045C999 FindFirstFileW,FindNextFileW,FindClose,0_2_0045C999
                      Source: C:\Users\user\Desktop\Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exeCode function: 0_2_00436ADE GetFileAttributesW,FindFirstFileW,FindClose,0_2_00436ADE
                      Source: C:\Users\user\Desktop\Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exeCode function: 0_2_00434BEE FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00434BEE
                      Source: C:\Users\user\Desktop\Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exeCode function: 0_2_0045DD7C FindFirstFileW,FindClose,0_2_0045DD7C
                      Source: C:\Users\user\Desktop\Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exeCode function: 0_2_0044BD29 _wcscat,_wcscat,__wsplitpath,FindFirstFileW,CopyFileW,_wcscpy,_wcscat,_wcscat,lstrcmpiW,DeleteFileW,MoveFileW,CopyFileW,DeleteFileW,CopyFileW,FindClose,MoveFileW,FindNextFileW,FindClose,0_2_0044BD29
                      Source: C:\Users\user\Desktop\Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exeCode function: 0_2_00436D2D FindFirstFileW,CreateFileW,SetFileTime,CloseHandle,SetFileTime,CloseHandle,0_2_00436D2D
                      Source: C:\Users\user\Desktop\Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exeCode function: 0_2_00442E1F SetCurrentDirectoryW,FindFirstFileW,SetCurrentDirectoryW,FindFirstFileW,FindNextFileW,FindClose,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00442E1F
                      Source: C:\Users\user\Desktop\Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exeCode function: 0_2_00475FE5 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,0_2_00475FE5
                      Source: C:\Users\user\Desktop\Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exeCode function: 0_2_0044BF8D _wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_0044BF8D

                      Networking

                      barindex
                      Source: Yara matchFile source: 0.2.Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exe.4240000.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.2.RegSvcs.exe.500000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000000.00000002.2265088718.0000000004240000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: global trafficHTTP traffic detected: GET /line/?fields=hosting HTTP/1.1Host: ip-api.comConnection: Keep-Alive
                      Source: Joe Sandbox ViewIP Address: 208.95.112.1 208.95.112.1
                      Source: Joe Sandbox ViewASN Name: TUT-ASUS TUT-ASUS
                      Source: unknownDNS query: name: ip-api.com
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: C:\Users\user\Desktop\Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exeCode function: 0_2_0044289D InternetQueryDataAvailable,InternetReadFile,0_2_0044289D
                      Source: global trafficHTTP traffic detected: GET /line/?fields=hosting HTTP/1.1Host: ip-api.comConnection: Keep-Alive
                      Source: global trafficDNS traffic detected: DNS query: ip-api.com
                      Source: global trafficDNS traffic detected: DNS query: 198.187.3.20.in-addr.arpa
                      Source: RegSvcs.exe, 00000002.00000002.3474966550.0000000002606000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.3474966550.00000000025EC000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.3474966550.0000000002521000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ip-api.com
                      Source: Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exe, 00000000.00000002.2265088718.0000000004240000.00000004.00001000.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.3474966550.00000000025EC000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.3473775659.0000000000502000.00000040.80000000.00040000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.3474966550.0000000002521000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ip-api.com/line/?fields=hosting
                      Source: RegSvcs.exe, 00000002.00000002.3474966550.00000000025EC000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.3474966550.0000000002521000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                      Source: Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exe, 00000000.00000002.2265088718.0000000004240000.00000004.00001000.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.3473775659.0000000000502000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: https://account.dyn.com/

                      Key, Mouse, Clipboard, Microphone and Screen Capturing

                      barindex
                      Source: 0.2.Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exe.4240000.1.raw.unpack, umlRMRbjNqD.cs.Net Code: HekSQQsMT
                      Source: C:\Users\user\Desktop\Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exeCode function: 0_2_0046C5D0 OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,0_2_0046C5D0
                      Source: C:\Users\user\Desktop\Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exeCode function: 0_2_00459FFF OpenClipboard,EmptyClipboard,CloseClipboard,GlobalAlloc,GlobalLock,_wcscpy,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,0_2_00459FFF
                      Source: C:\Users\user\Desktop\Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exeCode function: 0_2_0046C5D0 OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,0_2_0046C5D0
                      Source: C:\Users\user\Desktop\Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exeCode function: 0_2_00456354 GetCursorPos,ScreenToClient,GetAsyncKeyState,GetAsyncKeyState,GetAsyncKeyState,GetWindowLongW,0_2_00456354
                      Source: C:\Users\user\Desktop\Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exeCode function: 0_2_0047C08E SendMessageW,DefDlgProcW,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,GetWindowLongW,SendMessageW,SendMessageW,SendMessageW,_wcsncpy,SendMessageW,SendMessageW,SendMessageW,InvalidateRect,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,0_2_0047C08E

                      System Summary

                      barindex
                      Source: 0.2.Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exe.4240000.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                      Source: 0.2.Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exe.4240000.1.raw.unpack, type: UNPACKEDPEMatched rule: AgenetTesla Type 2 Keylogger payload Author: ditekSHen
                      Source: 0.2.Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exe.4240000.1.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                      Source: 0.2.Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exe.4240000.1.unpack, type: UNPACKEDPEMatched rule: AgenetTesla Type 2 Keylogger payload Author: ditekSHen
                      Source: 2.2.RegSvcs.exe.500000.0.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                      Source: 2.2.RegSvcs.exe.500000.0.unpack, type: UNPACKEDPEMatched rule: AgenetTesla Type 2 Keylogger payload Author: ditekSHen
                      Source: 00000000.00000002.2265088718.0000000004240000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                      Source: 00000000.00000002.2265088718.0000000004240000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: AgenetTesla Type 2 Keylogger payload Author: ditekSHen
                      Source: C:\Users\user\Desktop\Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exeCode function: 0_2_00434D50: GetFullPathNameW,__swprintf,_wcslen,_wcslen,_wcslen,CreateDirectoryW,CreateFileW,_memset,_wcslen,_wcsncpy,DeviceIoControl,CloseHandle,RemoveDirectoryW,CloseHandle,0_2_00434D50
                      Source: C:\Users\user\Desktop\Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exeCode function: 0_2_004461ED _memset,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,_wcsncpy,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,0_2_004461ED
                      Source: C:\Users\user\Desktop\Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exeCode function: 0_2_004364AA GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,SetSystemPowerState,0_2_004364AA
                      Source: C:\Users\user\Desktop\Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exeCode function: 0_2_00409A400_2_00409A40
                      Source: C:\Users\user\Desktop\Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exeCode function: 0_2_004120380_2_00412038
                      Source: C:\Users\user\Desktop\Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exeCode function: 0_2_004271610_2_00427161
                      Source: C:\Users\user\Desktop\Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exeCode function: 0_2_0047E1FA0_2_0047E1FA
                      Source: C:\Users\user\Desktop\Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exeCode function: 0_2_004212BE0_2_004212BE
                      Source: C:\Users\user\Desktop\Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exeCode function: 0_2_004433900_2_00443390
                      Source: C:\Users\user\Desktop\Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exeCode function: 0_2_004433910_2_00443391
                      Source: C:\Users\user\Desktop\Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exeCode function: 0_2_0041A46B0_2_0041A46B
                      Source: C:\Users\user\Desktop\Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exeCode function: 0_2_0041240C0_2_0041240C
                      Source: C:\Users\user\Desktop\Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exeCode function: 0_2_004465660_2_00446566
                      Source: C:\Users\user\Desktop\Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exeCode function: 0_2_004045E00_2_004045E0
                      Source: C:\Users\user\Desktop\Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exeCode function: 0_2_0041D7500_2_0041D750
                      Source: C:\Users\user\Desktop\Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exeCode function: 0_2_004037E00_2_004037E0
                      Source: C:\Users\user\Desktop\Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exeCode function: 0_2_004278590_2_00427859
                      Source: C:\Users\user\Desktop\Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exeCode function: 0_2_004128180_2_00412818
                      Source: C:\Users\user\Desktop\Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exeCode function: 0_2_0040F8900_2_0040F890
                      Source: C:\Users\user\Desktop\Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exeCode function: 0_2_0042397B0_2_0042397B
                      Source: C:\Users\user\Desktop\Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exeCode function: 0_2_00411B630_2_00411B63
                      Source: C:\Users\user\Desktop\Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exeCode function: 0_2_0047CBF00_2_0047CBF0
                      Source: C:\Users\user\Desktop\Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exeCode function: 0_2_0044EBBC0_2_0044EBBC
                      Source: C:\Users\user\Desktop\Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exeCode function: 0_2_00412C380_2_00412C38
                      Source: C:\Users\user\Desktop\Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exeCode function: 0_2_0044ED9A0_2_0044ED9A
                      Source: C:\Users\user\Desktop\Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exeCode function: 0_2_00423EBF0_2_00423EBF
                      Source: C:\Users\user\Desktop\Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exeCode function: 0_2_00424F700_2_00424F70
                      Source: C:\Users\user\Desktop\Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exeCode function: 0_2_0041AF0D0_2_0041AF0D
                      Source: C:\Users\user\Desktop\Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exeCode function: 0_2_03F146180_2_03F14618
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_0098A6E82_2_0098A6E8
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_0098D9602_2_0098D960
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_00984A882_2_00984A88
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_00983E702_2_00983E70
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_009841B82_2_009841B8
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_050D25882_2_050D2588
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_050D36402_2_050D3640
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_050D13D82_2_050D13D8
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_050D3D282_2_050D3D28
                      Source: C:\Users\user\Desktop\Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exeCode function: String function: 00445975 appears 65 times
                      Source: C:\Users\user\Desktop\Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exeCode function: String function: 0041171A appears 37 times
                      Source: C:\Users\user\Desktop\Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exeCode function: String function: 0041718C appears 45 times
                      Source: C:\Users\user\Desktop\Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exeCode function: String function: 0040E6D0 appears 35 times
                      Source: Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exe, 00000000.00000003.2262518295.000000000482D000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exe
                      Source: Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exe, 00000000.00000003.2261652315.0000000004683000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exe
                      Source: Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exe, 00000000.00000002.2265088718.0000000004240000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilename07823960-0dbd-43bb-aade-b6626acc7f4a.exe0 vs Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exe
                      Source: Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                      Source: 0.2.Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exe.4240000.1.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                      Source: 0.2.Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exe.4240000.1.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AgentTeslaV2 author = ditekSHen, description = AgenetTesla Type 2 Keylogger payload
                      Source: 0.2.Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exe.4240000.1.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                      Source: 0.2.Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exe.4240000.1.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AgentTeslaV2 author = ditekSHen, description = AgenetTesla Type 2 Keylogger payload
                      Source: 2.2.RegSvcs.exe.500000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                      Source: 2.2.RegSvcs.exe.500000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AgentTeslaV2 author = ditekSHen, description = AgenetTesla Type 2 Keylogger payload
                      Source: 00000000.00000002.2265088718.0000000004240000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                      Source: 00000000.00000002.2265088718.0000000004240000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_AgentTeslaV2 author = ditekSHen, description = AgenetTesla Type 2 Keylogger payload
                      Source: 0.2.Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exe.4240000.1.raw.unpack, v9Lsz.csCryptographic APIs: 'TransformFinalBlock'
                      Source: 0.2.Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exe.4240000.1.raw.unpack, VFo.csCryptographic APIs: 'TransformFinalBlock'
                      Source: 0.2.Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exe.4240000.1.raw.unpack, 5FJ0H20tobu.csCryptographic APIs: 'TransformFinalBlock'
                      Source: 0.2.Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exe.4240000.1.raw.unpack, NtdoTGO.csCryptographic APIs: 'TransformFinalBlock'
                      Source: 0.2.Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exe.4240000.1.raw.unpack, XBsYgp.csCryptographic APIs: 'CreateDecryptor', 'TransformBlock'
                      Source: 0.2.Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exe.4240000.1.raw.unpack, AwxUa2Na.csCryptographic APIs: 'CreateDecryptor'
                      Source: 0.2.Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exe.4240000.1.raw.unpack, 19C9FfZ.csCryptographic APIs: 'TransformFinalBlock'
                      Source: 0.2.Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exe.4240000.1.raw.unpack, 19C9FfZ.csCryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
                      Source: 0.2.Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exe.4240000.1.raw.unpack, soCD8XkwU.csCryptographic APIs: 'TransformFinalBlock'
                      Source: 0.2.Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exe.4240000.1.raw.unpack, soCD8XkwU.csCryptographic APIs: 'TransformFinalBlock'
                      Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@3/1@2/1
                      Source: C:\Users\user\Desktop\Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exeCode function: 0_2_0044AF5C GetLastError,FormatMessageW,0_2_0044AF5C
                      Source: C:\Users\user\Desktop\Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exeCode function: 0_2_00464422 OpenProcess,GetLastError,GetLastError,GetCurrentThread,OpenThreadToken,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,AdjustTokenPrivileges,GetLastError,OpenProcess,AdjustTokenPrivileges,CloseHandle,TerminateProcess,GetLastError,CloseHandle,0_2_00464422
                      Source: C:\Users\user\Desktop\Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exeCode function: 0_2_004364AA GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,SetSystemPowerState,0_2_004364AA
                      Source: C:\Users\user\Desktop\Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exeCode function: 0_2_0045D517 SetErrorMode,GetDiskFreeSpaceW,GetLastError,SetErrorMode,0_2_0045D517
                      Source: C:\Users\user\Desktop\Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exeCode function: 0_2_0043701F CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,__wsplitpath,_wcscat,__wcsicoll,CloseHandle,0_2_0043701F
                      Source: C:\Users\user\Desktop\Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exeCode function: 0_2_0047A999 OleInitialize,CLSIDFromProgID,CoCreateInstance,CoInitializeSecurity,_memset,_wcslen,_memset,CoCreateInstanceEx,CoSetProxyBlanket,0_2_0047A999
                      Source: C:\Users\user\Desktop\Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exeCode function: 0_2_0043614F __swprintf,__swprintf,__wcsicoll,FindResourceW,LoadResource,LockResource,FindResourceW,LoadResource,SizeofResource,LockResource,CreateIconFromResourceEx,0_2_0043614F
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeMutant created: NULL
                      Source: C:\Users\user\Desktop\Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exeFile created: C:\Users\user\AppData\Local\Temp\resharpenJump to behavior
                      Source: Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Users\user\Desktop\Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exeFile read: C:\Users\desktop.iniJump to behavior
                      Source: C:\Users\user\Desktop\Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                      Source: RegSvcs.exe, 00000002.00000002.3474966550.0000000002636000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.3474966550.0000000002623000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                      Source: Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exeVirustotal: Detection: 31%
                      Source: Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exeReversingLabs: Detection: 31%
                      Source: C:\Users\user\Desktop\Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exeFile read: C:\Users\user\Desktop\Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exeJump to behavior
                      Source: unknownProcess created: C:\Users\user\Desktop\Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exe "C:\Users\user\Desktop\Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exe"
                      Source: C:\Users\user\Desktop\Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe "C:\Users\user\Desktop\Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exe"
                      Source: C:\Users\user\Desktop\Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe "C:\Users\user\Desktop\Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exe"Jump to behavior
                      Source: C:\Users\user\Desktop\Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exeSection loaded: apphelp.dllJump to behavior
                      Source: C:\Users\user\Desktop\Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exeSection loaded: wsock32.dllJump to behavior
                      Source: C:\Users\user\Desktop\Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exeSection loaded: version.dllJump to behavior
                      Source: C:\Users\user\Desktop\Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exeSection loaded: winmm.dllJump to behavior
                      Source: C:\Users\user\Desktop\Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exeSection loaded: mpr.dllJump to behavior
                      Source: C:\Users\user\Desktop\Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exeSection loaded: wininet.dllJump to behavior
                      Source: C:\Users\user\Desktop\Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Users\user\Desktop\Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Users\user\Desktop\Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Users\user\Desktop\Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Users\user\Desktop\Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Users\user\Desktop\Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Outlook\ProfilesJump to behavior
                      Source: Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exeStatic file information: File size 1155483 > 1048576
                      Source: Binary string: wntdll.pdbUGP source: Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exe, 00000000.00000003.2262371854.0000000004560000.00000004.00001000.00020000.00000000.sdmp, Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exe, 00000000.00000003.2261403362.0000000004700000.00000004.00001000.00020000.00000000.sdmp
                      Source: Binary string: wntdll.pdb source: Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exe, 00000000.00000003.2262371854.0000000004560000.00000004.00001000.00020000.00000000.sdmp, Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exe, 00000000.00000003.2261403362.0000000004700000.00000004.00001000.00020000.00000000.sdmp
                      Source: C:\Users\user\Desktop\Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exeCode function: 0_2_0040EB70 LoadLibraryA,GetProcAddress,0_2_0040EB70
                      Source: Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exeStatic PE information: real checksum: 0xa2135 should be: 0x129606
                      Source: C:\Users\user\Desktop\Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exeCode function: 0_2_004171D1 push ecx; ret 0_2_004171E4
                      Source: C:\Users\user\Desktop\Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exeFile created: \aviso de cuenta vencida de dhl - 1606622076_865764325678976645423546567678967564423567890008765.exe
                      Source: C:\Users\user\Desktop\Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exeFile created: \aviso de cuenta vencida de dhl - 1606622076_865764325678976645423546567678967564423567890008765.exeJump to behavior
                      Source: C:\Users\user\Desktop\Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exeCode function: 0_2_004772DE IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,0_2_004772DE
                      Source: C:\Users\user\Desktop\Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exeCode function: 0_2_004375B0 GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,0_2_004375B0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                      Malware Analysis System Evasion

                      barindex
                      Source: Yara matchFile source: Process Memory Space: Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exe PID: 7316, type: MEMORYSTR
                      Source: global trafficHTTP traffic detected: GET /line/?fields=hosting HTTP/1.1Host: ip-api.comConnection: Keep-Alive
                      Source: C:\Users\user\Desktop\Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exeCode function: 0_2_004440780_2_00444078
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                      Source: C:\Users\user\Desktop\Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exeAPI/Special instruction interceptor: Address: 3F1423C
                      Source: Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exe, 00000000.00000002.2265088718.0000000004240000.00000004.00001000.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.3474966550.0000000002606000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.3474966550.0000000002555000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.3473775659.0000000000502000.00000040.80000000.00040000.00000000.sdmpBinary or memory string: SBIEDLL.DLL
                      Source: C:\Users\user\Desktop\Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exeAPI coverage: 3.1 %
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Users\user\Desktop\Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exeCode function: 0_2_00452126 FindFirstFileW,Sleep,FindNextFileW,FindClose,0_2_00452126
                      Source: C:\Users\user\Desktop\Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exeCode function: 0_2_0045C999 FindFirstFileW,FindNextFileW,FindClose,0_2_0045C999
                      Source: C:\Users\user\Desktop\Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exeCode function: 0_2_00436ADE GetFileAttributesW,FindFirstFileW,FindClose,0_2_00436ADE
                      Source: C:\Users\user\Desktop\Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exeCode function: 0_2_00434BEE FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00434BEE
                      Source: C:\Users\user\Desktop\Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exeCode function: 0_2_0045DD7C FindFirstFileW,FindClose,0_2_0045DD7C
                      Source: C:\Users\user\Desktop\Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exeCode function: 0_2_0044BD29 _wcscat,_wcscat,__wsplitpath,FindFirstFileW,CopyFileW,_wcscpy,_wcscat,_wcscat,lstrcmpiW,DeleteFileW,MoveFileW,CopyFileW,DeleteFileW,CopyFileW,FindClose,MoveFileW,FindNextFileW,FindClose,0_2_0044BD29
                      Source: C:\Users\user\Desktop\Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exeCode function: 0_2_00436D2D FindFirstFileW,CreateFileW,SetFileTime,CloseHandle,SetFileTime,CloseHandle,0_2_00436D2D
                      Source: C:\Users\user\Desktop\Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exeCode function: 0_2_00442E1F SetCurrentDirectoryW,FindFirstFileW,SetCurrentDirectoryW,FindFirstFileW,FindNextFileW,FindClose,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00442E1F
                      Source: C:\Users\user\Desktop\Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exeCode function: 0_2_00475FE5 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,0_2_00475FE5
                      Source: C:\Users\user\Desktop\Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exeCode function: 0_2_0044BF8D _wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_0044BF8D
                      Source: C:\Users\user\Desktop\Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exeCode function: 0_2_0040E470 GetVersionExW,GetCurrentProcess,FreeLibrary,GetNativeSystemInfo,FreeLibrary,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_0040E470
                      Source: RegSvcs.exe, 00000002.00000002.3474966550.0000000002555000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware
                      Source: RegSvcs.exe, 00000002.00000002.3473775659.0000000000502000.00000040.80000000.00040000.00000000.sdmpBinary or memory string: vmware
                      Source: Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exe, 00000000.00000002.2263570035.0000000000C8E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\\?\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\
                      Source: RegSvcs.exe, 00000002.00000002.3473775659.0000000000502000.00000040.80000000.00040000.00000000.sdmpBinary or memory string: VMwareVBox
                      Source: RegSvcs.exe, 00000002.00000002.3475825077.00000000057C6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

                      Anti Debugging

                      barindex
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 2_2_00987078 CheckRemoteDebuggerPresent,2_2_00987078
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess queried: DebugPortJump to behavior
                      Source: C:\Users\user\Desktop\Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exeCode function: 0_2_0045A259 BlockInput,0_2_0045A259
                      Source: C:\Users\user\Desktop\Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exeCode function: 0_2_0040D6D0 GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetModuleFileNameW,GetForegroundWindow,ShellExecuteW,GetForegroundWindow,ShellExecuteW,0_2_0040D6D0
                      Source: C:\Users\user\Desktop\Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exeCode function: 0_2_0040EB70 LoadLibraryA,GetProcAddress,0_2_0040EB70
                      Source: C:\Users\user\Desktop\Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exeCode function: 0_2_03F14508 mov eax, dword ptr fs:[00000030h]0_2_03F14508
                      Source: C:\Users\user\Desktop\Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exeCode function: 0_2_03F144A8 mov eax, dword ptr fs:[00000030h]0_2_03F144A8
                      Source: C:\Users\user\Desktop\Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exeCode function: 0_2_03F12E78 mov eax, dword ptr fs:[00000030h]0_2_03F12E78
                      Source: C:\Users\user\Desktop\Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exeCode function: 0_2_00426DA1 CreateFileW,__lseeki64_nolock,__lseeki64_nolock,GetProcessHeap,HeapAlloc,__setmode_nolock,__write_nolock,__setmode_nolock,GetProcessHeap,HeapFree,__lseeki64_nolock,SetEndOfFile,GetLastError,__lseeki64_nolock,0_2_00426DA1
                      Source: C:\Users\user\Desktop\Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exeCode function: 0_2_0042202E SetUnhandledExceptionFilter,0_2_0042202E
                      Source: C:\Users\user\Desktop\Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exeCode function: 0_2_004230F5 __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_004230F5
                      Source: C:\Users\user\Desktop\Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exeCode function: 0_2_00417D93 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00417D93
                      Source: C:\Users\user\Desktop\Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exeCode function: 0_2_00421FA7 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00421FA7
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeMemory allocated: page read and write | page guardJump to behavior

                      HIPS / PFW / Operating System Protection Evasion

                      barindex
                      Source: C:\Users\user\Desktop\Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exeSection loaded: NULL target: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe protection: execute and read and writeJump to behavior
                      Source: C:\Users\user\Desktop\Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 3AF008Jump to behavior
                      Source: C:\Users\user\Desktop\Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exeCode function: 0_2_0043916A LogonUserW,0_2_0043916A
                      Source: C:\Users\user\Desktop\Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exeCode function: 0_2_0040D6D0 GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetModuleFileNameW,GetForegroundWindow,ShellExecuteW,GetForegroundWindow,ShellExecuteW,0_2_0040D6D0
                      Source: C:\Users\user\Desktop\Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exeCode function: 0_2_004375B0 GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,0_2_004375B0
                      Source: C:\Users\user\Desktop\Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exeCode function: 0_2_00436431 __wcsicoll,mouse_event,__wcsicoll,mouse_event,0_2_00436431
                      Source: C:\Users\user\Desktop\Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe "C:\Users\user\Desktop\Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exe"Jump to behavior
                      Source: C:\Users\user\Desktop\Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exeCode function: 0_2_00445DD3 GetSecurityDescriptorDacl,_memset,GetAclInformation,GetLengthSid,GetAce,AddAce,GetLengthSid,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,0_2_00445DD3
                      Source: Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exeBinary or memory string: Shell_TrayWnd
                      Source: Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exeBinary or memory string: @3PDASCRWINUPRWINDOWNLWINUPLWINDOWNSHIFTUPSHIFTDOWNALTUPALTDOWNCTRLUPCTRLDOWNMOUSE_XBUTTON2MOUSE_XBUTTON1MOUSE_MBUTTONMOUSE_RBUTTONMOUSE_LBUTTONLAUNCH_APP2LAUNCH_APP1LAUNCH_MEDIALAUNCH_MAILMEDIA_PLAY_PAUSEMEDIA_STOPMEDIA_PREVMEDIA_NEXTVOLUME_UPVOLUME_DOWNVOLUME_MUTEBROWSER_HOMEBROWSER_FAVORTIESBROWSER_SEARCHBROWSER_STOPBROWSER_REFRESHBROWSER_FORWARDBROWSER_BACKNUMPADENTERSLEEPRSHIFTLSHIFTRALTLALTRCTRLLCTRLAPPSKEYNUMPADDIVNUMPADDOTNUMPADSUBNUMPADADDNUMPADMULTNUMPAD9NUMPAD8NUMPAD7NUMPAD6NUMPAD5NUMPAD4NUMPAD3NUMPAD2NUMPAD1NUMPAD0CAPSLOCKPAUSEBREAKNUMLOCKSCROLLLOCKRWINLWINPRINTSCREENUPTABSPACERIGHTPGUPPGDNLEFTINSERTINSHOMEF12F11F10F9F8F7F6F5F4F3F2F1ESCAPEESCENTERENDDOWNDELETEDELBSBACKSPACEALTONOFF0%d%dShell_TrayWndExitScript Pausedblankinfoquestionstopwarning
                      Source: C:\Users\user\Desktop\Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exeCode function: 0_2_00410D10 cpuid 0_2_00410D10
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exeCode function: 0_2_004223BC GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,0_2_004223BC
                      Source: C:\Users\user\Desktop\Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exeCode function: 0_2_004711D2 GetUserNameW,0_2_004711D2
                      Source: C:\Users\user\Desktop\Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exeCode function: 0_2_0040E470 GetVersionExW,GetCurrentProcess,FreeLibrary,GetNativeSystemInfo,FreeLibrary,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_0040E470
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                      Stealing of Sensitive Information

                      barindex
                      Source: Yara matchFile source: 0.2.Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exe.4240000.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exe.4240000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.2.RegSvcs.exe.500000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000002.00000002.3473775659.0000000000502000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.2265088718.0000000004240000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exe PID: 7316, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: RegSvcs.exe PID: 7468, type: MEMORYSTR
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile opened: C:\Users\user\AppData\Roaming\NETGATE Technologies\BlackHawk\profiles.iniJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile opened: C:\Users\user\AppData\Roaming\8pecxstudios\Cyberfox\profiles.iniJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\ProfilesJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\IdentitiesJump to behavior
                      Source: Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exeBinary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPWIN_2000InstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\Appearance3, 3, 6, 0USERPROFILEUSERDOMAINUSERDNSDOMAINDefaultGetSystemWow64DirectoryWSeDebugPrivilege:cdeclwinapistdcallnonestrwstrintbooluintlongulongdwordshortushortwordbyteubytebooleanfloatdoubleptrhwndhandlelresultlparamwparamint64uint64int_ptruint_ptrlong_ptrulong_ptrdword_ptridispatch64HKEY_LOCAL_MACHINEHKLMHKEY_CLASSES_ROOTHKCRHKEY_CURRENT_CONFIGHKCCHKEY_CURRENT_USERHKCUHKEY_USERSHKUREG_EXPAND_SZREG_SZREG_MULTI_SZREG_DWORDREG_QWORDREG_BINARYadvapi32.dllRegDeleteKeyExW+.-.+-\\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs]ISVISIBLEISENABLEDTABLEFTTABRIGHTCURRENTTABSHOWDROPDOWNHIDEDROPDOWNADDSTRINGDELSTRINGFINDSTRINGSETCURRENTSELECTIONGETCURRENTSELECTIONSELECTSTRINGISCHECKEDCHECKUNCHECKGETSELECTEDGETLINECOUNTGETCURRENTLINEGETCURRENTCOLEDITPASTEGETLINESENDCOMMANDIDGETITEMCOUNTGETSUBITEMCOUNTGETTEXTGETSELECTEDCOUNTISSELECTEDSELECTALLSELECTCLEARSELECTINVERTDESELECTFINDITEMVIEWCHANGEGETTOTALCOUNTCOLLAPSEEXISTSEXPANDmsctls_statusbar321tooltips_class32AutoIt v3 GUI%d/%02d/%02dbuttonComboboxListboxSysDateTimePick32SysMonthCal32.icl.exe.dllMsctls_Progress32msctls_trackbar32SysAnimate32msctls_updown32SysTabControl32SysTreeView32SysListView32-----
                      Source: Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exeBinary or memory string: WIN_XP
                      Source: Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exeBinary or memory string: WIN_XPe
                      Source: Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exeBinary or memory string: WIN_VISTA
                      Source: Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exeBinary or memory string: WIN_7
                      Source: Yara matchFile source: 0.2.Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exe.4240000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exe.4240000.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.2.RegSvcs.exe.500000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000002.00000002.3474966550.0000000002555000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000002.00000002.3473775659.0000000000502000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.2265088718.0000000004240000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exe PID: 7316, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: RegSvcs.exe PID: 7468, type: MEMORYSTR

                      Remote Access Functionality

                      barindex
                      Source: Yara matchFile source: 0.2.Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exe.4240000.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exe.4240000.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 2.2.RegSvcs.exe.500000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000002.00000002.3473775659.0000000000502000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.2265088718.0000000004240000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exe PID: 7316, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: RegSvcs.exe PID: 7468, type: MEMORYSTR
                      Source: C:\Users\user\Desktop\Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exeCode function: 0_2_004741BB socket,WSAGetLastError,bind,WSAGetLastError,closesocket,0_2_004741BB
                      Source: C:\Users\user\Desktop\Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exeCode function: 0_2_0046483C socket,WSAGetLastError,bind,WSAGetLastError,listen,WSAGetLastError,closesocket,0_2_0046483C
                      Source: C:\Users\user\Desktop\Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exeCode function: 0_2_0047AD92 OleInitialize,_wcslen,CreateBindCtx,MkParseDisplayName,CLSIDFromProgID,GetActiveObject,0_2_0047AD92
                      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                      Gather Victim Identity InformationAcquire Infrastructure2
                      Valid Accounts
                      221
                      Windows Management Instrumentation
                      1
                      DLL Side-Loading
                      1
                      Exploitation for Privilege Escalation
                      11
                      Disable or Modify Tools
                      1
                      OS Credential Dumping
                      1
                      System Time Discovery
                      Remote Services11
                      Archive Collected Data
                      2
                      Ingress Tool Transfer
                      Exfiltration Over Other Network Medium1
                      System Shutdown/Reboot
                      CredentialsDomainsDefault Accounts1
                      Native API
                      2
                      Valid Accounts
                      1
                      DLL Side-Loading
                      11
                      Deobfuscate/Decode Files or Information
                      121
                      Input Capture
                      1
                      Account Discovery
                      Remote Desktop Protocol1
                      Data from Local System
                      1
                      Encrypted Channel
                      Exfiltration Over BluetoothNetwork Denial of Service
                      Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)2
                      Valid Accounts
                      2
                      Obfuscated Files or Information
                      Security Account Manager2
                      File and Directory Discovery
                      SMB/Windows Admin Shares1
                      Email Collection
                      2
                      Non-Application Layer Protocol
                      Automated ExfiltrationData Encrypted for Impact
                      Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook21
                      Access Token Manipulation
                      1
                      DLL Side-Loading
                      NTDS138
                      System Information Discovery
                      Distributed Component Object Model121
                      Input Capture
                      2
                      Application Layer Protocol
                      Traffic DuplicationData Destruction
                      Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script212
                      Process Injection
                      2
                      Valid Accounts
                      LSA Secrets741
                      Security Software Discovery
                      SSH3
                      Clipboard Data
                      Fallback ChannelsScheduled TransferData Encrypted for Impact
                      Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts22
                      Virtualization/Sandbox Evasion
                      Cached Domain Credentials22
                      Virtualization/Sandbox Evasion
                      VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                      DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items21
                      Access Token Manipulation
                      DCSync2
                      Process Discovery
                      Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                      Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job212
                      Process Injection
                      Proc Filesystem1
                      Application Window Discovery
                      Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                      Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAtHTML Smuggling/etc/passwd and /etc/shadow1
                      System Owner/User Discovery
                      Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                      IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCronDynamic API ResolutionNetwork Sniffing1
                      System Network Configuration Discovery
                      Shared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
                      Hide Legend

                      Legend:

                      • Process
                      • Signature
                      • Created File
                      • DNS/IP Info
                      • Is Dropped
                      • Is Windows Process
                      • Number of created Registry Values
                      • Number of created Files
                      • Visual Basic
                      • Delphi
                      • Java
                      • .Net C# or VB.NET
                      • C, C++ or other language
                      • Is malicious
                      • Internet

                      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                      windows-stand
                      SourceDetectionScannerLabelLink
                      Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exe32%VirustotalBrowse
                      Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exe32%ReversingLabsWin32.Trojan.GenSteal
                      Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exe100%Joe Sandbox ML
                      No Antivirus matches
                      No Antivirus matches
                      SourceDetectionScannerLabelLink
                      ip-api.com0%VirustotalBrowse
                      198.187.3.20.in-addr.arpa1%VirustotalBrowse
                      SourceDetectionScannerLabelLink
                      https://account.dyn.com/0%URL Reputationsafe
                      http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
                      http://ip-api.com/line/?fields=hosting0%URL Reputationsafe
                      http://ip-api.com0%URL Reputationsafe
                      NameIPActiveMaliciousAntivirus DetectionReputation
                      ip-api.com
                      208.95.112.1
                      truetrueunknown
                      198.187.3.20.in-addr.arpa
                      unknown
                      unknownfalseunknown
                      NameMaliciousAntivirus DetectionReputation
                      http://ip-api.com/line/?fields=hostingfalse
                      • URL Reputation: safe
                      unknown
                      NameSourceMaliciousAntivirus DetectionReputation
                      https://account.dyn.com/Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exe, 00000000.00000002.2265088718.0000000004240000.00000004.00001000.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.3473775659.0000000000502000.00000040.80000000.00040000.00000000.sdmpfalse
                      • URL Reputation: safe
                      unknown
                      http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameRegSvcs.exe, 00000002.00000002.3474966550.00000000025EC000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.3474966550.0000000002521000.00000004.00000800.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      unknown
                      http://ip-api.comRegSvcs.exe, 00000002.00000002.3474966550.0000000002606000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.3474966550.00000000025EC000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000002.00000002.3474966550.0000000002521000.00000004.00000800.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      unknown
                      • No. of IPs < 25%
                      • 25% < No. of IPs < 50%
                      • 50% < No. of IPs < 75%
                      • 75% < No. of IPs
                      IPDomainCountryFlagASNASN NameMalicious
                      208.95.112.1
                      ip-api.comUnited States
                      53334TUT-ASUStrue
                      Joe Sandbox version:41.0.0 Charoite
                      Analysis ID:1525542
                      Start date and time:2024-10-04 11:19:10 +02:00
                      Joe Sandbox product:CloudBasic
                      Overall analysis duration:0h 5m 46s
                      Hypervisor based Inspection enabled:false
                      Report type:full
                      Cookbook file name:default.jbs
                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                      Number of analysed new started processes analysed:5
                      Number of new started drivers analysed:0
                      Number of existing processes analysed:0
                      Number of existing drivers analysed:0
                      Number of injected processes analysed:0
                      Technologies:
                      • HCA enabled
                      • EGA enabled
                      • AMSI enabled
                      Analysis Mode:default
                      Analysis stop reason:Timeout
                      Sample name:Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exe
                      Detection:MAL
                      Classification:mal100.troj.spyw.evad.winEXE@3/1@2/1
                      EGA Information:
                      • Successful, ratio: 100%
                      HCA Information:
                      • Successful, ratio: 100%
                      • Number of executed functions: 40
                      • Number of non-executed functions: 311
                      Cookbook Comments:
                      • Found application associated with file extension: .exe
                      • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
                      • Excluded domains from analysis (whitelisted): client.wns.windows.com, ocsp.digicert.com, otelrules.azureedge.net, login.live.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                      • Report size exceeded maximum capacity and may have missing disassembly code.
                      • Report size getting too big, too many NtQueryValueKey calls found.
                      No simulations
                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                      208.95.112.1enigma.tech.exeGet hashmaliciousBlank GrabberBrowse
                      • ip-api.com/json/?fields=225545
                      POP.jsGet hashmaliciousWSHRATBrowse
                      • ip-api.com/json/
                      gp4uQBDTP8.exeGet hashmaliciousXehook StealerBrowse
                      • ip-api.com/json/?fields=11827
                      dNNMgwxY4f.exeGet hashmaliciousXehook StealerBrowse
                      • ip-api.com/json/?fields=11827
                      kUiqbpzmbo.exeGet hashmaliciousXWormBrowse
                      • ip-api.com/line/?fields=hosting
                      uidiscord.exeGet hashmaliciousAsyncRAT, XWormBrowse
                      • ip-api.com/line/?fields=hosting
                      mitec_purchase_order_PDF (1).vbsGet hashmaliciousPXRECVOWEIWOEI StealerBrowse
                      • ip-api.com/line/?fields=hosting
                      OXrZ6fj4Hq.exeGet hashmaliciousNeshta, Oski Stealer, StormKitty, SugarDump, Vidar, XWormBrowse
                      • ip-api.com/line/?fields=hosting
                      grace.exeGet hashmaliciousAgentTeslaBrowse
                      • ip-api.com/line/?fields=hosting
                      QfgwKK1Di6.exeGet hashmaliciousXWormBrowse
                      • ip-api.com/line/?fields=hosting
                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                      ip-api.comenigma.tech.exeGet hashmaliciousBlank GrabberBrowse
                      • 208.95.112.1
                      POP.jsGet hashmaliciousWSHRATBrowse
                      • 208.95.112.1
                      gp4uQBDTP8.exeGet hashmaliciousXehook StealerBrowse
                      • 208.95.112.1
                      dNNMgwxY4f.exeGet hashmaliciousXehook StealerBrowse
                      • 208.95.112.1
                      kUiqbpzmbo.exeGet hashmaliciousXWormBrowse
                      • 208.95.112.1
                      uidiscord.exeGet hashmaliciousAsyncRAT, XWormBrowse
                      • 208.95.112.1
                      mitec_purchase_order_PDF (1).vbsGet hashmaliciousPXRECVOWEIWOEI StealerBrowse
                      • 208.95.112.1
                      http://t1.global.clubavolta.com/r/?id=h53ebcb4b,29506a5f,2988ba3e&e=cDE9UkVEX0dMX0xveWFsdHlMYXVuY2hTb2x1cy1OT0NPTS1BTEwtMDExMDIwMjQtMV9YWCZwMj1kNzEwNWE1Zi00NjE3LWVmMTEtOWY4OS0wMDBkM2EyMmNlYTE&s=MLotNdk8aEH7W1636YhgxIdQC5od3UWYqTZw3tm9630Get hashmaliciousUnknownBrowse
                      • 51.77.64.70
                      OXrZ6fj4Hq.exeGet hashmaliciousNeshta, Oski Stealer, StormKitty, SugarDump, Vidar, XWormBrowse
                      • 208.95.112.1
                      grace.exeGet hashmaliciousAgentTeslaBrowse
                      • 208.95.112.1
                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                      TUT-ASUSenigma.tech.exeGet hashmaliciousBlank GrabberBrowse
                      • 208.95.112.1
                      POP.jsGet hashmaliciousWSHRATBrowse
                      • 208.95.112.1
                      gp4uQBDTP8.exeGet hashmaliciousXehook StealerBrowse
                      • 208.95.112.1
                      dNNMgwxY4f.exeGet hashmaliciousXehook StealerBrowse
                      • 208.95.112.1
                      kUiqbpzmbo.exeGet hashmaliciousXWormBrowse
                      • 208.95.112.1
                      uidiscord.exeGet hashmaliciousAsyncRAT, XWormBrowse
                      • 208.95.112.1
                      mitec_purchase_order_PDF (1).vbsGet hashmaliciousPXRECVOWEIWOEI StealerBrowse
                      • 208.95.112.1
                      OXrZ6fj4Hq.exeGet hashmaliciousNeshta, Oski Stealer, StormKitty, SugarDump, Vidar, XWormBrowse
                      • 208.95.112.1
                      grace.exeGet hashmaliciousAgentTeslaBrowse
                      • 208.95.112.1
                      QfgwKK1Di6.exeGet hashmaliciousXWormBrowse
                      • 208.95.112.1
                      No context
                      No context
                      Process:C:\Users\user\Desktop\Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exe
                      File Type:data
                      Category:dropped
                      Size (bytes):244736
                      Entropy (8bit):6.661595129398624
                      Encrypted:false
                      SSDEEP:6144:ZgZUtBM0lMUWCc9AO/ITKGOXQ/F9eV/qYYQhJC:DtBvpmWO/ITKw99eV/YQhQ
                      MD5:A7D68845182D6F261D2434DDCB102A26
                      SHA1:8F3E4705AE8F319366DDD22A72136AEE22F9760D
                      SHA-256:74DA8E72C601AA0D25200A1D85FCA023BED963B1A2AFC8BB5CC1B29238C7B825
                      SHA-512:4B0A5F4D6BCCC1E9E919D41EA54E4F5CF4A21F2C0BBF07C2FE0AC83E39127B86B237912F86078AD78BCA631705B389864894615CB3FA1C3DF294D8F7DE9A5EFB
                      Malicious:false
                      Reputation:low
                      Preview:...F502N@ZGO..IP.DBPLQF6p2NDZGOQVIPLDBPLQF602NDZGOQVIPLDBPLQ.602@[.IO._.q.E..m.._C.>65 =0;i3-*,?8q$S.@;*z.!q...l)-4).K;:.NDZGOQV..LD.QOQ...WNDZGOQVI.LFC[MZF6.1NDRGOQVIP.APLqF60.MDZG.QViPLD@PLUF602NDZCOQVIPLDBpHQF402NDZGMQ..PLTBP\QF60"NDJGOQVIP\DBPLQF602ND:.LQ.IPLD.SL.C602NDZGOQVIPLDBPLQF642BDZGOQVIPLDBPLQF602NDZGOQVIPLDBPLQF602NDZGOQVIPLDBPLQf60:NDZGOQVIPLDJpLQ.602NDZGOQVI~8!:$LQF..1NDzGOQ.JPLFBPLQF602NDZGOQvIP,j0#>2F60.KDZG.RVIVLDB.OQF602NDZGOQVI.LD.~>4*YS2NHZGOQVMPLFBPL.E602NDZGOQVIPL.BP.QF602NDZGOQVIPLD.OQF602.DZGMQSI..FB\{PF502NEZGIQVIPLDBPLQF602NDZGOQVIPLDBPLQF602NDZGOQVIPLDBPLQ[.....y.,hC2K.d.+.E.!..#..^.\.7P...K....}2I..I.Ct..X....;.RB6P....z0G H^cEaK;.R....qe6...@X.H...9}.8Ot.m...we....K.....=..'-=b06F\W`.;!.#?.R.EBPLQ........&)..}OK\d^)....pH?....2DBP(QF6B2ND;GOQ.IPL+BPL?F60LNDZ9OQV.PLD.PLQq602kDZG"QVItLDB.LQF.M=A..&"..PLDBPy...._.....f..z5...3~...*....T.._$.5.....>../..X.=Os..EQJUC476MHgI....qN@FUNVB5<.@....p.o.}.. ..a4.&GOQVIP.DB.LQF..2.DZG.Q.I..DBP.F.0.N...O
                      File type:PE32 executable (GUI) Intel 80386, for MS Windows
                      Entropy (8bit):7.393804979328512
                      TrID:
                      • Win32 Executable (generic) a (10002005/4) 95.11%
                      • AutoIt3 compiled script executable (510682/80) 4.86%
                      • Generic Win/DOS Executable (2004/3) 0.02%
                      • DOS Executable Generic (2002/1) 0.02%
                      • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                      File name:Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exe
                      File size:1'155'483 bytes
                      MD5:9ccb17aea35fa5197fcd4d56152c200d
                      SHA1:16818b455637cf8f15c0e6d93d24ea554f08071f
                      SHA256:50eae2b11320442a2ac89762a8bac816626850ac2563312a9b421d692fdd8ac2
                      SHA512:bc3123fc6b227a9eb5e108621d127a87c890dc0f9fb83f830c587f1b3bc38c652b1d812d19f820448dd7ada11b9b3d43a8174d383812b8b28ba74735b9d37b48
                      SSDEEP:24576:ffmMv6Ckr7Mny5QLAeERPmJV8ffbgqOF6veftgnWVE:f3v+7/5QLAUEnnagn9
                      TLSH:9B35E152B7D680B6D9A339B1297BE32BEB3575194323C4CBA7E02F778E211005B36761
                      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......-...i...i...i.....9.k...`.:.w...`.,.....`.+.P...N%..c...N%..H...i...d...`. ./...w.:.k...w.;.h...i.8.h...`.>.h...Richi..........
                      Icon Hash:1733312925935517
                      Entrypoint:0x416310
                      Entrypoint Section:.text
                      Digitally signed:false
                      Imagebase:0x400000
                      Subsystem:windows gui
                      Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                      DLL Characteristics:TERMINAL_SERVER_AWARE
                      Time Stamp:0x4B93CF87 [Sun Mar 7 16:08:39 2010 UTC]
                      TLS Callbacks:
                      CLR (.Net) Version:
                      OS Version Major:5
                      OS Version Minor:0
                      File Version Major:5
                      File Version Minor:0
                      Subsystem Version Major:5
                      Subsystem Version Minor:0
                      Import Hash:aaaa8913c89c8aa4a5d93f06853894da
                      Instruction
                      call 00007FC6D060A92Ch
                      jmp 00007FC6D05FE6FEh
                      int3
                      int3
                      int3
                      int3
                      int3
                      int3
                      push ebp
                      mov ebp, esp
                      push edi
                      push esi
                      mov esi, dword ptr [ebp+0Ch]
                      mov ecx, dword ptr [ebp+10h]
                      mov edi, dword ptr [ebp+08h]
                      mov eax, ecx
                      mov edx, ecx
                      add eax, esi
                      cmp edi, esi
                      jbe 00007FC6D05FE88Ah
                      cmp edi, eax
                      jc 00007FC6D05FEA2Ah
                      cmp ecx, 00000100h
                      jc 00007FC6D05FE8A1h
                      cmp dword ptr [004A94E0h], 00000000h
                      je 00007FC6D05FE898h
                      push edi
                      push esi
                      and edi, 0Fh
                      and esi, 0Fh
                      cmp edi, esi
                      pop esi
                      pop edi
                      jne 00007FC6D05FE88Ah
                      pop esi
                      pop edi
                      pop ebp
                      jmp 00007FC6D05FECEAh
                      test edi, 00000003h
                      jne 00007FC6D05FE897h
                      shr ecx, 02h
                      and edx, 03h
                      cmp ecx, 08h
                      jc 00007FC6D05FE8ACh
                      rep movsd
                      jmp dword ptr [00416494h+edx*4]
                      nop
                      mov eax, edi
                      mov edx, 00000003h
                      sub ecx, 04h
                      jc 00007FC6D05FE88Eh
                      and eax, 03h
                      add ecx, eax
                      jmp dword ptr [004163A8h+eax*4]
                      jmp dword ptr [004164A4h+ecx*4]
                      nop
                      jmp dword ptr [00416428h+ecx*4]
                      nop
                      mov eax, E4004163h
                      arpl word ptr [ecx+00h], ax
                      or byte ptr [ecx+eax*2+00h], ah
                      and edx, ecx
                      mov al, byte ptr [esi]
                      mov byte ptr [edi], al
                      mov al, byte ptr [esi+01h]
                      mov byte ptr [edi+01h], al
                      mov al, byte ptr [esi+02h]
                      shr ecx, 02h
                      mov byte ptr [edi+02h], al
                      add esi, 03h
                      add edi, 03h
                      cmp ecx, 08h
                      jc 00007FC6D05FE84Eh
                      Programming Language:
                      • [ASM] VS2008 SP1 build 30729
                      • [ C ] VS2008 SP1 build 30729
                      • [C++] VS2008 SP1 build 30729
                      • [ C ] VS2005 build 50727
                      • [IMP] VS2005 build 50727
                      • [ASM] VS2008 build 21022
                      • [RES] VS2008 build 21022
                      • [LNK] VS2008 SP1 build 30729
                      NameVirtual AddressVirtual Size Is in Section
                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                      IMAGE_DIRECTORY_ENTRY_IMPORT0x8cd3c0x154.rdata
                      IMAGE_DIRECTORY_ENTRY_RESOURCE0xab0000x9298.rsrc
                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                      IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                      IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                      IMAGE_DIRECTORY_ENTRY_IAT0x820000x840.rdata
                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                      NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                      .text0x10000x800170x802006c20c6bf686768b6f134f5bd508171bcFalse0.5602991615853659data6.634688230255595IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                      .rdata0x820000xd95c0xda00f979966509a93083729d23cdfd2a6f2dFalse0.36256450688073394data4.880040824124099IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                      .data0x900000x1a5180x6800e5d77411f751d28c6eee48a743606795False0.1600060096153846data2.2017649896261107IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                      .rsrc0xab0000x92980x9400f6be76de0ef2c68f397158bf01bdef3eFalse0.4896801097972973data5.530303089784181IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                      NameRVASizeTypeLanguageCountryZLIB Complexity
                      RT_ICON0xab5c80x128Device independent bitmap graphic, 16 x 32 x 4, image size 128, 16 important colorsEnglishGreat Britain0.3277027027027027
                      RT_ICON0xab6f00x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.7466216216216216
                      RT_ICON0xab8180x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.3885135135135135
                      RT_ICON0xab9400x668Device independent bitmap graphic, 48 x 96 x 4, image size 1152EnglishGreat Britain0.48109756097560974
                      RT_ICON0xabfa80x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 512EnglishGreat Britain0.5672043010752689
                      RT_ICON0xac2900x128Device independent bitmap graphic, 16 x 32 x 4, image size 128EnglishGreat Britain0.6418918918918919
                      RT_ICON0xac3b80xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colorsEnglishGreat Britain0.7044243070362474
                      RT_ICON0xad2600x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsEnglishGreat Britain0.8077617328519856
                      RT_ICON0xadb080x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsEnglishGreat Britain0.5903179190751445
                      RT_ICON0xae0700x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600EnglishGreat Britain0.5503112033195021
                      RT_ICON0xb06180x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishGreat Britain0.6050656660412758
                      RT_ICON0xb16c00x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishGreat Britain0.7553191489361702
                      RT_MENU0xb1b280x50dataEnglishGreat Britain0.9
                      RT_DIALOG0xb1b780xfcdataEnglishGreat Britain0.6507936507936508
                      RT_STRING0xb1c780x530dataEnglishGreat Britain0.33960843373493976
                      RT_STRING0xb21a80x690dataEnglishGreat Britain0.26964285714285713
                      RT_STRING0xb28380x43adataEnglishGreat Britain0.3733826247689464
                      RT_STRING0xb2c780x5fcdataEnglishGreat Britain0.3087467362924282
                      RT_STRING0xb32780x65cdataEnglishGreat Britain0.34336609336609336
                      RT_STRING0xb38d80x388dataEnglishGreat Britain0.377212389380531
                      RT_STRING0xb3c600x158Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0EnglishUnited States0.502906976744186
                      RT_GROUP_ICON0xb3db80x84dataEnglishGreat Britain0.6439393939393939
                      RT_GROUP_ICON0xb3e400x14dataEnglishGreat Britain1.15
                      RT_GROUP_ICON0xb3e580x14dataEnglishGreat Britain1.25
                      RT_GROUP_ICON0xb3e700x14dataEnglishGreat Britain1.25
                      RT_VERSION0xb3e880x19cdataEnglishGreat Britain0.5339805825242718
                      RT_MANIFEST0xb40280x26cASCII text, with CRLF line terminatorsEnglishUnited States0.5145161290322581
                      DLLImport
                      WSOCK32.dll__WSAFDIsSet, setsockopt, ntohs, recvfrom, sendto, htons, select, listen, WSAStartup, bind, closesocket, connect, socket, send, WSACleanup, ioctlsocket, accept, WSAGetLastError, inet_addr, gethostbyname, gethostname, recv
                      VERSION.dllVerQueryValueW, GetFileVersionInfoW, GetFileVersionInfoSizeW
                      WINMM.dlltimeGetTime, waveOutSetVolume, mciSendStringW
                      COMCTL32.dllImageList_Remove, ImageList_SetDragCursorImage, ImageList_BeginDrag, ImageList_DragEnter, ImageList_DragLeave, ImageList_EndDrag, ImageList_DragMove, ImageList_ReplaceIcon, ImageList_Create, InitCommonControlsEx, ImageList_Destroy
                      MPR.dllWNetCancelConnection2W, WNetGetConnectionW, WNetAddConnection2W, WNetUseConnectionW
                      WININET.dllInternetReadFile, InternetCloseHandle, InternetOpenW, InternetSetOptionW, InternetCrackUrlW, HttpQueryInfoW, InternetConnectW, HttpOpenRequestW, HttpSendRequestW, FtpOpenFileW, FtpGetFileSize, InternetOpenUrlW, InternetQueryOptionW, InternetQueryDataAvailable
                      PSAPI.DLLEnumProcesses, GetModuleBaseNameW, GetProcessMemoryInfo, EnumProcessModules
                      USERENV.dllCreateEnvironmentBlock, DestroyEnvironmentBlock, UnloadUserProfile, LoadUserProfileW
                      KERNEL32.dllHeapAlloc, Sleep, GetCurrentThreadId, RaiseException, MulDiv, GetVersionExW, GetSystemInfo, MultiByteToWideChar, WideCharToMultiByte, GetModuleHandleW, QueryPerformanceCounter, VirtualFreeEx, OpenProcess, VirtualAllocEx, WriteProcessMemory, ReadProcessMemory, CreateFileW, SetFilePointerEx, ReadFile, WriteFile, FlushFileBuffers, TerminateProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, SetFileTime, GetFileAttributesW, FindFirstFileW, FindClose, DeleteFileW, FindNextFileW, lstrcmpiW, MoveFileW, CopyFileW, CreateDirectoryW, RemoveDirectoryW, SetSystemPowerState, QueryPerformanceFrequency, FindResourceW, LoadResource, LockResource, SizeofResource, GetProcessHeap, OutputDebugStringW, GetLocalTime, CompareStringW, CompareStringA, InterlockedIncrement, InterlockedDecrement, DeleteCriticalSection, EnterCriticalSection, LeaveCriticalSection, InitializeCriticalSectionAndSpinCount, GetStdHandle, CreatePipe, InterlockedExchange, TerminateThread, GetTempPathW, GetTempFileNameW, VirtualFree, FormatMessageW, GetExitCodeProcess, SetErrorMode, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileSectionW, WritePrivateProfileSectionW, GetPrivateProfileSectionNamesW, FileTimeToLocalFileTime, FileTimeToSystemTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetDriveTypeW, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetVolumeInformationW, SetVolumeLabelW, CreateHardLinkW, DeviceIoControl, SetFileAttributesW, GetShortPathNameW, CreateEventW, SetEvent, GetEnvironmentVariableW, SetEnvironmentVariableW, GlobalLock, GlobalUnlock, GlobalAlloc, GetFileSize, GlobalFree, GlobalMemoryStatusEx, Beep, GetComputerNameW, GetWindowsDirectoryW, GetSystemDirectoryW, GetCurrentProcessId, GetCurrentThread, GetProcessIoCounters, CreateProcessW, SetPriorityClass, LoadLibraryW, VirtualAlloc, LoadLibraryExW, HeapFree, WaitForSingleObject, CreateThread, DuplicateHandle, GetLastError, CloseHandle, GetCurrentProcess, GetProcAddress, LoadLibraryA, FreeLibrary, GetModuleFileNameW, GetFullPathNameW, ExitProcess, ExitThread, GetSystemTimeAsFileTime, SetCurrentDirectoryW, IsDebuggerPresent, GetCurrentDirectoryW, ResumeThread, GetStartupInfoW, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, SetLastError, HeapSize, GetCPInfo, GetACP, GetOEMCP, IsValidCodePage, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetModuleFileNameA, HeapReAlloc, HeapCreate, SetHandleCount, GetFileType, GetStartupInfoA, SetStdHandle, GetConsoleCP, GetConsoleMode, LCMapStringW, LCMapStringA, RtlUnwind, SetFilePointer, GetTimeZoneInformation, GetTimeFormatA, GetDateFormatA, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetCommandLineW, GetTickCount, GetStringTypeA, GetStringTypeW, GetLocaleInfoA, GetModuleHandleA, WriteConsoleA, GetConsoleOutputCP, WriteConsoleW, CreateFileA, SetEndOfFile, EnumResourceNamesW, SetEnvironmentVariableA
                      USER32.dllSetWindowPos, GetCursorInfo, RegisterHotKey, ClientToScreen, GetKeyboardLayoutNameW, IsCharAlphaW, IsCharAlphaNumericW, IsCharLowerW, IsCharUpperW, GetMenuStringW, GetSubMenu, GetCaretPos, IsZoomed, MonitorFromPoint, GetMonitorInfoW, SetWindowLongW, SetLayeredWindowAttributes, FlashWindow, GetClassLongW, TranslateAcceleratorW, IsDialogMessageW, GetSysColor, InflateRect, DrawFocusRect, DrawTextW, FrameRect, DrawFrameControl, FillRect, PtInRect, DestroyAcceleratorTable, CreateAcceleratorTableW, SetCursor, GetWindowDC, GetSystemMetrics, GetActiveWindow, CharNextW, wsprintfW, RedrawWindow, DrawMenuBar, DestroyMenu, SetMenu, GetWindowTextLengthW, CreateMenu, IsDlgButtonChecked, DefDlgProcW, ReleaseCapture, SetCapture, WindowFromPoint, CreateIconFromResourceEx, mouse_event, ExitWindowsEx, SetActiveWindow, FindWindowExW, EnumThreadWindows, SetMenuDefaultItem, InsertMenuItemW, IsMenu, TrackPopupMenuEx, GetCursorPos, DeleteMenu, CheckMenuRadioItem, CopyImage, GetMenuItemCount, SetMenuItemInfoW, GetMenuItemInfoW, SetForegroundWindow, IsIconic, FindWindowW, SystemParametersInfoW, PeekMessageW, SendInput, GetAsyncKeyState, SetKeyboardState, GetKeyboardState, GetKeyState, VkKeyScanW, LoadStringW, DialogBoxParamW, MessageBeep, EndDialog, SendDlgItemMessageW, GetDlgItem, SetWindowTextW, CopyRect, ReleaseDC, GetDC, EndPaint, BeginPaint, GetClientRect, GetMenu, DestroyWindow, EnumWindows, GetDesktopWindow, IsWindow, IsWindowEnabled, IsWindowVisible, EnableWindow, InvalidateRect, GetWindowThreadProcessId, AttachThreadInput, GetFocus, GetWindowTextW, ScreenToClient, SendMessageTimeoutW, EnumChildWindows, CharUpperBuffW, GetClassNameW, GetParent, GetDlgCtrlID, SendMessageW, MapVirtualKeyW, PostMessageW, GetWindowRect, SetUserObjectSecurity, GetUserObjectSecurity, CloseDesktop, CloseWindowStation, OpenDesktopW, SetProcessWindowStation, GetProcessWindowStation, OpenWindowStationW, MessageBoxW, DefWindowProcW, MoveWindow, AdjustWindowRectEx, SetRect, SetClipboardData, EmptyClipboard, CountClipboardFormats, CloseClipboard, GetClipboardData, IsClipboardFormatAvailable, OpenClipboard, BlockInput, GetMessageW, LockWindowUpdate, DispatchMessageW, GetMenuItemID, TranslateMessage, SetFocus, PostQuitMessage, KillTimer, CreatePopupMenu, RegisterWindowMessageW, SetTimer, ShowWindow, CreateWindowExW, RegisterClassExW, LoadIconW, LoadCursorW, GetSysColorBrush, GetForegroundWindow, MessageBoxA, DestroyIcon, UnregisterHotKey, CharLowerBuffW, MonitorFromRect, keybd_event, LoadImageW, GetWindowLongW
                      GDI32.dllDeleteObject, GetObjectW, GetTextExtentPoint32W, ExtCreatePen, StrokeAndFillPath, StrokePath, EndPath, SetPixel, CloseFigure, CreateCompatibleBitmap, CreateCompatibleDC, SelectObject, StretchBlt, GetDIBits, LineTo, AngleArc, MoveToEx, Ellipse, PolyDraw, BeginPath, Rectangle, GetDeviceCaps, SetBkMode, RoundRect, SetBkColor, CreatePen, CreateSolidBrush, SetTextColor, CreateFontW, GetTextFaceW, GetStockObject, CreateDCW, GetPixel, DeleteDC, SetViewportOrgEx
                      COMDLG32.dllGetSaveFileNameW, GetOpenFileNameW
                      ADVAPI32.dllRegEnumValueW, RegDeleteValueW, RegDeleteKeyW, RegSetValueExW, RegCreateKeyExW, GetUserNameW, RegConnectRegistryW, RegEnumKeyExW, CloseServiceHandle, UnlockServiceDatabase, LockServiceDatabase, OpenSCManagerW, InitiateSystemShutdownExW, AdjustTokenPrivileges, RegCloseKey, RegQueryValueExW, RegOpenKeyExW, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueW, DuplicateTokenEx, CreateProcessAsUserW, CreateProcessWithLogonW, InitializeSecurityDescriptor, InitializeAcl, GetLengthSid, SetSecurityDescriptorDacl, CopySid, LogonUserW, GetTokenInformation, GetAclInformation, GetAce, AddAce, GetSecurityDescriptorDacl
                      SHELL32.dllDragQueryPoint, ShellExecuteExW, SHGetFolderPathW, DragQueryFileW, SHEmptyRecycleBinW, SHBrowseForFolderW, SHFileOperationW, SHGetPathFromIDListW, SHGetDesktopFolder, SHGetMalloc, ExtractIconExW, Shell_NotifyIconW, ShellExecuteW, DragFinish
                      ole32.dllOleSetMenuDescriptor, MkParseDisplayName, OleSetContainedObject, CoInitialize, CoUninitialize, CoCreateInstance, CreateStreamOnHGlobal, CoTaskMemAlloc, CoTaskMemFree, CLSIDFromString, StringFromCLSID, IIDFromString, StringFromIID, OleInitialize, CreateBindCtx, CLSIDFromProgID, CoInitializeSecurity, CoCreateInstanceEx, CoSetProxyBlanket, OleUninitialize
                      OLEAUT32.dllSafeArrayAllocData, SafeArrayAllocDescriptorEx, SysAllocString, OleLoadPicture, SafeArrayGetVartype, SafeArrayDestroyData, SafeArrayAccessData, VarR8FromDec, VariantTimeToSystemTime, VariantClear, VariantCopy, VariantInit, SafeArrayDestroyDescriptor, LoadRegTypeLib, GetActiveObject, SafeArrayUnaccessData
                      Language of compilation systemCountry where language is spokenMap
                      EnglishGreat Britain
                      EnglishUnited States
                      TimestampSource PortDest PortSource IPDest IP
                      Oct 4, 2024 11:20:27.754302979 CEST4973880192.168.2.5208.95.112.1
                      Oct 4, 2024 11:20:27.760997057 CEST8049738208.95.112.1192.168.2.5
                      Oct 4, 2024 11:20:27.761084080 CEST4973880192.168.2.5208.95.112.1
                      Oct 4, 2024 11:20:27.773483038 CEST4973880192.168.2.5208.95.112.1
                      Oct 4, 2024 11:20:27.779912949 CEST8049738208.95.112.1192.168.2.5
                      Oct 4, 2024 11:20:28.248275042 CEST8049738208.95.112.1192.168.2.5
                      Oct 4, 2024 11:20:28.305279016 CEST4973880192.168.2.5208.95.112.1
                      Oct 4, 2024 11:21:53.462752104 CEST8049738208.95.112.1192.168.2.5
                      Oct 4, 2024 11:21:53.462829113 CEST4973880192.168.2.5208.95.112.1
                      Oct 4, 2024 11:22:08.275723934 CEST4973880192.168.2.5208.95.112.1
                      Oct 4, 2024 11:22:08.281085014 CEST8049738208.95.112.1192.168.2.5
                      TimestampSource PortDest PortSource IPDest IP
                      Oct 4, 2024 11:20:27.721931934 CEST5290953192.168.2.51.1.1.1
                      Oct 4, 2024 11:20:27.742666006 CEST53529091.1.1.1192.168.2.5
                      Oct 4, 2024 11:20:53.359529972 CEST5361144162.159.36.2192.168.2.5
                      Oct 4, 2024 11:20:53.889981985 CEST5560753192.168.2.51.1.1.1
                      Oct 4, 2024 11:20:53.897742987 CEST53556071.1.1.1192.168.2.5
                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                      Oct 4, 2024 11:20:27.721931934 CEST192.168.2.51.1.1.10xab10Standard query (0)ip-api.comA (IP address)IN (0x0001)false
                      Oct 4, 2024 11:20:53.889981985 CEST192.168.2.51.1.1.10x5f84Standard query (0)198.187.3.20.in-addr.arpaPTR (Pointer record)IN (0x0001)false
                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                      Oct 4, 2024 11:20:27.742666006 CEST1.1.1.1192.168.2.50xab10No error (0)ip-api.com208.95.112.1A (IP address)IN (0x0001)false
                      Oct 4, 2024 11:20:53.897742987 CEST1.1.1.1192.168.2.50x5f84Name error (3)198.187.3.20.in-addr.arpanonenonePTR (Pointer record)IN (0x0001)false
                      • ip-api.com
                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                      0192.168.2.549738208.95.112.1807468C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                      TimestampBytes transferredDirectionData
                      Oct 4, 2024 11:20:27.773483038 CEST80OUTGET /line/?fields=hosting HTTP/1.1
                      Host: ip-api.com
                      Connection: Keep-Alive
                      Oct 4, 2024 11:20:28.248275042 CEST175INHTTP/1.1 200 OK
                      Date: Fri, 04 Oct 2024 09:20:27 GMT
                      Content-Type: text/plain; charset=utf-8
                      Content-Length: 6
                      Access-Control-Allow-Origin: *
                      X-Ttl: 60
                      X-Rl: 44
                      Data Raw: 66 61 6c 73 65 0a
                      Data Ascii: false


                      Click to jump to process

                      Click to jump to process

                      Click to dive into process behavior distribution

                      Click to jump to process

                      Target ID:0
                      Start time:05:20:22
                      Start date:04/10/2024
                      Path:C:\Users\user\Desktop\Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exe
                      Wow64 process (32bit):true
                      Commandline:"C:\Users\user\Desktop\Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exe"
                      Imagebase:0x400000
                      File size:1'155'483 bytes
                      MD5 hash:9CCB17AEA35FA5197FCD4D56152C200D
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Yara matches:
                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.2265088718.0000000004240000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                      • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: 00000000.00000002.2265088718.0000000004240000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                      • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000000.00000002.2265088718.0000000004240000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                      • Rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID, Description: Detects executables referencing Windows vault credential objects. Observed in infostealers, Source: 00000000.00000002.2265088718.0000000004240000.00000004.00001000.00020000.00000000.sdmp, Author: ditekSHen
                      • Rule: MALWARE_Win_AgentTeslaV2, Description: AgenetTesla Type 2 Keylogger payload, Source: 00000000.00000002.2265088718.0000000004240000.00000004.00001000.00020000.00000000.sdmp, Author: ditekSHen
                      Reputation:low
                      Has exited:true

                      Target ID:2
                      Start time:05:20:26
                      Start date:04/10/2024
                      Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                      Wow64 process (32bit):true
                      Commandline:"C:\Users\user\Desktop\Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exe"
                      Imagebase:0x110000
                      File size:45'984 bytes
                      MD5 hash:9D352BC46709F0CB5EC974633A0C3C94
                      Has elevated privileges:true
                      Has administrator privileges:true
                      Programmed in:C, C++ or other language
                      Yara matches:
                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000002.00000002.3474966550.0000000002555000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000002.00000002.3473775659.0000000000502000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                      • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000002.00000002.3473775659.0000000000502000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                      Reputation:high
                      Has exited:false

                      Reset < >

                        Execution Graph

                        Execution Coverage:3%
                        Dynamic/Decrypted Code Coverage:1.1%
                        Signature Coverage:3.3%
                        Total number of Nodes:1596
                        Total number of Limit Nodes:40
                        execution_graph 85047 40f110 RegOpenKeyExW 85048 40f13c RegQueryValueExW RegCloseKey 85047->85048 85049 40f15f 85047->85049 85048->85049 85050 429212 85055 410b90 85050->85055 85053 411421 __cinit 74 API calls 85054 42922f 85053->85054 85056 410b9a __write_nolock 85055->85056 85057 41171a 75 API calls 85056->85057 85058 410c31 GetModuleFileNameW 85057->85058 85072 413db0 85058->85072 85060 410c66 _wcsncat 85075 413e3c 85060->85075 85063 41171a 75 API calls 85064 410ca3 _wcscpy 85063->85064 85065 410cd1 RegOpenKeyExW 85064->85065 85066 429bc3 RegQueryValueExW 85065->85066 85067 410cf7 85065->85067 85068 429cd9 RegCloseKey 85066->85068 85070 429bf2 _wcscat _wcslen _wcsncpy 85066->85070 85067->85053 85069 41171a 75 API calls 85069->85070 85070->85069 85071 429cd8 85070->85071 85071->85068 85078 413b95 85072->85078 85108 41abec 85075->85108 85079 413c2f 85078->85079 85084 413bae 85078->85084 85080 413d60 85079->85080 85081 413d7b 85079->85081 85104 417f23 67 API calls __getptd_noexit 85080->85104 85106 417f23 67 API calls __getptd_noexit 85081->85106 85084->85079 85089 413c1d 85084->85089 85100 41ab19 67 API calls __wcsnicmp_l 85084->85100 85085 413d65 85086 413cfb 85085->85086 85105 417ebb 6 API calls 2 library calls 85085->85105 85086->85060 85089->85079 85096 413c9b 85089->85096 85101 41ab19 67 API calls __wcsnicmp_l 85089->85101 85090 413d03 85090->85079 85090->85086 85092 413d8e 85090->85092 85091 413cb9 85091->85079 85097 413cd6 85091->85097 85102 41ab19 67 API calls __wcsnicmp_l 85091->85102 85107 41ab19 67 API calls __wcsnicmp_l 85092->85107 85095 413cef 85103 41ab19 67 API calls __wcsnicmp_l 85095->85103 85096->85090 85096->85091 85097->85079 85097->85086 85097->85095 85100->85089 85101->85096 85102->85097 85103->85086 85104->85085 85106->85085 85107->85086 85109 41ac02 85108->85109 85110 41abfd 85108->85110 85117 417f23 67 API calls __getptd_noexit 85109->85117 85110->85109 85113 41ac22 85110->85113 85112 41ac07 85118 417ebb 6 API calls 2 library calls 85112->85118 85116 410c99 85113->85116 85119 417f23 67 API calls __getptd_noexit 85113->85119 85116->85063 85117->85112 85119->85112 85120 401230 85121 401241 _memset 85120->85121 85122 4012c5 85120->85122 85135 401be0 85121->85135 85124 40126b 85125 4012ae KillTimer SetTimer 85124->85125 85126 42aa61 85124->85126 85127 401298 85124->85127 85125->85122 85130 42aa8b Shell_NotifyIconW 85126->85130 85131 42aa69 Shell_NotifyIconW 85126->85131 85128 4012a2 85127->85128 85129 42aaac 85127->85129 85128->85125 85132 42aaf8 Shell_NotifyIconW 85128->85132 85133 42aad7 Shell_NotifyIconW 85129->85133 85134 42aab5 Shell_NotifyIconW 85129->85134 85130->85125 85131->85125 85132->85125 85133->85125 85134->85125 85136 401bfb 85135->85136 85156 401cde 85135->85156 85157 4013a0 75 API calls 85136->85157 85138 401c0b 85139 42a9a0 LoadStringW 85138->85139 85140 401c18 85138->85140 85142 42a9bb 85139->85142 85158 4021e0 85140->85158 85171 40df50 75 API calls 85142->85171 85143 401c2d 85145 401c3a 85143->85145 85146 42a9cd 85143->85146 85145->85142 85147 401c44 85145->85147 85172 40d3b0 75 API calls 2 library calls 85146->85172 85170 40d3b0 75 API calls 2 library calls 85147->85170 85149 42a9dc 85151 42a9f0 85149->85151 85154 401c53 _memset _wcscpy _wcsncpy 85149->85154 85173 40d3b0 75 API calls 2 library calls 85151->85173 85153 42a9fe 85155 401cc2 Shell_NotifyIconW 85154->85155 85155->85156 85156->85124 85157->85138 85159 4021f1 _wcslen 85158->85159 85160 42a598 85158->85160 85163 402205 85159->85163 85164 402226 85159->85164 85176 40c740 85160->85176 85162 42a5a2 85174 404020 75 API calls moneypunct 85163->85174 85175 401380 75 API calls 85164->85175 85167 40220c _memcpy_s 85167->85143 85168 40222d 85168->85162 85169 41171a 75 API calls 85168->85169 85169->85167 85170->85154 85171->85154 85172->85149 85173->85153 85174->85167 85175->85168 85177 40c752 85176->85177 85178 40c747 85176->85178 85177->85162 85178->85177 85181 402ae0 75 API calls _memcpy_s 85178->85181 85180 42a572 _memcpy_s 85180->85162 85181->85180 85182 4034b0 85183 4034b9 85182->85183 85184 4034bd 85182->85184 85185 42a0ba 85184->85185 85186 41171a 75 API calls 85184->85186 85187 4034fe _memcpy_s moneypunct 85186->85187 85188 416193 85225 41718c 85188->85225 85190 41619f GetStartupInfoW 85192 4161c2 85190->85192 85226 41aa31 HeapCreate 85192->85226 85194 416212 85228 416e29 GetModuleHandleW 85194->85228 85198 416223 __RTC_Initialize 85262 41b669 85198->85262 85201 416231 85202 41623d GetCommandLineW 85201->85202 85331 4117af 67 API calls 3 library calls 85201->85331 85277 42235f GetEnvironmentStringsW 85202->85277 85205 41623c 85205->85202 85206 41624c 85283 4222b1 GetModuleFileNameW 85206->85283 85208 416256 85209 416261 85208->85209 85332 4117af 67 API calls 3 library calls 85208->85332 85287 422082 85209->85287 85215 416272 85300 41186e 85215->85300 85216 416279 85218 416284 __wwincmdln 85216->85218 85334 4117af 67 API calls 3 library calls 85216->85334 85306 40d7f0 85218->85306 85221 4162b3 85336 411a4b 67 API calls _doexit 85221->85336 85224 4162b8 __fcloseall 85225->85190 85227 416206 85226->85227 85227->85194 85329 41616a 67 API calls 3 library calls 85227->85329 85229 416e44 85228->85229 85230 416e3d 85228->85230 85232 416fac 85229->85232 85233 416e4e GetProcAddress GetProcAddress GetProcAddress GetProcAddress 85229->85233 85337 41177f Sleep GetModuleHandleW 85230->85337 85347 416ad5 70 API calls 2 library calls 85232->85347 85236 416e97 TlsAlloc 85233->85236 85235 416e43 85235->85229 85238 416218 85236->85238 85239 416ee5 TlsSetValue 85236->85239 85238->85198 85330 41616a 67 API calls 3 library calls 85238->85330 85239->85238 85240 416ef6 85239->85240 85338 411a69 6 API calls 4 library calls 85240->85338 85242 416efb 85243 41696e __encode_pointer 6 API calls 85242->85243 85244 416f06 85243->85244 85245 41696e __encode_pointer 6 API calls 85244->85245 85246 416f16 85245->85246 85247 41696e __encode_pointer 6 API calls 85246->85247 85248 416f26 85247->85248 85249 41696e __encode_pointer 6 API calls 85248->85249 85250 416f36 85249->85250 85339 41828b InitializeCriticalSectionAndSpinCount __mtinitlocknum 85250->85339 85252 416f43 85252->85232 85253 4169e9 __decode_pointer 6 API calls 85252->85253 85254 416f57 85253->85254 85254->85232 85340 416ffb 85254->85340 85257 4169e9 __decode_pointer 6 API calls 85258 416f8a 85257->85258 85258->85232 85259 416f91 85258->85259 85346 416b12 67 API calls 5 library calls 85259->85346 85261 416f99 GetCurrentThreadId 85261->85238 85366 41718c 85262->85366 85264 41b675 GetStartupInfoA 85265 416ffb __calloc_crt 67 API calls 85264->85265 85272 41b696 85265->85272 85266 41b8b4 __fcloseall 85266->85201 85267 41b831 GetStdHandle 85271 41b7fb 85267->85271 85268 416ffb __calloc_crt 67 API calls 85268->85272 85269 41b896 SetHandleCount 85269->85266 85270 41b843 GetFileType 85270->85271 85271->85266 85271->85267 85271->85269 85271->85270 85368 4189e6 InitializeCriticalSectionAndSpinCount __fcloseall 85271->85368 85272->85266 85272->85268 85272->85271 85274 41b77e 85272->85274 85274->85266 85274->85271 85275 41b7a7 GetFileType 85274->85275 85367 4189e6 InitializeCriticalSectionAndSpinCount __fcloseall 85274->85367 85275->85274 85278 422370 85277->85278 85279 422374 85277->85279 85278->85206 85280 416fb6 __malloc_crt 67 API calls 85279->85280 85282 422395 _memcpy_s 85280->85282 85281 42239c FreeEnvironmentStringsW 85281->85206 85282->85281 85284 4222e6 _wparse_cmdline 85283->85284 85285 416fb6 __malloc_crt 67 API calls 85284->85285 85286 422329 _wparse_cmdline 85284->85286 85285->85286 85286->85208 85289 42209a _wcslen 85287->85289 85292 416267 85287->85292 85288 416ffb __calloc_crt 67 API calls 85297 4220be _wcslen 85288->85297 85289->85288 85290 422123 85291 413a88 __crtLCMapStringA_stat 67 API calls 85290->85291 85291->85292 85292->85215 85333 4117af 67 API calls 3 library calls 85292->85333 85293 416ffb __calloc_crt 67 API calls 85293->85297 85294 422149 85295 413a88 __crtLCMapStringA_stat 67 API calls 85294->85295 85295->85292 85297->85290 85297->85292 85297->85293 85297->85294 85298 422108 85297->85298 85369 426349 67 API calls __wcsnicmp_l 85297->85369 85298->85297 85370 417d93 10 API calls 3 library calls 85298->85370 85301 41187c __IsNonwritableInCurrentImage 85300->85301 85371 418486 85301->85371 85303 41189a __initterm_e 85304 411421 __cinit 74 API calls 85303->85304 85305 4118b9 __IsNonwritableInCurrentImage __initterm 85303->85305 85304->85305 85305->85216 85307 431bcb 85306->85307 85308 40d80c 85306->85308 85309 4092c0 VariantClear 85308->85309 85310 40d847 85309->85310 85375 40eb50 85310->85375 85313 40d877 85378 411ac6 67 API calls 4 library calls 85313->85378 85316 40d888 85379 411b24 67 API calls __wcsnicmp_l 85316->85379 85318 40d891 85380 40f370 SystemParametersInfoW SystemParametersInfoW 85318->85380 85320 40d89f 85381 40d6d0 GetCurrentDirectoryW 85320->85381 85322 40d8a7 SystemParametersInfoW 85323 40d8d4 85322->85323 85324 40d8cd FreeLibrary 85322->85324 85325 4092c0 VariantClear 85323->85325 85324->85323 85326 40d8dd 85325->85326 85327 4092c0 VariantClear 85326->85327 85328 40d8e6 85327->85328 85328->85221 85335 411a1f 67 API calls _doexit 85328->85335 85329->85194 85330->85198 85331->85205 85332->85209 85333->85215 85334->85218 85335->85221 85336->85224 85337->85235 85338->85242 85339->85252 85343 417004 85340->85343 85342 416f70 85342->85232 85342->85257 85343->85342 85344 417022 Sleep 85343->85344 85348 422452 85343->85348 85345 417037 85344->85345 85345->85342 85345->85343 85346->85261 85347->85238 85349 42245e __fcloseall 85348->85349 85350 422495 _memset 85349->85350 85351 422476 85349->85351 85354 42248b __fcloseall 85350->85354 85356 422507 HeapAlloc 85350->85356 85358 418407 __lock 66 API calls 85350->85358 85363 41a74c 5 API calls 2 library calls 85350->85363 85364 42254e LeaveCriticalSection _doexit 85350->85364 85365 411afc 6 API calls __decode_pointer 85350->85365 85361 417f23 67 API calls __getptd_noexit 85351->85361 85353 42247b 85362 417ebb 6 API calls 2 library calls 85353->85362 85354->85343 85356->85350 85358->85350 85361->85353 85363->85350 85364->85350 85365->85350 85366->85264 85367->85274 85368->85271 85369->85297 85370->85298 85372 41848c 85371->85372 85373 41696e __encode_pointer 6 API calls 85372->85373 85374 4184a4 85372->85374 85373->85372 85374->85303 85419 40eb70 85375->85419 85378->85316 85379->85318 85380->85320 85423 401f80 85381->85423 85383 40d6f1 IsDebuggerPresent 85384 431a9d MessageBoxA 85383->85384 85385 40d6ff 85383->85385 85386 431ab6 85384->85386 85385->85386 85387 40d71f 85385->85387 85516 403e90 75 API calls 3 library calls 85386->85516 85493 40f3b0 85387->85493 85391 40d73a GetFullPathNameW 85513 401440 127 API calls _wcscat 85391->85513 85393 40d77a 85394 40d782 85393->85394 85396 431b09 SetCurrentDirectoryW 85393->85396 85395 40d78b 85394->85395 85517 43604b 6 API calls 85394->85517 85505 4101f0 GetSysColorBrush LoadCursorW LoadIconW LoadIconW LoadIconW 85395->85505 85396->85394 85399 431b28 85399->85395 85401 431b30 GetModuleFileNameW 85399->85401 85403 431ba4 GetForegroundWindow ShellExecuteW 85401->85403 85404 431b4c 85401->85404 85407 40d7c7 85403->85407 85518 401b70 85404->85518 85406 40d795 85413 40d7a8 85406->85413 85514 40e1e0 97 API calls _memset 85406->85514 85411 40d7d1 SetCurrentDirectoryW 85407->85411 85411->85322 85412 431b66 85525 40d3b0 75 API calls 2 library calls 85412->85525 85413->85407 85515 401000 Shell_NotifyIconW _memset 85413->85515 85416 431b72 GetForegroundWindow ShellExecuteW 85417 431b9f 85416->85417 85417->85407 85418 40eba0 LoadLibraryA GetProcAddress 85418->85313 85420 40d86e 85419->85420 85421 40eb76 LoadLibraryA 85419->85421 85420->85313 85420->85418 85421->85420 85422 40eb87 GetProcAddress 85421->85422 85422->85420 85526 40e680 75 API calls 85423->85526 85425 401f90 85527 402940 75 API calls __write_nolock 85425->85527 85427 401fa2 GetModuleFileNameW 85528 40ff90 85427->85528 85429 401fbd 85540 4107b0 75 API calls 85429->85540 85431 401fd6 85432 401b70 75 API calls 85431->85432 85433 401fe4 85432->85433 85541 4019e0 76 API calls 85433->85541 85435 401ff2 85436 4092c0 VariantClear 85435->85436 85437 402002 85436->85437 85438 401b70 75 API calls 85437->85438 85439 40201c 85438->85439 85542 4019e0 76 API calls 85439->85542 85441 40202c 85442 401b70 75 API calls 85441->85442 85443 40203c 85442->85443 85543 40c3e0 75 API calls 85443->85543 85445 40204d 85544 40c060 85445->85544 85449 40206e 85550 4115d0 79 API calls 2 library calls 85449->85550 85451 40207d 85452 42c174 85451->85452 85453 402088 85451->85453 85561 401a70 75 API calls 85452->85561 85551 4115d0 79 API calls 2 library calls 85453->85551 85456 42c189 85562 401a70 75 API calls 85456->85562 85457 402093 85457->85456 85458 40209e 85457->85458 85552 4115d0 79 API calls 2 library calls 85458->85552 85461 42c1a7 85463 42c1b0 GetModuleFileNameW 85461->85463 85462 4020a9 85462->85463 85464 4020b4 85462->85464 85563 401a70 75 API calls 85463->85563 85553 4115d0 79 API calls 2 library calls 85464->85553 85467 4020bf 85469 402107 85467->85469 85478 42c20a _wcscpy 85467->85478 85554 401a70 75 API calls 85467->85554 85468 42c1e2 85564 40df50 75 API calls 85468->85564 85472 402119 85469->85472 85469->85478 85471 42c1f1 85565 401a70 75 API calls 85471->85565 85475 42c243 85472->85475 85556 40e7e0 76 API calls 85472->85556 85476 4020e5 _wcscpy 85555 401a70 75 API calls 85476->85555 85477 42c201 85477->85478 85566 401a70 75 API calls 85478->85566 85481 402132 85557 40d030 76 API calls 85481->85557 85483 40213e 85485 4092c0 VariantClear 85483->85485 85488 402148 85485->85488 85486 402184 85490 4092c0 VariantClear 85486->85490 85488->85486 85558 40d030 76 API calls 85488->85558 85559 40e640 76 API calls 85488->85559 85560 401a70 75 API calls 85488->85560 85492 402196 moneypunct 85490->85492 85492->85383 85494 42ccf4 _memset 85493->85494 85495 40f3c9 85493->85495 85497 42cd05 GetOpenFileNameW 85494->85497 86233 40ffb0 76 API calls moneypunct 85495->86233 85497->85495 85499 40d732 85497->85499 85498 40f3d2 86234 410130 SHGetMalloc 85498->86234 85499->85391 85499->85393 85501 40f3d9 86239 410020 88 API calls __wcsicoll 85501->86239 85503 40f3e7 86240 40f400 85503->86240 85506 42b9d3 85505->85506 85507 41025a LoadImageW RegisterClassExW 85505->85507 86292 443e8f EnumResourceNamesW LoadImageW 85506->86292 86291 4102f0 7 API calls 85507->86291 85510 40d790 85512 4103e0 CreateWindowExW CreateWindowExW ShowWindow ShowWindow 85510->85512 85511 42b9da 85512->85406 85513->85393 85514->85413 85515->85407 85516->85393 85517->85399 85519 401b76 _wcslen 85518->85519 85520 41171a 75 API calls 85519->85520 85521 401bc5 85519->85521 85522 401bad _memcpy_s 85520->85522 85524 40d3b0 75 API calls 2 library calls 85521->85524 85523 41171a 75 API calls 85522->85523 85523->85521 85524->85412 85525->85416 85526->85425 85527->85427 85567 40f5e0 85528->85567 85531 40ffa6 85531->85429 85533 42b6d8 85534 42b6e6 85533->85534 85623 434fe1 85533->85623 85536 413a88 __crtLCMapStringA_stat 67 API calls 85534->85536 85537 42b6f5 85536->85537 85538 434fe1 106 API calls 85537->85538 85539 42b702 85538->85539 85539->85429 85540->85431 85541->85435 85542->85441 85543->85445 85545 41171a 75 API calls 85544->85545 85546 40c088 85545->85546 85547 41171a 75 API calls 85546->85547 85548 402061 85547->85548 85549 401a70 75 API calls 85548->85549 85549->85449 85550->85451 85551->85457 85552->85462 85553->85467 85554->85476 85555->85469 85556->85481 85557->85483 85558->85488 85559->85488 85560->85488 85561->85456 85562->85461 85563->85468 85564->85471 85565->85477 85566->85488 85627 40f580 85567->85627 85569 40f5f8 _strcat moneypunct 85635 40f6d0 85569->85635 85574 42b2ee 85664 4151b0 85574->85664 85576 40f679 85576->85574 85577 40f681 85576->85577 85651 414e94 85577->85651 85581 40f68b 85581->85531 85586 452574 85581->85586 85583 42b31d 85670 415484 85583->85670 85585 42b33d 85587 41557c _fseek 105 API calls 85586->85587 85588 4525df 85587->85588 86172 4523ce 85588->86172 85591 4525fc 85591->85533 85592 4151b0 __fread_nolock 81 API calls 85593 45261d 85592->85593 85594 4151b0 __fread_nolock 81 API calls 85593->85594 85595 45262e 85594->85595 85596 4151b0 __fread_nolock 81 API calls 85595->85596 85597 452649 85596->85597 85598 4151b0 __fread_nolock 81 API calls 85597->85598 85599 452666 85598->85599 85600 41557c _fseek 105 API calls 85599->85600 85601 452682 85600->85601 85602 4138ba _malloc 67 API calls 85601->85602 85603 45268e 85602->85603 85604 4138ba _malloc 67 API calls 85603->85604 85605 45269b 85604->85605 85606 4151b0 __fread_nolock 81 API calls 85605->85606 85607 4526ac 85606->85607 85608 44afdc GetSystemTimeAsFileTime 85607->85608 85609 4526bf 85608->85609 85610 4526d5 85609->85610 85611 4526fd 85609->85611 85612 413a88 __crtLCMapStringA_stat 67 API calls 85610->85612 85613 452704 85611->85613 85614 45275b 85611->85614 85616 4526df 85612->85616 86178 44b195 85613->86178 85615 413a88 __crtLCMapStringA_stat 67 API calls 85614->85615 85618 452759 85615->85618 85619 413a88 __crtLCMapStringA_stat 67 API calls 85616->85619 85618->85533 85621 4526e8 85619->85621 85620 452753 85622 413a88 __crtLCMapStringA_stat 67 API calls 85620->85622 85621->85533 85622->85618 85624 434ff1 85623->85624 85625 434feb 85623->85625 85624->85534 85626 414e94 __fcloseall 106 API calls 85625->85626 85626->85624 85628 429440 85627->85628 85629 40f589 _wcslen 85627->85629 85630 40f58f WideCharToMultiByte 85629->85630 85631 40f5d8 85630->85631 85632 40f5ad 85630->85632 85631->85569 85633 41171a 75 API calls 85632->85633 85634 40f5bb WideCharToMultiByte 85633->85634 85634->85569 85636 40f6dd _strlen 85635->85636 85683 40f790 85636->85683 85639 414e06 85703 414d40 85639->85703 85641 40f666 85641->85574 85642 40f450 85641->85642 85646 40f45a _strcat _memcpy_s __write_nolock 85642->85646 85643 4151b0 __fread_nolock 81 API calls 85643->85646 85645 42936d 85647 41557c _fseek 105 API calls 85645->85647 85646->85643 85646->85645 85650 40f531 85646->85650 85786 41557c 85646->85786 85648 429394 85647->85648 85649 4151b0 __fread_nolock 81 API calls 85648->85649 85649->85650 85650->85576 85652 414ea0 __fcloseall 85651->85652 85653 414ed1 85652->85653 85654 414eb4 85652->85654 85657 415965 __lock_file 68 API calls 85653->85657 85661 414ec9 __fcloseall 85653->85661 85925 417f23 67 API calls __getptd_noexit 85654->85925 85656 414eb9 85926 417ebb 6 API calls 2 library calls 85656->85926 85659 414ee9 85657->85659 85909 414e1d 85659->85909 85661->85581 85994 41511a 85664->85994 85666 4151c8 85667 44afdc 85666->85667 86165 4431e0 85667->86165 85669 44affd 85669->85583 85671 415490 __fcloseall 85670->85671 85672 4154bb 85671->85672 85673 41549e 85671->85673 85675 415965 __lock_file 68 API calls 85672->85675 86169 417f23 67 API calls __getptd_noexit 85673->86169 85677 4154c3 85675->85677 85676 4154a3 86170 417ebb 6 API calls 2 library calls 85676->86170 85679 4152e7 __ftell_nolock 71 API calls 85677->85679 85680 4154cf 85679->85680 86171 4154e8 LeaveCriticalSection LeaveCriticalSection _fprintf 85680->86171 85682 4154b3 __fcloseall 85682->85585 85685 40f7ae _memset 85683->85685 85684 42a349 85685->85684 85687 40f628 85685->85687 85688 415258 85685->85688 85687->85639 85689 415285 85688->85689 85690 415268 85688->85690 85689->85690 85692 41528c 85689->85692 85699 417f23 67 API calls __getptd_noexit 85690->85699 85701 41c551 103 API calls 13 library calls 85692->85701 85693 41526d 85700 417ebb 6 API calls 2 library calls 85693->85700 85695 4152b2 85698 41527d 85695->85698 85702 4191c9 101 API calls 6 library calls 85695->85702 85698->85685 85699->85693 85701->85695 85702->85698 85704 414d4c __fcloseall 85703->85704 85705 414d5f 85704->85705 85708 414d95 85704->85708 85755 417f23 67 API calls __getptd_noexit 85705->85755 85707 414d64 85756 417ebb 6 API calls 2 library calls 85707->85756 85722 41e28c 85708->85722 85711 414d74 __fcloseall @_EH4_CallFilterFunc@8 85711->85641 85712 414d9a 85713 414da1 85712->85713 85714 414dae 85712->85714 85757 417f23 67 API calls __getptd_noexit 85713->85757 85716 414dd6 85714->85716 85717 414db6 85714->85717 85740 41dfd8 85716->85740 85758 417f23 67 API calls __getptd_noexit 85717->85758 85723 41e298 __fcloseall 85722->85723 85724 418407 __lock 67 API calls 85723->85724 85737 41e2a6 85724->85737 85725 41e31b 85760 41e3bb 85725->85760 85726 41e322 85728 416fb6 __malloc_crt 67 API calls 85726->85728 85730 41e32c 85728->85730 85729 41e3b0 __fcloseall 85729->85712 85730->85725 85765 4189e6 InitializeCriticalSectionAndSpinCount __fcloseall 85730->85765 85731 418344 __mtinitlocknum 67 API calls 85731->85737 85734 41e351 85735 41e35c 85734->85735 85736 41e36f EnterCriticalSection 85734->85736 85738 413a88 __crtLCMapStringA_stat 67 API calls 85735->85738 85736->85725 85737->85725 85737->85726 85737->85731 85763 4159a6 68 API calls __lock 85737->85763 85764 415a14 LeaveCriticalSection LeaveCriticalSection _doexit 85737->85764 85738->85725 85749 41dffb __wopenfile 85740->85749 85741 41e015 85770 417f23 67 API calls __getptd_noexit 85741->85770 85743 41e1e9 85743->85741 85746 41e247 85743->85746 85744 41e01a 85771 417ebb 6 API calls 2 library calls 85744->85771 85767 425db0 85746->85767 85749->85741 85749->85743 85772 4136bc 79 API calls __wcsnicmp_l 85749->85772 85751 41e1e2 85751->85743 85773 4136bc 79 API calls __wcsnicmp_l 85751->85773 85753 41e201 85753->85743 85774 4136bc 79 API calls __wcsnicmp_l 85753->85774 85755->85707 85757->85711 85758->85711 85759 414dfc LeaveCriticalSection LeaveCriticalSection _fprintf 85759->85711 85766 41832d LeaveCriticalSection 85760->85766 85762 41e3c2 85762->85729 85763->85737 85764->85737 85765->85734 85766->85762 85775 425ce4 85767->85775 85769 414de1 85769->85759 85770->85744 85772->85751 85773->85753 85774->85743 85778 425cf0 __fcloseall 85775->85778 85776 425d03 85777 417f23 __wcsnicmp_l 67 API calls 85776->85777 85779 425d08 85777->85779 85778->85776 85780 425d41 85778->85780 85782 417ebb __wcsnicmp_l 6 API calls 85779->85782 85781 4255c4 __tsopen_nolock 132 API calls 85780->85781 85783 425d5b 85781->85783 85785 425d17 __fcloseall 85782->85785 85784 425d82 __sopen_helper LeaveCriticalSection 85783->85784 85784->85785 85785->85769 85790 415588 __fcloseall 85786->85790 85787 415596 85817 417f23 67 API calls __getptd_noexit 85787->85817 85789 4155c4 85799 415965 85789->85799 85790->85787 85790->85789 85791 41559b 85818 417ebb 6 API calls 2 library calls 85791->85818 85798 4155ab __fcloseall 85798->85646 85800 415977 85799->85800 85801 415999 EnterCriticalSection 85799->85801 85800->85801 85802 41597f 85800->85802 85803 4155cc 85801->85803 85804 418407 __lock 67 API calls 85802->85804 85805 4154f2 85803->85805 85804->85803 85806 415512 85805->85806 85807 415502 85805->85807 85809 415524 85806->85809 85820 4152e7 85806->85820 85874 417f23 67 API calls __getptd_noexit 85807->85874 85837 41486c 85809->85837 85816 415507 85819 4155f7 LeaveCriticalSection LeaveCriticalSection _fprintf 85816->85819 85817->85791 85819->85798 85821 41531a 85820->85821 85822 4152fa 85820->85822 85824 41453a __fileno 67 API calls 85821->85824 85875 417f23 67 API calls __getptd_noexit 85822->85875 85825 415320 85824->85825 85828 41efd4 __locking 71 API calls 85825->85828 85826 4152ff 85876 417ebb 6 API calls 2 library calls 85826->85876 85829 415335 85828->85829 85830 4153a9 85829->85830 85832 415364 85829->85832 85836 41530f 85829->85836 85877 417f23 67 API calls __getptd_noexit 85830->85877 85833 41efd4 __locking 71 API calls 85832->85833 85832->85836 85834 415404 85833->85834 85835 41efd4 __locking 71 API calls 85834->85835 85834->85836 85835->85836 85836->85809 85838 414885 85837->85838 85842 4148a7 85837->85842 85839 41453a __fileno 67 API calls 85838->85839 85838->85842 85840 4148a0 85839->85840 85878 41c3cf 101 API calls 6 library calls 85840->85878 85843 41453a 85842->85843 85844 41455e 85843->85844 85845 414549 85843->85845 85849 41efd4 85844->85849 85879 417f23 67 API calls __getptd_noexit 85845->85879 85847 41454e 85880 417ebb 6 API calls 2 library calls 85847->85880 85850 41efe0 __fcloseall 85849->85850 85851 41f003 85850->85851 85852 41efe8 85850->85852 85854 41f011 85851->85854 85857 41f052 85851->85857 85901 417f36 67 API calls __getptd_noexit 85852->85901 85903 417f36 67 API calls __getptd_noexit 85854->85903 85855 41efed 85902 417f23 67 API calls __getptd_noexit 85855->85902 85881 41ba3b 85857->85881 85859 41f016 85904 417f23 67 API calls __getptd_noexit 85859->85904 85862 41f01d 85905 417ebb 6 API calls 2 library calls 85862->85905 85863 41f058 85865 41f065 85863->85865 85866 41f07b 85863->85866 85891 41ef5f 85865->85891 85906 417f23 67 API calls __getptd_noexit 85866->85906 85867 41eff5 __fcloseall 85867->85816 85870 41f073 85908 41f0a6 LeaveCriticalSection __unlock_fhandle 85870->85908 85871 41f080 85907 417f36 67 API calls __getptd_noexit 85871->85907 85874->85816 85875->85826 85877->85836 85878->85842 85879->85847 85882 41ba47 __fcloseall 85881->85882 85883 41baa2 85882->85883 85886 418407 __lock 67 API calls 85882->85886 85884 41bac4 __fcloseall 85883->85884 85885 41baa7 EnterCriticalSection 85883->85885 85884->85863 85885->85884 85887 41ba73 85886->85887 85888 41ba8a 85887->85888 85889 4189e6 __mtinitlocknum InitializeCriticalSectionAndSpinCount 85887->85889 85890 41bad2 ___lock_fhandle LeaveCriticalSection 85888->85890 85889->85888 85890->85883 85892 41b9c4 __lseeki64_nolock 67 API calls 85891->85892 85893 41ef6e 85892->85893 85894 41ef84 SetFilePointer 85893->85894 85895 41ef74 85893->85895 85897 41efa3 85894->85897 85898 41ef9b GetLastError 85894->85898 85896 417f23 __wcsnicmp_l 67 API calls 85895->85896 85899 41ef79 85896->85899 85897->85899 85900 417f49 __dosmaperr 67 API calls 85897->85900 85898->85897 85899->85870 85900->85899 85901->85855 85902->85867 85903->85859 85904->85862 85906->85871 85907->85870 85908->85867 85910 414e31 85909->85910 85911 414e4d 85909->85911 85955 417f23 67 API calls __getptd_noexit 85910->85955 85914 414e46 85911->85914 85915 41486c __flush 101 API calls 85911->85915 85913 414e36 85956 417ebb 6 API calls 2 library calls 85913->85956 85927 414f08 LeaveCriticalSection LeaveCriticalSection _fprintf 85914->85927 85917 414e59 85915->85917 85928 41e680 85917->85928 85920 41453a __fileno 67 API calls 85921 414e67 85920->85921 85932 41e5b3 85921->85932 85923 414e6d 85923->85914 85924 413a88 __crtLCMapStringA_stat 67 API calls 85923->85924 85924->85914 85925->85656 85927->85661 85929 41e690 85928->85929 85931 414e61 85928->85931 85930 413a88 __crtLCMapStringA_stat 67 API calls 85929->85930 85929->85931 85930->85931 85931->85920 85933 41e5bf __fcloseall 85932->85933 85934 41e5c7 85933->85934 85937 41e5e2 85933->85937 85972 417f36 67 API calls __getptd_noexit 85934->85972 85936 41e5f0 85974 417f36 67 API calls __getptd_noexit 85936->85974 85937->85936 85940 41e631 85937->85940 85938 41e5cc 85973 417f23 67 API calls __getptd_noexit 85938->85973 85943 41ba3b ___lock_fhandle 68 API calls 85940->85943 85942 41e5f5 85975 417f23 67 API calls __getptd_noexit 85942->85975 85945 41e637 85943->85945 85947 41e652 85945->85947 85948 41e644 85945->85948 85946 41e5fc 85976 417ebb 6 API calls 2 library calls 85946->85976 85977 417f23 67 API calls __getptd_noexit 85947->85977 85957 41e517 85948->85957 85952 41e5d4 __fcloseall 85952->85923 85953 41e64c 85978 41e676 LeaveCriticalSection __unlock_fhandle 85953->85978 85955->85913 85979 41b9c4 85957->85979 85959 41e527 85960 41e57d 85959->85960 85962 41e55b 85959->85962 85963 41b9c4 __lseeki64_nolock 67 API calls 85959->85963 85992 41b93e 68 API calls 2 library calls 85960->85992 85962->85960 85964 41b9c4 __lseeki64_nolock 67 API calls 85962->85964 85966 41e552 85963->85966 85967 41e567 CloseHandle 85964->85967 85965 41e585 85968 41e5a7 85965->85968 85993 417f49 67 API calls 3 library calls 85965->85993 85969 41b9c4 __lseeki64_nolock 67 API calls 85966->85969 85967->85960 85970 41e573 GetLastError 85967->85970 85968->85953 85969->85962 85970->85960 85972->85938 85973->85952 85974->85942 85975->85946 85977->85953 85978->85952 85980 41b9d1 85979->85980 85981 41b9e9 85979->85981 85982 417f36 __read 67 API calls 85980->85982 85984 417f36 __read 67 API calls 85981->85984 85989 41ba2e 85981->85989 85983 41b9d6 85982->85983 85985 417f23 __wcsnicmp_l 67 API calls 85983->85985 85986 41ba17 85984->85986 85987 41b9de 85985->85987 85988 417f23 __wcsnicmp_l 67 API calls 85986->85988 85987->85959 85990 41ba1e 85988->85990 85989->85959 85991 417ebb __wcsnicmp_l 6 API calls 85990->85991 85991->85989 85992->85965 85993->85968 85995 415126 __fcloseall 85994->85995 85996 41516f 85995->85996 85998 41513a _memset 85995->85998 86006 415164 __fcloseall 85995->86006 85997 415965 __lock_file 68 API calls 85996->85997 85999 415177 85997->85999 86023 417f23 67 API calls __getptd_noexit 85998->86023 86007 414f10 85999->86007 86002 415154 86024 417ebb 6 API calls 2 library calls 86002->86024 86006->85666 86008 414f4c 86007->86008 86010 414f2e _memset 86007->86010 86025 4151a6 LeaveCriticalSection LeaveCriticalSection _fprintf 86008->86025 86009 414f37 86076 417f23 67 API calls __getptd_noexit 86009->86076 86010->86008 86010->86009 86014 414f8b 86010->86014 86014->86008 86015 4150a9 _memset 86014->86015 86016 41453a __fileno 67 API calls 86014->86016 86018 4150d5 _memset 86014->86018 86026 41ed9e 86014->86026 86056 41e6b1 86014->86056 86078 41ee9b 67 API calls 3 library calls 86014->86078 86079 417f23 67 API calls __getptd_noexit 86015->86079 86016->86014 86080 417f23 67 API calls __getptd_noexit 86018->86080 86022 414f3c 86077 417ebb 6 API calls 2 library calls 86022->86077 86023->86002 86025->86006 86027 41edaa __fcloseall 86026->86027 86028 41edb2 86027->86028 86029 41edcd 86027->86029 86150 417f36 67 API calls __getptd_noexit 86028->86150 86030 41eddb 86029->86030 86035 41ee1c 86029->86035 86152 417f36 67 API calls __getptd_noexit 86030->86152 86033 41edb7 86151 417f23 67 API calls __getptd_noexit 86033->86151 86034 41ede0 86153 417f23 67 API calls __getptd_noexit 86034->86153 86038 41ee29 86035->86038 86039 41ee3d 86035->86039 86155 417f36 67 API calls __getptd_noexit 86038->86155 86040 41ba3b ___lock_fhandle 68 API calls 86039->86040 86043 41ee43 86040->86043 86041 41ede7 86154 417ebb 6 API calls 2 library calls 86041->86154 86046 41ee50 86043->86046 86047 41ee66 86043->86047 86044 41ee2e 86156 417f23 67 API calls __getptd_noexit 86044->86156 86045 41edbf __fcloseall 86045->86014 86081 41e7dc 86046->86081 86157 417f23 67 API calls __getptd_noexit 86047->86157 86052 41ee5e 86159 41ee91 LeaveCriticalSection __unlock_fhandle 86052->86159 86053 41ee6b 86158 417f36 67 API calls __getptd_noexit 86053->86158 86057 41e6c1 86056->86057 86060 41e6de 86056->86060 86163 417f23 67 API calls __getptd_noexit 86057->86163 86059 41e6c6 86164 417ebb 6 API calls 2 library calls 86059->86164 86062 41e713 86060->86062 86068 41e6d6 86060->86068 86160 423600 86060->86160 86064 41453a __fileno 67 API calls 86062->86064 86065 41e727 86064->86065 86066 41ed9e __read 79 API calls 86065->86066 86067 41e72e 86066->86067 86067->86068 86069 41453a __fileno 67 API calls 86067->86069 86068->86014 86070 41e751 86069->86070 86070->86068 86071 41453a __fileno 67 API calls 86070->86071 86072 41e75d 86071->86072 86072->86068 86073 41453a __fileno 67 API calls 86072->86073 86074 41e769 86073->86074 86075 41453a __fileno 67 API calls 86074->86075 86075->86068 86076->86022 86078->86014 86079->86022 86080->86022 86082 41e813 86081->86082 86083 41e7f8 86081->86083 86085 41e822 86082->86085 86087 41e849 86082->86087 86084 417f36 __read 67 API calls 86083->86084 86086 41e7fd 86084->86086 86088 417f36 __read 67 API calls 86085->86088 86090 417f23 __wcsnicmp_l 67 API calls 86086->86090 86089 41e868 86087->86089 86103 41e87c 86087->86103 86091 41e827 86088->86091 86092 417f36 __read 67 API calls 86089->86092 86104 41e805 86090->86104 86094 417f23 __wcsnicmp_l 67 API calls 86091->86094 86096 41e86d 86092->86096 86093 41e8d4 86095 417f36 __read 67 API calls 86093->86095 86097 41e82e 86094->86097 86098 41e8d9 86095->86098 86099 417f23 __wcsnicmp_l 67 API calls 86096->86099 86100 417ebb __wcsnicmp_l 6 API calls 86097->86100 86101 417f23 __wcsnicmp_l 67 API calls 86098->86101 86102 41e874 86099->86102 86100->86104 86101->86102 86107 417ebb __wcsnicmp_l 6 API calls 86102->86107 86103->86093 86103->86104 86105 41e8b0 86103->86105 86106 41e8f5 86103->86106 86104->86052 86105->86093 86112 41e8bb ReadFile 86105->86112 86109 416fb6 __malloc_crt 67 API calls 86106->86109 86107->86104 86113 41e90b 86109->86113 86110 41ed62 GetLastError 86114 41ebe8 86110->86114 86115 41ed6f 86110->86115 86111 41e9e7 86111->86110 86118 41e9fb 86111->86118 86112->86110 86112->86111 86116 41e931 86113->86116 86117 41e913 86113->86117 86124 417f49 __dosmaperr 67 API calls 86114->86124 86129 41eb6d 86114->86129 86120 417f23 __wcsnicmp_l 67 API calls 86115->86120 86119 423462 __lseeki64_nolock 69 API calls 86116->86119 86121 417f23 __wcsnicmp_l 67 API calls 86117->86121 86118->86129 86131 41ec2d 86118->86131 86132 41ea17 86118->86132 86122 41e93d 86119->86122 86123 41ed74 86120->86123 86125 41e918 86121->86125 86122->86112 86127 417f36 __read 67 API calls 86123->86127 86124->86129 86126 417f36 __read 67 API calls 86125->86126 86126->86104 86127->86129 86128 413a88 __crtLCMapStringA_stat 67 API calls 86128->86104 86129->86104 86129->86128 86130 41eca5 ReadFile 86135 41ecc4 GetLastError 86130->86135 86142 41ecce 86130->86142 86131->86129 86131->86130 86133 41ea7d ReadFile 86132->86133 86138 41eafa 86132->86138 86134 41ea9b GetLastError 86133->86134 86141 41eaa5 86133->86141 86134->86132 86134->86141 86135->86131 86135->86142 86136 41ebbe MultiByteToWideChar 86136->86129 86137 41ebe2 GetLastError 86136->86137 86137->86114 86138->86129 86139 41eb75 86138->86139 86140 41eb68 86138->86140 86144 41eb32 86138->86144 86139->86144 86145 41ebac 86139->86145 86143 417f23 __wcsnicmp_l 67 API calls 86140->86143 86141->86132 86146 423462 __lseeki64_nolock 69 API calls 86141->86146 86142->86131 86147 423462 __lseeki64_nolock 69 API calls 86142->86147 86143->86129 86144->86136 86148 423462 __lseeki64_nolock 69 API calls 86145->86148 86146->86141 86147->86142 86149 41ebbb 86148->86149 86149->86136 86150->86033 86151->86045 86152->86034 86153->86041 86155->86044 86156->86041 86157->86053 86158->86052 86159->86045 86161 416fb6 __malloc_crt 67 API calls 86160->86161 86162 423615 86161->86162 86162->86062 86163->86059 86168 414cef GetSystemTimeAsFileTime __aulldiv 86165->86168 86167 4431ef 86167->85669 86168->86167 86169->85676 86171->85682 86177 4523e1 _wcscpy 86172->86177 86173 4151b0 81 API calls __fread_nolock 86173->86177 86174 44afdc GetSystemTimeAsFileTime 86174->86177 86175 452553 86175->85591 86175->85592 86176 41557c 105 API calls _fseek 86176->86177 86177->86173 86177->86174 86177->86175 86177->86176 86179 44b1b4 86178->86179 86180 44b1a6 86178->86180 86182 44b1ca 86179->86182 86183 414e06 138 API calls 86179->86183 86184 44b1c2 86179->86184 86181 414e06 138 API calls 86180->86181 86181->86179 86213 4352d1 81 API calls 2 library calls 86182->86213 86185 44b2c1 86183->86185 86184->85620 86185->86182 86187 44b2cf 86185->86187 86189 44b2dc 86187->86189 86192 414e94 __fcloseall 106 API calls 86187->86192 86188 44b20d 86190 44b211 86188->86190 86191 44b23b 86188->86191 86189->85620 86194 44b21e 86190->86194 86195 414e94 __fcloseall 106 API calls 86190->86195 86214 43526e 86191->86214 86192->86189 86197 414e94 __fcloseall 106 API calls 86194->86197 86201 44b22e 86194->86201 86195->86194 86196 44b242 86198 44b270 86196->86198 86199 44b248 86196->86199 86197->86201 86224 44b0af 111 API calls 86198->86224 86202 44b255 86199->86202 86204 414e94 __fcloseall 106 API calls 86199->86204 86201->85620 86205 44b265 86202->86205 86206 414e94 __fcloseall 106 API calls 86202->86206 86203 44b276 86225 43522c 86203->86225 86204->86202 86205->85620 86206->86205 86209 44b289 86211 44b299 86209->86211 86212 414e94 __fcloseall 106 API calls 86209->86212 86210 414e94 __fcloseall 106 API calls 86210->86209 86211->85620 86212->86211 86213->86188 86215 4138ba _malloc 67 API calls 86214->86215 86216 43527d 86215->86216 86217 4138ba _malloc 67 API calls 86216->86217 86218 43528d 86217->86218 86219 4138ba _malloc 67 API calls 86218->86219 86220 43529d 86219->86220 86221 43522c 67 API calls 86220->86221 86222 4352bc 86220->86222 86223 4352c8 86221->86223 86222->86196 86223->86196 86224->86203 86226 435241 86225->86226 86227 43523b 86225->86227 86229 413a88 __crtLCMapStringA_stat 67 API calls 86226->86229 86230 435254 86226->86230 86228 413a88 __crtLCMapStringA_stat 67 API calls 86227->86228 86228->86226 86229->86230 86231 435267 86230->86231 86232 413a88 __crtLCMapStringA_stat 67 API calls 86230->86232 86231->86209 86231->86210 86232->86231 86233->85498 86235 410148 SHGetDesktopFolder 86234->86235 86237 4101a3 _wcscpy 86234->86237 86236 41015a _wcscpy 86235->86236 86235->86237 86236->86237 86238 41018a SHGetPathFromIDListW 86236->86238 86237->85501 86238->86237 86239->85503 86241 40f5e0 152 API calls 86240->86241 86242 40f417 86241->86242 86243 42ca37 86242->86243 86245 40f42c 86242->86245 86246 42ca1f 86242->86246 86244 452574 140 API calls 86243->86244 86248 42ca50 86244->86248 86285 4037e0 139 API calls 7 library calls 86245->86285 86286 43717f 110 API calls _printf 86246->86286 86251 42ca76 86248->86251 86252 42ca54 86248->86252 86250 42ca2d 86250->86243 86255 41171a 75 API calls 86251->86255 86254 434fe1 106 API calls 86252->86254 86253 40f446 86253->85499 86256 42ca5e 86254->86256 86270 42cacc moneypunct 86255->86270 86287 43717f 110 API calls _printf 86256->86287 86258 42ccc3 86260 413a88 __crtLCMapStringA_stat 67 API calls 86258->86260 86259 42ca6c 86259->86251 86261 42cccd 86260->86261 86262 434fe1 106 API calls 86261->86262 86263 42ccda 86262->86263 86267 401b70 75 API calls 86267->86270 86270->86258 86270->86267 86271 402cc0 86270->86271 86279 4026a0 86270->86279 86288 445051 75 API calls _memcpy_s 86270->86288 86289 44c80c 87 API calls 3 library calls 86270->86289 86290 44b408 75 API calls 86270->86290 86272 402d71 86271->86272 86273 402cd2 _memcpy_s moneypunct 86271->86273 86275 41171a 75 API calls 86272->86275 86274 41171a 75 API calls 86273->86274 86276 402cd9 86274->86276 86275->86273 86277 41171a 75 API calls 86276->86277 86278 402cff 86276->86278 86277->86278 86278->86270 86280 4026af 86279->86280 86282 40276b 86279->86282 86281 41171a 75 API calls 86280->86281 86280->86282 86283 4026ee moneypunct 86280->86283 86281->86283 86282->86270 86283->86282 86284 41171a 75 API calls 86283->86284 86284->86283 86285->86253 86286->86250 86287->86259 86288->86270 86289->86270 86290->86270 86291->85510 86292->85511 84767 444343 84770 444326 84767->84770 84769 44434e WriteFile 84771 444340 84770->84771 84772 4442c7 84770->84772 84771->84769 84777 40e190 SetFilePointerEx 84772->84777 84774 4442e0 SetFilePointerEx 84778 40e190 SetFilePointerEx 84774->84778 84776 4442ff 84776->84769 84777->84774 84778->84776 86293 431914 86294 431920 86293->86294 86295 431928 86294->86295 86296 43193d 86294->86296 86557 45e62e 116 API calls 3 library calls 86295->86557 86558 47f2b4 174 API calls 86296->86558 86299 43194a 86306 4095b0 moneypunct 86299->86306 86559 45e62e 116 API calls 3 library calls 86299->86559 86301 409708 86302 4097af 86302->86301 86544 40d590 VariantClear 86302->86544 86305 4315b8 WaitForSingleObject 86305->86306 86308 4315d6 GetExitCodeProcess CloseHandle 86305->86308 86306->86301 86306->86302 86306->86305 86309 431623 Sleep 86306->86309 86315 40986e Sleep 86306->86315 86316 4098f1 TranslateMessage DispatchMessageW 86306->86316 86318 409894 86306->86318 86334 45e62e 116 API calls 86306->86334 86335 4319c9 VariantClear 86306->86335 86337 4092c0 VariantClear 86306->86337 86339 40b380 86306->86339 86363 409340 86306->86363 86396 409030 86306->86396 86410 40d300 86306->86410 86415 40d320 86306->86415 86421 409a40 86306->86421 86560 40e380 VariantClear moneypunct 86306->86560 86548 40d590 VariantClear 86308->86548 86312 43163b timeGetTime 86309->86312 86309->86318 86312->86318 86317 409880 timeGetTime 86315->86317 86315->86318 86316->86306 86317->86318 86318->86306 86319 431673 CloseHandle 86318->86319 86320 43170c GetExitCodeProcess CloseHandle 86318->86320 86322 46dd22 133 API calls 86318->86322 86324 46e641 134 API calls 86318->86324 86325 431781 Sleep 86318->86325 86330 40d590 VariantClear 86318->86330 86336 4092c0 VariantClear 86318->86336 86545 447e59 75 API calls 86318->86545 86546 453b07 77 API calls 86318->86546 86547 4646a2 76 API calls 86318->86547 86549 444233 88 API calls _wcslen 86318->86549 86550 457509 VariantClear 86318->86550 86551 404120 86318->86551 86555 4717e3 VariantClear 86318->86555 86556 436272 6 API calls 86318->86556 86319->86318 86320->86318 86322->86318 86324->86318 86325->86306 86330->86318 86334->86306 86335->86306 86336->86318 86337->86306 86340 40b3a5 86339->86340 86341 40b53d 86339->86341 86342 430a99 86340->86342 86348 40b3b6 86340->86348 86561 45e62e 116 API calls 3 library calls 86341->86561 86562 45e62e 116 API calls 3 library calls 86342->86562 86345 430aae 86350 4092c0 VariantClear 86345->86350 86346 40b528 86346->86306 86348->86345 86351 40b3f2 86348->86351 86362 40b4fd moneypunct 86348->86362 86349 430dc9 86349->86349 86350->86346 86352 40b429 86351->86352 86353 430ae9 VariantClear 86351->86353 86361 40b476 moneypunct 86351->86361 86356 40b43b moneypunct 86352->86356 86563 40e380 VariantClear moneypunct 86352->86563 86353->86356 86354 430d41 VariantClear 86354->86362 86355 40b4eb 86355->86362 86564 40e380 VariantClear moneypunct 86355->86564 86358 41171a 75 API calls 86356->86358 86356->86361 86358->86361 86360 430d08 moneypunct 86360->86354 86360->86362 86361->86355 86361->86360 86362->86346 86565 45e62e 116 API calls 3 library calls 86362->86565 86364 409386 86363->86364 86366 409395 86363->86366 86566 4042f0 75 API calls __cinit 86364->86566 86368 42fba9 86366->86368 86370 42fc07 86366->86370 86371 42fc85 86366->86371 86375 42fd4f 86366->86375 86376 42fcd8 86366->86376 86378 42fd39 86366->86378 86384 40946f 86366->86384 86385 4094c1 86366->86385 86388 40947b 86366->86388 86392 4092c0 VariantClear 86366->86392 86395 409484 moneypunct 86366->86395 86569 453155 75 API calls 86366->86569 86571 40c620 118 API calls 86366->86571 86573 45e62e 116 API calls 3 library calls 86366->86573 86570 45e62e 116 API calls 3 library calls 86368->86570 86572 45e62e 116 API calls 3 library calls 86370->86572 86574 4781ae 140 API calls 86371->86574 86379 4092c0 VariantClear 86375->86379 86576 47f2b4 174 API calls 86376->86576 86377 42fc9c 86377->86395 86575 45e62e 116 API calls 3 library calls 86377->86575 86578 45e62e 116 API calls 3 library calls 86378->86578 86379->86395 86382 42fce9 86382->86395 86577 45e62e 116 API calls 3 library calls 86382->86577 86567 409210 VariantClear 86384->86567 86385->86395 86568 404260 76 API calls 86385->86568 86390 4092c0 VariantClear 86388->86390 86390->86395 86392->86366 86393 4094e1 86394 4092c0 VariantClear 86393->86394 86394->86395 86395->86306 86579 409110 117 API calls 86396->86579 86398 42ceb6 86589 410ae0 VariantClear moneypunct 86398->86589 86400 40906e 86400->86398 86402 42cea9 86400->86402 86404 4090a4 86400->86404 86401 42cebf 86588 45e62e 116 API calls 3 library calls 86402->86588 86580 404160 86404->86580 86407 4090f0 moneypunct 86407->86306 86408 4092c0 VariantClear 86409 4090be moneypunct 86408->86409 86409->86407 86409->86408 86411 4292e3 86410->86411 86412 40d30c 86410->86412 86413 429323 86411->86413 86414 4292fd TranslateAcceleratorW 86411->86414 86412->86306 86413->86306 86414->86412 86416 4296d0 86415->86416 86419 40d32f 86415->86419 86416->86306 86417 40d33c 86417->86306 86418 42972a IsDialogMessageW 86418->86417 86418->86419 86419->86417 86419->86418 86724 4340ec GetClassLongW 86419->86724 86422 409a66 _wcslen 86421->86422 86423 40aade _memcpy_s moneypunct 86422->86423 86424 41171a 75 API calls 86422->86424 86726 401380 75 API calls 86423->86726 86425 409a9c _memcpy_s 86424->86425 86427 41171a 75 API calls 86425->86427 86428 409abd 86427->86428 86428->86423 86430 409aeb CharUpperBuffW 86428->86430 86435 409b09 moneypunct 86428->86435 86429 42cee9 86431 41171a 75 API calls 86429->86431 86430->86435 86432 42cf10 _memcpy_s 86431->86432 86758 45e62e 116 API calls 3 library calls 86432->86758 86484 409b88 moneypunct 86435->86484 86727 47d10e 150 API calls 86435->86727 86436 4092c0 VariantClear 86437 42e5e0 86436->86437 86759 410ae0 VariantClear moneypunct 86437->86759 86439 42e5f2 86440 409e4a 86440->86432 86441 409ea4 86440->86441 86442 41171a 75 API calls 86440->86442 86446 409ed0 86441->86446 86448 41171a 75 API calls 86441->86448 86442->86441 86443 41171a 75 API calls 86443->86484 86444 40aa5b 86445 41171a 75 API calls 86444->86445 86464 40aa81 _memcpy_s moneypunct 86445->86464 86449 42d50d 86446->86449 86508 409ef8 _memcpy_s moneypunct 86446->86508 86737 40b800 VariantClear VariantClear moneypunct 86446->86737 86450 42d480 86448->86450 86455 42d527 86449->86455 86738 40b800 VariantClear VariantClear moneypunct 86449->86738 86454 42d491 86450->86454 86733 44b3f6 75 API calls 86450->86733 86451 42d195 VariantClear 86451->86484 86452 40a3a7 86456 40a415 86452->86456 86505 42db5c 86452->86505 86734 40df50 75 API calls 86454->86734 86455->86508 86739 40e2e0 VariantClear moneypunct 86455->86739 86460 41171a 75 API calls 86456->86460 86457 4092c0 VariantClear 86457->86484 86476 40a41c 86460->86476 86470 41171a 75 API calls 86464->86470 86466 42d4a6 86735 4530b3 75 API calls 86466->86735 86468 42db96 86745 45e62e 116 API calls 3 library calls 86468->86745 86470->86423 86472 42d128 86474 4092c0 VariantClear 86472->86474 86473 42d4d7 86736 4530b3 75 API calls 86473->86736 86478 42d131 86474->86478 86475 42d20c 86475->86306 86488 40a481 86476->86488 86746 40c8a0 VariantClear moneypunct 86476->86746 86730 410ae0 VariantClear moneypunct 86478->86730 86483 44b3f6 75 API calls 86483->86508 86484->86432 86484->86440 86484->86443 86484->86444 86484->86451 86484->86457 86484->86464 86484->86472 86484->86475 86487 42dbb9 86484->86487 86728 40c3e0 75 API calls 86484->86728 86729 40c620 118 API calls 86484->86729 86731 40be00 75 API calls 2 library calls 86484->86731 86732 40e380 VariantClear moneypunct 86484->86732 86486 4092c0 VariantClear 86517 40a534 _memcpy_s moneypunct 86486->86517 86487->86436 86489 40a4ed 86488->86489 86492 42dc1e VariantClear 86488->86492 86488->86517 86496 40a4ff moneypunct 86489->86496 86747 40e380 VariantClear moneypunct 86489->86747 86490 402cc0 75 API calls 86490->86508 86491 41171a 75 API calls 86491->86508 86492->86496 86495 41171a 75 API calls 86495->86517 86496->86495 86496->86517 86500 42deb6 VariantClear 86500->86517 86501 411421 74 API calls __cinit 86501->86508 86502 40a73c 86504 42e237 86502->86504 86512 40a76b 86502->86512 86503 40e380 VariantClear 86503->86517 86751 46e709 VariantClear VariantClear moneypunct 86504->86751 86744 4721e5 VariantClear 86505->86744 86506 42dfe9 VariantClear 86506->86517 86507 42df47 VariantClear 86507->86517 86508->86423 86508->86452 86508->86468 86508->86483 86508->86490 86508->86491 86508->86501 86508->86505 86511 40a053 86508->86511 86740 45ee98 75 API calls 86508->86740 86741 4019e0 76 API calls 86508->86741 86742 404260 76 API calls 86508->86742 86743 409210 VariantClear 86508->86743 86509 40a7a2 86522 40a7ad moneypunct 86509->86522 86752 40b800 VariantClear VariantClear moneypunct 86509->86752 86511->86306 86512->86509 86537 40a800 moneypunct 86512->86537 86725 40b800 VariantClear VariantClear moneypunct 86512->86725 86515 41171a 75 API calls 86515->86517 86516 41171a 75 API calls 86521 42dd10 VariantInit VariantCopy 86516->86521 86517->86486 86517->86500 86517->86502 86517->86503 86517->86504 86517->86506 86517->86507 86517->86515 86517->86516 86748 46e9cd 75 API calls 86517->86748 86749 409210 VariantClear 86517->86749 86750 44cc6c VariantClear moneypunct 86517->86750 86518 40a8b0 86528 40a8c2 moneypunct 86518->86528 86754 40e380 VariantClear moneypunct 86518->86754 86519 42e312 86520 42e337 VariantClear 86519->86520 86519->86528 86520->86528 86521->86517 86523 42dd30 VariantClear 86521->86523 86524 40a7ee 86522->86524 86529 42e2a7 VariantClear 86522->86529 86522->86537 86523->86517 86524->86537 86753 40e380 VariantClear moneypunct 86524->86753 86526 42e3b2 86531 42e3da VariantClear 86526->86531 86535 40a91a moneypunct 86526->86535 86528->86526 86530 40a908 86528->86530 86529->86537 86530->86535 86755 40e380 VariantClear moneypunct 86530->86755 86531->86535 86532 42e47f 86538 42e4a3 VariantClear 86532->86538 86543 40a957 moneypunct 86532->86543 86535->86532 86536 40a945 86535->86536 86536->86543 86756 40e380 VariantClear moneypunct 86536->86756 86537->86518 86537->86519 86538->86543 86540 40aa22 moneypunct 86540->86306 86541 42e559 VariantClear 86541->86543 86543->86540 86543->86541 86757 40e380 VariantClear moneypunct 86543->86757 86544->86301 86545->86318 86546->86318 86547->86318 86548->86318 86549->86318 86550->86318 86552 40412e 86551->86552 86553 4092c0 VariantClear 86552->86553 86554 404138 86553->86554 86554->86325 86555->86318 86556->86318 86557->86306 86558->86299 86559->86306 86560->86306 86561->86342 86562->86345 86563->86356 86564->86362 86565->86349 86566->86366 86567->86388 86568->86393 86569->86366 86570->86395 86571->86366 86572->86395 86573->86366 86574->86377 86575->86395 86576->86382 86577->86395 86578->86375 86579->86400 86581 4092c0 VariantClear 86580->86581 86582 40416e 86581->86582 86583 404120 VariantClear 86582->86583 86584 40419b 86583->86584 86590 4734b7 86584->86590 86634 40efe0 86584->86634 86585 4041c6 86585->86398 86585->86409 86588->86398 86589->86401 86591 453063 111 API calls 86590->86591 86592 4734d7 86591->86592 86593 473545 86592->86593 86594 47350c 86592->86594 86642 463c42 86593->86642 86596 4092c0 VariantClear 86594->86596 86601 473514 86596->86601 86597 473558 86598 47355c 86597->86598 86614 473595 86597->86614 86599 4092c0 VariantClear 86598->86599 86609 473564 86599->86609 86600 473616 86655 463d7e 86600->86655 86601->86585 86603 453063 111 API calls 86603->86614 86604 473622 86605 473697 86604->86605 86606 47362c 86604->86606 86689 457838 86605->86689 86610 4092c0 VariantClear 86606->86610 86609->86585 86612 473634 86610->86612 86612->86585 86613 473655 86616 4092c0 VariantClear 86613->86616 86614->86600 86614->86603 86614->86613 86701 462f5a 87 API calls __wcsicoll 86614->86701 86627 47365d 86616->86627 86618 4736b0 86702 45e62e 116 API calls 3 library calls 86618->86702 86619 4736c9 86703 40e7e0 76 API calls 86619->86703 86622 4736ba GetCurrentProcess TerminateProcess 86622->86619 86623 4736db 86632 4736ff 86623->86632 86704 40d030 76 API calls 86623->86704 86625 473731 86630 473744 FreeLibrary 86625->86630 86631 47374b 86625->86631 86626 4736f1 86705 46b945 134 API calls 2 library calls 86626->86705 86627->86585 86630->86631 86631->86585 86632->86625 86706 40d030 76 API calls 86632->86706 86707 46b945 134 API calls 2 library calls 86632->86707 86635 40eff5 CreateFileW 86634->86635 86636 4299bf 86634->86636 86638 40f017 86635->86638 86637 4299c4 CreateFileW 86636->86637 86636->86638 86637->86638 86639 4299ea 86637->86639 86638->86585 86723 40e0d0 SetFilePointerEx SetFilePointerEx 86639->86723 86641 4299f5 86641->86638 86708 45335b 76 API calls 86642->86708 86644 463c5d 86709 442c52 80 API calls _wcslen 86644->86709 86646 463c72 86648 40c060 75 API calls 86646->86648 86654 463cac 86646->86654 86649 463c8e 86648->86649 86710 4608ce 75 API calls _memcpy_s 86649->86710 86651 463ca4 86652 40c740 75 API calls 86651->86652 86652->86654 86653 463cf7 86653->86597 86654->86653 86711 462f5a 87 API calls __wcsicoll 86654->86711 86656 453063 111 API calls 86655->86656 86657 463d99 86656->86657 86658 463de0 86657->86658 86659 463dca 86657->86659 86713 40c760 78 API calls 86658->86713 86712 453081 111 API calls 86659->86712 86662 463de7 86668 463e19 86662->86668 86714 40c760 78 API calls 86662->86714 86663 463dd0 LoadLibraryW 86664 463e09 86663->86664 86666 463e3e 86664->86666 86664->86668 86669 463e4e 86666->86669 86670 463e7b 86666->86670 86667 463dfb 86667->86668 86715 40c760 78 API calls 86667->86715 86668->86604 86716 40d500 75 API calls 86669->86716 86718 40c760 78 API calls 86670->86718 86674 463e57 86717 45efe7 77 API calls moneypunct 86674->86717 86675 463e82 GetProcAddress 86678 463e90 86675->86678 86677 463e62 GetProcAddress 86680 463e79 86677->86680 86678->86668 86679 463edf 86678->86679 86678->86680 86679->86668 86683 463eef FreeLibrary 86679->86683 86680->86678 86719 403470 75 API calls _memcpy_s 86680->86719 86682 463eb4 86720 40d500 75 API calls 86682->86720 86683->86668 86685 463ebd 86721 45efe7 77 API calls moneypunct 86685->86721 86687 463ec8 GetProcAddress 86722 401330 moneypunct 86687->86722 86690 457a4c 86689->86690 86693 45785f _strcat moneypunct _wcslen _wcscpy 86689->86693 86697 410d40 86690->86697 86691 443576 78 API calls 86691->86693 86692 40c760 78 API calls 86692->86693 86693->86690 86693->86691 86693->86692 86694 4138ba 67 API calls _malloc 86693->86694 86695 453081 111 API calls 86693->86695 86696 40f580 77 API calls 86693->86696 86694->86693 86695->86693 86696->86693 86699 410d55 86697->86699 86698 410ded VirtualProtect 86700 410dbb 86698->86700 86699->86698 86699->86700 86700->86618 86700->86619 86701->86614 86702->86622 86703->86623 86704->86626 86705->86632 86706->86632 86707->86632 86708->86644 86709->86646 86710->86651 86711->86653 86712->86663 86713->86662 86714->86667 86715->86664 86716->86674 86717->86677 86718->86675 86719->86682 86720->86685 86721->86687 86722->86679 86723->86641 86724->86419 86725->86509 86726->86429 86727->86435 86728->86484 86729->86484 86730->86540 86731->86484 86732->86484 86733->86454 86734->86466 86735->86473 86736->86446 86737->86449 86738->86455 86739->86508 86740->86508 86741->86508 86742->86508 86743->86508 86744->86468 86745->86487 86746->86476 86747->86496 86748->86517 86749->86517 86750->86517 86751->86509 86752->86522 86753->86537 86754->86528 86755->86535 86756->86543 86757->86543 86758->86487 86759->86439 84779 3f133b8 84793 3f11008 84779->84793 84781 3f13479 84796 3f132a8 84781->84796 84783 3f134a2 CreateFileW 84785 3f134f1 84783->84785 84786 3f134f6 84783->84786 84786->84785 84787 3f1350d VirtualAlloc 84786->84787 84787->84785 84788 3f1352b ReadFile 84787->84788 84788->84785 84789 3f13546 84788->84789 84790 3f122a8 13 API calls 84789->84790 84791 3f13579 84790->84791 84792 3f1359c ExitProcess 84791->84792 84792->84785 84795 3f11693 84793->84795 84799 3f144a8 GetPEB 84793->84799 84795->84781 84797 3f132b1 Sleep 84796->84797 84798 3f132bf 84797->84798 84799->84795 84800 46d22f 84803 46d098 84800->84803 84802 46d241 84804 46d0b5 84803->84804 84805 46d115 84804->84805 84806 46d0b9 84804->84806 84874 45c216 78 API calls 84805->84874 84851 41171a 84806->84851 84810 46d126 84812 46d0f8 84810->84812 84818 46d142 84810->84818 84811 46d0cc 84864 453063 84811->84864 84870 4092c0 84812->84870 84816 46d0fd 84816->84802 84819 46d1c8 84818->84819 84821 46d158 84818->84821 84880 4676a3 78 API calls 84819->84880 84824 453063 111 API calls 84821->84824 84822 46d0ea 84822->84818 84825 46d0ee 84822->84825 84827 46d15e 84824->84827 84825->84812 84869 44ade5 CloseHandle moneypunct 84825->84869 84826 46d1ce 84881 4444c2 SetFilePointerEx SetFilePointerEx WriteFile 84826->84881 84828 46d18d 84827->84828 84830 46d196 84827->84830 84875 467fce 82 API calls 84828->84875 84876 4013a0 75 API calls 84830->84876 84834 46d1a2 84877 40df50 75 API calls 84834->84877 84835 46d1e7 84837 4092c0 VariantClear 84835->84837 84845 46d194 84835->84845 84837->84845 84838 46d1ac 84878 40d3b0 75 API calls 2 library calls 84838->84878 84840 46d224 84840->84802 84841 46d1b8 84879 467fce 82 API calls 84841->84879 84844 46d216 84882 44ade5 CloseHandle moneypunct 84844->84882 84845->84840 84847 40d900 84845->84847 84848 40d917 84847->84848 84849 40d909 84847->84849 84848->84849 84850 40d91c CloseHandle 84848->84850 84849->84844 84850->84844 84853 411724 84851->84853 84854 41173e 84853->84854 84858 411740 std::bad_alloc::bad_alloc 84853->84858 84883 4138ba 84853->84883 84901 411afc 6 API calls __decode_pointer 84853->84901 84854->84811 84863 40d940 76 API calls 84854->84863 84857 411770 84906 41805b RaiseException 84857->84906 84861 411766 84858->84861 84902 411421 84858->84902 84905 4116fd 67 API calls std::exception::exception 84861->84905 84862 41177e 84863->84811 84865 45306e 84864->84865 84866 45307a 84864->84866 84865->84866 85044 452e2a 111 API calls 5 library calls 84865->85044 84868 40dfa0 83 API calls 84866->84868 84868->84822 84869->84812 84871 4092c8 moneypunct 84870->84871 84872 429db0 VariantClear 84871->84872 84873 4092d5 moneypunct 84871->84873 84872->84873 84873->84816 84874->84810 84875->84845 84876->84834 84877->84838 84878->84841 84879->84845 84880->84826 84881->84835 84882->84840 84884 41396d 84883->84884 84894 4138cc 84883->84894 84914 411afc 6 API calls __decode_pointer 84884->84914 84886 413973 84915 417f23 67 API calls __getptd_noexit 84886->84915 84891 4138dd 84891->84894 84907 418252 67 API calls 2 library calls 84891->84907 84908 4180a7 67 API calls 7 library calls 84891->84908 84909 411803 GetModuleHandleW GetProcAddress ExitProcess ___crtCorExitProcess 84891->84909 84892 413929 RtlAllocateHeap 84892->84894 84894->84891 84894->84892 84895 413959 84894->84895 84898 41395e 84894->84898 84900 413965 84894->84900 84910 41386b 67 API calls 4 library calls 84894->84910 84911 411afc 6 API calls __decode_pointer 84894->84911 84912 417f23 67 API calls __getptd_noexit 84895->84912 84913 417f23 67 API calls __getptd_noexit 84898->84913 84900->84853 84901->84853 84916 4113e5 84902->84916 84904 41142e 84904->84861 84905->84857 84906->84862 84907->84891 84908->84891 84910->84894 84911->84894 84912->84898 84913->84900 84914->84886 84915->84900 84917 4113f1 __fcloseall 84916->84917 84924 41181b 84917->84924 84923 411412 __fcloseall 84923->84904 84950 418407 84924->84950 84926 4113f6 84927 4112fa 84926->84927 85015 4169e9 TlsGetValue 84927->85015 84930 4169e9 __decode_pointer 6 API calls 84931 41131e 84930->84931 84942 4113a1 84931->84942 85025 4170e7 68 API calls 5 library calls 84931->85025 84933 41133c 84936 411357 84933->84936 84937 411366 84933->84937 84946 411388 84933->84946 84934 41696e __encode_pointer 6 API calls 84935 411396 84934->84935 84940 41696e __encode_pointer 6 API calls 84935->84940 85026 417047 73 API calls _realloc 84936->85026 84939 411360 84937->84939 84937->84942 84939->84937 84943 41137c 84939->84943 85027 417047 73 API calls _realloc 84939->85027 84940->84942 84947 41141b 84942->84947 85028 41696e TlsGetValue 84943->85028 84944 411376 84944->84942 84944->84943 84946->84934 85040 411824 84947->85040 84951 41841c 84950->84951 84952 41842f EnterCriticalSection 84950->84952 84957 418344 84951->84957 84952->84926 84954 418422 84954->84952 84985 4117af 67 API calls 3 library calls 84954->84985 84956 41842e 84956->84952 84958 418350 __fcloseall 84957->84958 84959 418360 84958->84959 84960 418378 84958->84960 84986 418252 67 API calls 2 library calls 84959->84986 84966 418386 __fcloseall 84960->84966 84989 416fb6 84960->84989 84962 418365 84987 4180a7 67 API calls 7 library calls 84962->84987 84966->84954 84967 41836c 84988 411803 GetModuleHandleW GetProcAddress ExitProcess ___crtCorExitProcess 84967->84988 84968 4183a7 84970 418407 __lock 67 API calls 84968->84970 84969 418398 84995 417f23 67 API calls __getptd_noexit 84969->84995 84973 4183ae 84970->84973 84975 4183e2 84973->84975 84976 4183b6 84973->84976 84978 413a88 __crtLCMapStringA_stat 67 API calls 84975->84978 84996 4189e6 InitializeCriticalSectionAndSpinCount __fcloseall 84976->84996 84980 4183d3 84978->84980 84979 4183c1 84979->84980 84997 413a88 84979->84997 85011 4183fe LeaveCriticalSection _doexit 84980->85011 84983 4183cd 85010 417f23 67 API calls __getptd_noexit 84983->85010 84985->84956 84986->84962 84987->84967 84992 416fbf 84989->84992 84990 4138ba _malloc 66 API calls 84990->84992 84991 416ff5 84991->84968 84991->84969 84992->84990 84992->84991 84993 416fd6 Sleep 84992->84993 84994 416feb 84993->84994 84994->84991 84994->84992 84995->84966 84996->84979 84999 413a94 __fcloseall 84997->84999 84998 413b0d __fcloseall __dosmaperr 84998->84983 84999->84998 85000 418407 __lock 65 API calls 84999->85000 85009 413ad3 84999->85009 85006 413aab ___sbh_find_block 85000->85006 85001 413ae8 RtlFreeHeap 85001->84998 85002 413afa 85001->85002 85014 417f23 67 API calls __getptd_noexit 85002->85014 85004 413aff GetLastError 85004->84998 85005 413ac5 85013 413ade LeaveCriticalSection _doexit 85005->85013 85006->85005 85012 419f9d __VEC_memcpy VirtualFree VirtualFree HeapFree __cftoe2_l 85006->85012 85009->84998 85009->85001 85010->84980 85011->84966 85012->85005 85013->85009 85014->85004 85016 416a01 85015->85016 85017 416a22 GetModuleHandleW 85015->85017 85016->85017 85018 416a0b TlsGetValue 85016->85018 85019 416a32 85017->85019 85020 416a3d GetProcAddress 85017->85020 85023 416a16 85018->85023 85038 41177f Sleep GetModuleHandleW 85019->85038 85022 41130e 85020->85022 85022->84930 85023->85017 85023->85022 85024 416a38 85024->85020 85024->85022 85025->84933 85026->84939 85027->84944 85029 4169a7 GetModuleHandleW 85028->85029 85030 416986 85028->85030 85032 4169c2 GetProcAddress 85029->85032 85033 4169b7 85029->85033 85030->85029 85031 416990 TlsGetValue 85030->85031 85036 41699b 85031->85036 85035 41699f 85032->85035 85039 41177f Sleep GetModuleHandleW 85033->85039 85035->84946 85036->85029 85036->85035 85037 4169bd 85037->85032 85037->85035 85038->85024 85039->85037 85043 41832d LeaveCriticalSection 85040->85043 85042 411420 85042->84923 85043->85042 85044->84866 86760 42919b 86765 40ef10 86760->86765 86763 411421 __cinit 74 API calls 86764 4291aa 86763->86764 86766 41171a 75 API calls 86765->86766 86767 40ef17 86766->86767 86768 42ad48 86767->86768 86773 40ef40 74 API calls __cinit 86767->86773 86770 40ef2a 86774 40e470 86770->86774 86773->86770 86775 40c060 75 API calls 86774->86775 86776 40e483 GetVersionExW 86775->86776 86777 4021e0 75 API calls 86776->86777 86778 40e4bb 86777->86778 86800 40e600 86778->86800 86784 42accc 86786 42ad28 GetSystemInfo 86784->86786 86790 42ad38 GetSystemInfo 86786->86790 86787 40e557 GetCurrentProcess 86820 40ee30 LoadLibraryA GetProcAddress 86787->86820 86788 40e56c 86788->86790 86813 40eee0 86788->86813 86793 40e5c9 86817 40eea0 86793->86817 86796 40e5e0 86798 40e5f1 FreeLibrary 86796->86798 86799 40e5f4 86796->86799 86797 40e5dd FreeLibrary 86797->86796 86798->86799 86799->86763 86801 40e60b 86800->86801 86802 40c740 75 API calls 86801->86802 86803 40e4c2 86802->86803 86804 40e620 86803->86804 86805 40e62a 86804->86805 86806 42ac93 86805->86806 86807 40c740 75 API calls 86805->86807 86808 40e4ce 86807->86808 86808->86784 86809 40ee70 86808->86809 86810 40e551 86809->86810 86811 40ee76 LoadLibraryA 86809->86811 86810->86787 86810->86788 86811->86810 86812 40ee87 GetProcAddress 86811->86812 86812->86810 86814 40e5bf 86813->86814 86815 40eee6 LoadLibraryA 86813->86815 86814->86786 86814->86793 86815->86814 86816 40eef7 GetProcAddress 86815->86816 86816->86814 86821 40eec0 LoadLibraryA GetProcAddress 86817->86821 86819 40e5d3 GetNativeSystemInfo 86819->86796 86819->86797 86820->86788 86821->86819 86822 42e89e 86829 40c000 86822->86829 86824 42e8ac 86825 409a40 165 API calls 86824->86825 86826 42e8ca 86825->86826 86840 44b92e VariantClear 86826->86840 86828 42f3ae 86830 40c014 86829->86830 86831 40c007 86829->86831 86833 40c01a 86830->86833 86834 40c02c 86830->86834 86841 409210 VariantClear 86831->86841 86842 409210 VariantClear 86833->86842 86837 41171a 75 API calls 86834->86837 86835 40c00f 86835->86824 86839 40c033 86837->86839 86838 40c023 86838->86824 86839->86824 86840->86828 86841->86835 86842->86838 85045 40116e 85046 401119 DefWindowProcW 85045->85046
                        APIs
                        • _wcslen.LIBCMT ref: 00409A61
                          • Part of subcall function 0041171A: _malloc.LIBCMT ref: 00411734
                          • Part of subcall function 0041171A: std::bad_alloc::bad_alloc.LIBCMT ref: 00411757
                          • Part of subcall function 0041171A: std::bad_exception::bad_exception.LIBCMT ref: 0041176B
                          • Part of subcall function 0041171A: __CxxThrowException@8.LIBCMT ref: 00411779
                        • CharUpperBuffW.USER32(?,?), ref: 00409AF5
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: BuffCharException@8ThrowUpper_malloc_wcslenstd::bad_alloc::bad_allocstd::bad_exception::bad_exception
                        • String ID: 0vH$4RH
                        • API String ID: 1143807570-2085553193
                        • Opcode ID: 871ee0cf3e7049cfc52ffc1c0c6a20d390630c46fc92d40781a439c75a0ca281
                        • Instruction ID: 7c8f52bff4b3ea9a641e6aac08ab5e1c8beb32691f0f21fab5f23224d73a3634
                        • Opcode Fuzzy Hash: 871ee0cf3e7049cfc52ffc1c0c6a20d390630c46fc92d40781a439c75a0ca281
                        • Instruction Fuzzy Hash: 34238170A043109FD724DF25D480A6BB7E1BF89304F54896EE84A9B391D739EC46CB9B

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 1204 40e470-40e500 call 40c060 GetVersionExW call 4021e0 call 40e600 call 40e620 1213 40e506-40e509 1204->1213 1214 42accc-42acd1 1204->1214 1217 40e540-40e555 call 40ee70 1213->1217 1218 40e50b-40e51c 1213->1218 1215 42acd3-42acdb 1214->1215 1216 42acdd-42ace0 1214->1216 1220 42ad12-42ad20 1215->1220 1221 42ace2-42aceb 1216->1221 1222 42aced-42acf0 1216->1222 1231 40e557-40e573 GetCurrentProcess call 40ee30 1217->1231 1232 40e579-40e5a8 1217->1232 1223 40e522-40e525 1218->1223 1224 42ac9b-42aca7 1218->1224 1230 42ad28-42ad2d GetSystemInfo 1220->1230 1221->1220 1222->1220 1228 42acf2-42ad06 1222->1228 1223->1217 1229 40e527-40e537 1223->1229 1226 42acb2-42acba 1224->1226 1227 42aca9-42acad 1224->1227 1226->1217 1227->1217 1233 42ad08-42ad0c 1228->1233 1234 42ad0e 1228->1234 1235 42acbf-42acc7 1229->1235 1236 40e53d 1229->1236 1238 42ad38-42ad3d GetSystemInfo 1230->1238 1231->1232 1245 40e575 1231->1245 1232->1238 1239 40e5ae-40e5c3 call 40eee0 1232->1239 1233->1220 1234->1220 1235->1217 1236->1217 1239->1230 1244 40e5c9-40e5db call 40eea0 GetNativeSystemInfo 1239->1244 1248 40e5e0-40e5ef 1244->1248 1249 40e5dd-40e5de FreeLibrary 1244->1249 1245->1232 1250 40e5f1-40e5f2 FreeLibrary 1248->1250 1251 40e5f4-40e5ff 1248->1251 1249->1248 1250->1251
                        APIs
                        • GetVersionExW.KERNEL32 ref: 0040E495
                          • Part of subcall function 004021E0: _wcslen.LIBCMT ref: 004021F2
                        • GetCurrentProcess.KERNEL32(?,?), ref: 0040E560
                        • GetNativeSystemInfo.KERNELBASE(?,?), ref: 0040E5D3
                        • FreeLibrary.KERNEL32(?), ref: 0040E5DE
                        • FreeLibrary.KERNEL32(?), ref: 0040E5F2
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: FreeLibrary$CurrentInfoNativeProcessSystemVersion_wcslen
                        • String ID: pMH
                        • API String ID: 2923339712-2522892712
                        • Opcode ID: 3f36deb7b7369dd68d3c05326faf84e57561e58110467ef3184d2bc56fc1d5cf
                        • Instruction ID: 31d199e0849a18b4fe3a20375a839c17b1fda7a8e5a404adfed2e153d323e8b3
                        • Opcode Fuzzy Hash: 3f36deb7b7369dd68d3c05326faf84e57561e58110467ef3184d2bc56fc1d5cf
                        • Instruction Fuzzy Hash: D4612E71508792AEC311CB69C44425ABFE07B6A308F580E6EE48483A42D379E568C7AB
                        APIs
                        • LoadLibraryA.KERNELBASE(uxtheme.dll,0040EB55,0040D86E), ref: 0040EB7B
                        • GetProcAddress.KERNEL32(00000000,IsThemeActive), ref: 0040EB8D
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: AddressLibraryLoadProc
                        • String ID: IsThemeActive$uxtheme.dll
                        • API String ID: 2574300362-3542929980
                        • Opcode ID: 9e55e894ab04f38af4b02d6559f2dae0f2ca0bab174211e780b997e8b6ae5f43
                        • Instruction ID: e8120cabfd18d8fe06d2f96d8b82b2b5a4bcadd10797c678d2963416b1e4c3b8
                        • Opcode Fuzzy Hash: 9e55e894ab04f38af4b02d6559f2dae0f2ca0bab174211e780b997e8b6ae5f43
                        • Instruction Fuzzy Hash: 05D0C9B49407039AD7306F72C918B0A7BE4AB50342F204C3EF996A1694DBBCD0508B28

                        Control-flow Graph

                        APIs
                          • Part of subcall function 0041171A: _malloc.LIBCMT ref: 00411734
                        • GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 00410C44
                        • __wsplitpath.LIBCMT ref: 00410C61
                          • Part of subcall function 00413DB0: __wsplitpath_helper.LIBCMT ref: 00413DF2
                        • _wcsncat.LIBCMT ref: 00410C78
                        • __wmakepath.LIBCMT ref: 00410C94
                          • Part of subcall function 00413E3C: __wmakepath_s.LIBCMT ref: 00413E52
                          • Part of subcall function 0041171A: std::bad_alloc::bad_alloc.LIBCMT ref: 00411757
                          • Part of subcall function 0041171A: std::bad_exception::bad_exception.LIBCMT ref: 0041176B
                          • Part of subcall function 0041171A: __CxxThrowException@8.LIBCMT ref: 00411779
                        • _wcscpy.LIBCMT ref: 00410CCC
                        • RegOpenKeyExW.KERNELBASE(80000001,Software\AutoIt v3\AutoIt,00000000,00020019,?), ref: 00410CE9
                        • RegQueryValueExW.ADVAPI32 ref: 00429BE4
                        • _wcscat.LIBCMT ref: 00429C43
                        • _wcslen.LIBCMT ref: 00429C55
                        • _wcslen.LIBCMT ref: 00429C66
                        • _wcscat.LIBCMT ref: 00429C80
                        • _wcsncpy.LIBCMT ref: 00429CC0
                        • RegCloseKey.ADVAPI32(?), ref: 00429CDE
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: _wcscat_wcslen$CloseException@8FileModuleNameOpenQueryThrowValue__wmakepath__wmakepath_s__wsplitpath__wsplitpath_helper_malloc_wcscpy_wcsncat_wcsncpystd::bad_alloc::bad_allocstd::bad_exception::bad_exception
                        • String ID: Include$Software\AutoIt v3\AutoIt$\
                        • API String ID: 1004883554-2276155026
                        • Opcode ID: d7f6643cad26fd3001d91627fc5ef1af4f656d40d4c5ca14c02d7ab544e78cf5
                        • Instruction ID: ef4714a7fd58501e566ba693257e1f196c1b97611c18bc9c35ab262cfa7686fb
                        • Opcode Fuzzy Hash: d7f6643cad26fd3001d91627fc5ef1af4f656d40d4c5ca14c02d7ab544e78cf5
                        • Instruction Fuzzy Hash: B961B3B1508340DFC300EF65EC8599BBBE8FB99704F44882EF544C3261EBB59948CB5A
                        APIs
                          • Part of subcall function 00409A40: _wcslen.LIBCMT ref: 00409A61
                          • Part of subcall function 00409A40: CharUpperBuffW.USER32(?,?), ref: 00409AF5
                        • Sleep.KERNEL32(0000000A), ref: 00409870
                        • timeGetTime.WINMM ref: 00409880
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: BuffCharSleepTimeUpper_wcslentime
                        • String ID:
                        • API String ID: 3219444185-0
                        • Opcode ID: b124ae733e2c30a8df030179fd7ebda2966fc041c6879d6beed06594e2dda547
                        • Instruction ID: 79dfb759edd1749a95aa3438e3198289cebfc990e9c1b7da565b255c5aac8c6d
                        • Opcode Fuzzy Hash: b124ae733e2c30a8df030179fd7ebda2966fc041c6879d6beed06594e2dda547
                        • Instruction Fuzzy Hash: D422F171608342ABC724DF64C984BABB7A0BF89304F14492FE54997392D77CEC45CB9A

                        Control-flow Graph

                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: __fread_nolock$_fseek_wcscpy
                        • String ID: FILE
                        • API String ID: 3888824918-3121273764
                        • Opcode ID: e8200e6015bbe3313da03f0c122791b2111f624a8fcd35516e511649d5e709ac
                        • Instruction ID: c0f9aeb359a44d31a21a8716142a7f32772eb03c7b5129f1ec28ea3a2d041f76
                        • Opcode Fuzzy Hash: e8200e6015bbe3313da03f0c122791b2111f624a8fcd35516e511649d5e709ac
                        • Instruction Fuzzy Hash: D541EFB1504300BBD310EB55CC81FEB73A9AFC8718F54491EFA8457181F679E644C7AA

                        Control-flow Graph

                        APIs
                        • GetSysColorBrush.USER32 ref: 00410326
                        • RegisterClassExW.USER32 ref: 00410359
                        • RegisterWindowMessageW.USER32(TaskbarCreated,?,?,?,?,?,?), ref: 0041036A
                        • InitCommonControlsEx.COMCTL32(0000000F,?,?,?,?,?,?), ref: 0041038A
                        • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001,?,?,?,?,?,?), ref: 0041039A
                        • LoadIconW.USER32(00400000,000000A9), ref: 004103B1
                        • ImageList_ReplaceIcon.COMCTL32(00CBEE00,000000FF,00000000,?,?,?,?,?,?), ref: 004103C1
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: IconImageList_Register$BrushClassColorCommonControlsCreateInitLoadMessageReplaceWindow
                        • String ID: +$0$AutoIt v3 GUI$TaskbarCreated
                        • API String ID: 2914291525-1005189915
                        • Opcode ID: b078764552fc12f322907e2d646497bc841117f43cad8f480623bc49e689b681
                        • Instruction ID: c8c51aded5b6d43d10953d3ded2c15c159303f3bf9a059b11759766ceadcbce4
                        • Opcode Fuzzy Hash: b078764552fc12f322907e2d646497bc841117f43cad8f480623bc49e689b681
                        • Instruction Fuzzy Hash: 9F2129B4518301AFD340DF64D888B4EBFF4FB89704F008A2EF685962A0E7B58144CF5A

                        Control-flow Graph

                        APIs
                        • GetSysColorBrush.USER32(0000000F), ref: 004101F9
                        • LoadCursorW.USER32(00000000,00007F00), ref: 00410209
                        • LoadIconW.USER32(?,00000063), ref: 0041021F
                        • LoadIconW.USER32(?,000000A4), ref: 00410232
                        • LoadIconW.USER32(?,000000A2), ref: 00410245
                        • LoadImageW.USER32(?,00000063,00000001,00000010,00000010,00000000), ref: 0041026A
                        • RegisterClassExW.USER32 ref: 004102C6
                          • Part of subcall function 004102F0: GetSysColorBrush.USER32 ref: 00410326
                          • Part of subcall function 004102F0: RegisterClassExW.USER32 ref: 00410359
                          • Part of subcall function 004102F0: RegisterWindowMessageW.USER32(TaskbarCreated,?,?,?,?,?,?), ref: 0041036A
                          • Part of subcall function 004102F0: InitCommonControlsEx.COMCTL32(0000000F,?,?,?,?,?,?), ref: 0041038A
                          • Part of subcall function 004102F0: ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001,?,?,?,?,?,?), ref: 0041039A
                          • Part of subcall function 004102F0: LoadIconW.USER32(00400000,000000A9), ref: 004103B1
                          • Part of subcall function 004102F0: ImageList_ReplaceIcon.COMCTL32(00CBEE00,000000FF,00000000,?,?,?,?,?,?), ref: 004103C1
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: Load$Icon$ImageRegister$BrushClassColorList_$CommonControlsCreateCursorInitMessageReplaceWindow
                        • String ID: #$0$PGH
                        • API String ID: 423443420-3673556320
                        • Opcode ID: 1033d1e55498f891403c4089579710d7d6683e73571bc8446147a2c837657170
                        • Instruction ID: 6be78a7d21e01e6533eb66d2751721d4fd39e3055bf34e10baa21603515e7cea
                        • Opcode Fuzzy Hash: 1033d1e55498f891403c4089579710d7d6683e73571bc8446147a2c837657170
                        • Instruction Fuzzy Hash: 60216DB5A18300AFD310CF59EC84A4A7FE4FB99710F00497FF648972A0D7B599408B99

                        Control-flow Graph

                        APIs
                        • _fseek.LIBCMT ref: 004525DA
                          • Part of subcall function 004523CE: __fread_nolock.LIBCMT ref: 004523ED
                          • Part of subcall function 004523CE: __fread_nolock.LIBCMT ref: 00452432
                          • Part of subcall function 004523CE: __fread_nolock.LIBCMT ref: 0045244F
                          • Part of subcall function 004523CE: _wcscpy.LIBCMT ref: 0045247D
                          • Part of subcall function 004523CE: __fread_nolock.LIBCMT ref: 0045248E
                          • Part of subcall function 004523CE: __fread_nolock.LIBCMT ref: 004524AB
                          • Part of subcall function 004523CE: _wcscpy.LIBCMT ref: 004524D9
                        • __fread_nolock.LIBCMT ref: 00452618
                        • __fread_nolock.LIBCMT ref: 00452629
                        • __fread_nolock.LIBCMT ref: 00452644
                        • __fread_nolock.LIBCMT ref: 00452661
                        • _fseek.LIBCMT ref: 0045267D
                        • _malloc.LIBCMT ref: 00452689
                        • _malloc.LIBCMT ref: 00452696
                        • __fread_nolock.LIBCMT ref: 004526A7
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: __fread_nolock$_fseek_malloc_wcscpy
                        • String ID:
                        • API String ID: 1911931848-0
                        • Opcode ID: 07c7d1d11592908342a612a25e8a5e33943486726a22accfdf27b608027379a0
                        • Instruction ID: daf5751c9f96f1f9c2235ce4d63c31b1673d17b5fb5ed0b9a51dc370059b243a
                        • Opcode Fuzzy Hash: 07c7d1d11592908342a612a25e8a5e33943486726a22accfdf27b608027379a0
                        • Instruction Fuzzy Hash: 47514CB1A08340AFD310DF5AD881A9BF7E9FFC8704F40492EF68887241D77AE5448B5A

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 1294 40f450-40f45c call 425210 1297 40f460-40f478 1294->1297 1297->1297 1298 40f47a-40f4a8 call 413990 call 410f70 1297->1298 1303 40f4b0-40f4d1 call 4151b0 1298->1303 1306 40f531 1303->1306 1307 40f4d3-40f4da 1303->1307 1308 40f536-40f540 1306->1308 1309 40f4dc-40f4de 1307->1309 1310 40f4fd-40f517 call 41557c 1307->1310 1311 40f4e0-40f4e2 1309->1311 1314 40f51c-40f51f 1310->1314 1313 40f4e6-40f4ed 1311->1313 1315 40f521-40f52c 1313->1315 1316 40f4ef-40f4f2 1313->1316 1314->1303 1319 40f543-40f54e 1315->1319 1320 40f52e-40f52f 1315->1320 1317 42937a-4293a0 call 41557c call 4151b0 1316->1317 1318 40f4f8-40f4fb 1316->1318 1330 4293a5-4293c3 call 4151d0 1317->1330 1318->1310 1318->1311 1321 40f550-40f553 1319->1321 1322 40f555-40f560 1319->1322 1320->1316 1321->1316 1324 429372 1322->1324 1325 40f566-40f571 1322->1325 1324->1317 1327 429361-429367 1325->1327 1328 40f577-40f57a 1325->1328 1327->1313 1331 42936d 1327->1331 1328->1316 1330->1308 1331->1324
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: __fread_nolock_fseek_strcat
                        • String ID: AU3!$EA06
                        • API String ID: 3818483258-2658333250
                        • Opcode ID: 61a815b4762265f9d00ad5303640aa958846bc8ab5516fbcebd88596bc1aced3
                        • Instruction ID: a326fe91d6bb541f17a8cee8b09d92be642ba4032c5aa5fe266a96c6f27d1a6c
                        • Opcode Fuzzy Hash: 61a815b4762265f9d00ad5303640aa958846bc8ab5516fbcebd88596bc1aced3
                        • Instruction Fuzzy Hash: 2B416C7160C340ABC331DA24C841AEB77A59B95308F68087EF5C597683E578E44A876B

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 1334 410130-410142 SHGetMalloc 1335 410148-410158 SHGetDesktopFolder 1334->1335 1336 42944f-429459 call 411691 1334->1336 1337 4101d1-4101e0 1335->1337 1338 41015a-410188 call 411691 1335->1338 1337->1336 1344 4101e6-4101ee 1337->1344 1346 4101c5-4101ce 1338->1346 1347 41018a-4101a1 SHGetPathFromIDListW 1338->1347 1346->1337 1348 4101a3-4101b1 call 411691 1347->1348 1349 4101b4-4101c0 1347->1349 1348->1349 1349->1346
                        APIs
                        Strings
                        • C:\Users\user\Desktop\Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exe, xrefs: 0041015E, 004101AB, 0042944F, 00429450
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: _wcscpy$DesktopFolderFromListMallocPath
                        • String ID: C:\Users\user\Desktop\Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exe
                        • API String ID: 192938534-2641814343
                        • Opcode ID: 41672701d810a85b6866b378b1839c38d53fca73f5daf9d2a63f2dfb0070f590
                        • Instruction ID: 2fe23ff91bf644c1e681f842d3c1e96d6f0f177144f23c1ad52f1bdc7517ad48
                        • Opcode Fuzzy Hash: 41672701d810a85b6866b378b1839c38d53fca73f5daf9d2a63f2dfb0070f590
                        • Instruction Fuzzy Hash: 822179B5604211AFC210EB64DC84DABB3ECEFC8704F14891DF94987210E739ED46CBA6

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 1352 401230-40123b 1353 401241-401272 call 4131f0 call 401be0 1352->1353 1354 4012c5-4012cd 1352->1354 1359 401274-401292 1353->1359 1360 4012ae-4012bf KillTimer SetTimer 1353->1360 1361 42aa61-42aa67 1359->1361 1362 401298-40129c 1359->1362 1360->1354 1365 42aa8b-42aaa7 Shell_NotifyIconW 1361->1365 1366 42aa69-42aa86 Shell_NotifyIconW 1361->1366 1363 4012a2-4012a8 1362->1363 1364 42aaac-42aab3 1362->1364 1363->1360 1367 42aaf8-42ab15 Shell_NotifyIconW 1363->1367 1368 42aad7-42aaf3 Shell_NotifyIconW 1364->1368 1369 42aab5-42aad2 Shell_NotifyIconW 1364->1369 1365->1360 1366->1360 1367->1360 1368->1360 1369->1360
                        APIs
                        • _memset.LIBCMT ref: 00401257
                          • Part of subcall function 00401BE0: _memset.LIBCMT ref: 00401C62
                          • Part of subcall function 00401BE0: _wcsncpy.LIBCMT ref: 00401CA1
                          • Part of subcall function 00401BE0: _wcscpy.LIBCMT ref: 00401CBD
                          • Part of subcall function 00401BE0: Shell_NotifyIconW.SHELL32(00000001,?), ref: 00401CCF
                        • KillTimer.USER32(?,?), ref: 004012B0
                        • SetTimer.USER32(?,?,000002EE,00000000), ref: 004012BF
                        • Shell_NotifyIconW.SHELL32(?,?), ref: 0042AA80
                        • Shell_NotifyIconW.SHELL32(?,?), ref: 0042AACC
                        • Shell_NotifyIconW.SHELL32(?,?), ref: 0042AB0F
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: IconNotifyShell_$Timer_memset$Kill_wcscpy_wcsncpy
                        • String ID:
                        • API String ID: 1792922140-0
                        • Opcode ID: a7115ab057bf29602ed6c82bb799c717f5f73d3545905a596edaeb05fb95c8cc
                        • Instruction ID: 78dbdb20408675f5dda5a176dd8a03fc230073daf987e80dd157250a536ae6f7
                        • Opcode Fuzzy Hash: a7115ab057bf29602ed6c82bb799c717f5f73d3545905a596edaeb05fb95c8cc
                        • Instruction Fuzzy Hash: 56319670609642BFD319CB24D544B9BFBE8BF85304F04856EF488A3251C7789A19D7AB

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 1370 3f135f8-3f136a6 call 3f11008 1373 3f136ad-3f136d3 call 3f14508 CreateFileW 1370->1373 1376 3f136d5 1373->1376 1377 3f136da-3f136ea 1373->1377 1378 3f13825-3f13829 1376->1378 1384 3f136f1-3f1370b VirtualAlloc 1377->1384 1385 3f136ec 1377->1385 1380 3f1386b-3f1386e 1378->1380 1381 3f1382b-3f1382f 1378->1381 1386 3f13871-3f13878 1380->1386 1382 3f13831-3f13834 1381->1382 1383 3f1383b-3f1383f 1381->1383 1382->1383 1387 3f13841-3f1384b 1383->1387 1388 3f1384f-3f13853 1383->1388 1389 3f13712-3f13729 ReadFile 1384->1389 1390 3f1370d 1384->1390 1385->1378 1391 3f1387a-3f13885 1386->1391 1392 3f138cd-3f138e2 1386->1392 1387->1388 1395 3f13863 1388->1395 1396 3f13855-3f1385f 1388->1396 1397 3f13730-3f13770 VirtualAlloc 1389->1397 1398 3f1372b 1389->1398 1390->1378 1399 3f13887 1391->1399 1400 3f13889-3f13895 1391->1400 1393 3f138f2-3f138fa 1392->1393 1394 3f138e4-3f138ef VirtualFree 1392->1394 1394->1393 1395->1380 1396->1395 1401 3f13772 1397->1401 1402 3f13777-3f13792 call 3f14758 1397->1402 1398->1378 1399->1392 1403 3f13897-3f138a7 1400->1403 1404 3f138a9-3f138b5 1400->1404 1401->1378 1410 3f1379d-3f137a7 1402->1410 1405 3f138cb 1403->1405 1406 3f138c2-3f138c8 1404->1406 1407 3f138b7-3f138c0 1404->1407 1405->1386 1406->1405 1407->1405 1411 3f137a9-3f137d8 call 3f14758 1410->1411 1412 3f137da-3f137ee call 3f14568 1410->1412 1411->1410 1418 3f137f0 1412->1418 1419 3f137f2-3f137f6 1412->1419 1418->1378 1420 3f13802-3f13806 1419->1420 1421 3f137f8-3f137fc CloseHandle 1419->1421 1422 3f13816-3f1381f 1420->1422 1423 3f13808-3f13813 VirtualFree 1420->1423 1421->1420 1422->1373 1422->1378 1423->1422
                        APIs
                        • CreateFileW.KERNELBASE(00000000,?,80000000,00000007,00000000,00000003,00000080,00000000,?,00000000), ref: 03F136C9
                        • VirtualFree.KERNELBASE(00000000,00000000,00008000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 03F138EF
                        Memory Dump Source
                        • Source File: 00000000.00000002.2264943382.0000000003F11000.00000040.00000020.00020000.00000000.sdmp, Offset: 03F11000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_3f11000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: CreateFileFreeVirtual
                        • String ID:
                        • API String ID: 204039940-0
                        • Opcode ID: d349c2c11462b54f33c86561be68849ac3e84e681e3d8bb3fdc8e10bc75df865
                        • Instruction ID: 81554b3cfd7bf7ecbae65ca7c6d60762f53bd4bb6ff45f211fc0e90875365356
                        • Opcode Fuzzy Hash: d349c2c11462b54f33c86561be68849ac3e84e681e3d8bb3fdc8e10bc75df865
                        • Instruction Fuzzy Hash: 46A13979E00209EBDB14CFA4D998BEEB7B5FF48314F24819AE511BB280D7B59A50CF50

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 1424 414f10-414f2c 1425 414f4f 1424->1425 1426 414f2e-414f31 1424->1426 1427 414f51-414f55 1425->1427 1426->1425 1428 414f33-414f35 1426->1428 1429 414f37-414f46 call 417f23 1428->1429 1430 414f56-414f5b 1428->1430 1442 414f47-414f4c call 417ebb 1429->1442 1431 414f6a-414f6d 1430->1431 1432 414f5d-414f68 1430->1432 1435 414f7a-414f7c 1431->1435 1436 414f6f-414f77 call 4131f0 1431->1436 1432->1431 1434 414f8b-414f9e 1432->1434 1440 414fa0-414fa6 1434->1440 1441 414fa8 1434->1441 1435->1429 1439 414f7e-414f89 1435->1439 1436->1435 1439->1429 1439->1434 1444 414faf-414fb1 1440->1444 1441->1444 1442->1425 1447 4150a1-4150a4 1444->1447 1448 414fb7-414fbe 1444->1448 1447->1427 1449 414fc0-414fc5 1448->1449 1450 415004-415007 1448->1450 1449->1450 1451 414fc7 1449->1451 1452 415071-415072 call 41e6b1 1450->1452 1453 415009-41500d 1450->1453 1454 415102 1451->1454 1455 414fcd-414fd1 1451->1455 1461 415077-41507b 1452->1461 1457 41500f-415018 1453->1457 1458 41502e-415035 1453->1458 1464 415106-41510f 1454->1464 1459 414fd3 1455->1459 1460 414fd5-414fd8 1455->1460 1462 415023-415028 1457->1462 1463 41501a-415021 1457->1463 1465 415037 1458->1465 1466 415039-41503c 1458->1466 1459->1460 1469 4150a9-4150af 1460->1469 1470 414fde-414fff call 41ee9b 1460->1470 1461->1464 1471 415081-415085 1461->1471 1472 41502a-41502c 1462->1472 1463->1472 1464->1427 1465->1466 1467 415042-41504e call 41453a call 41ed9e 1466->1467 1468 4150d5-4150d9 1466->1468 1492 415053-415058 1467->1492 1477 4150eb-4150fd call 417f23 1468->1477 1478 4150db-4150e8 call 4131f0 1468->1478 1473 4150b1-4150bd call 4131f0 1469->1473 1474 4150c0-4150d0 call 417f23 1469->1474 1486 415099-41509b 1470->1486 1471->1468 1479 415087-415096 1471->1479 1472->1466 1473->1474 1474->1442 1477->1442 1478->1477 1479->1486 1486->1447 1486->1448 1493 415114-415118 1492->1493 1494 41505e-415061 1492->1494 1493->1464 1494->1454 1495 415067-41506f 1494->1495 1495->1486
                        APIs
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: _memset$__filbuf__fileno__getptd_noexit__read_memcpy_s
                        • String ID:
                        • API String ID: 3886058894-0
                        • Opcode ID: b117a392f3759847975495debe7ea87102f8b7de0bc78f8cbc322732e1c6b221
                        • Instruction ID: 085ef53bf2cba992f8731f00f2d52beda6aca72a1b803249d76dffc069a60243
                        • Opcode Fuzzy Hash: b117a392f3759847975495debe7ea87102f8b7de0bc78f8cbc322732e1c6b221
                        • Instruction Fuzzy Hash: CA510830900604EFCB208FA9C8445DFBBB5EFC5324F24825BF82596290D7799ED2CB99

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 1496 4103e0-410461 CreateWindowExW * 2 ShowWindow * 2
                        APIs
                        • CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,?,00000000), ref: 00410415
                        • CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,?,00000000), ref: 0041043E
                        • ShowWindow.USER32(?,00000000), ref: 00410454
                        • ShowWindow.USER32(?,00000000), ref: 0041045E
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: Window$CreateShow
                        • String ID: AutoIt v3$edit
                        • API String ID: 1584632944-3779509399
                        • Opcode ID: 2f6e2284bb2ae2ba7cf4e865adc3bced08dc322388bda6343c860b78a8eff359
                        • Instruction ID: daa3d4afae2654ee996124117597f48fa5c574a0ac4b96d00400a8ba476d7f73
                        • Opcode Fuzzy Hash: 2f6e2284bb2ae2ba7cf4e865adc3bced08dc322388bda6343c860b78a8eff359
                        • Instruction Fuzzy Hash: F3F0A975BE4310BAF6609754AC43F592B59A765F00F3445ABB700BF1D0D6E478408B9C

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 1497 3f133b8-3f134ef call 3f11008 call 3f132a8 CreateFileW 1504 3f134f1 1497->1504 1505 3f134f6-3f13506 1497->1505 1506 3f135a6-3f135ab 1504->1506 1508 3f13508 1505->1508 1509 3f1350d-3f13527 VirtualAlloc 1505->1509 1508->1506 1510 3f13529 1509->1510 1511 3f1352b-3f13542 ReadFile 1509->1511 1510->1506 1512 3f13544 1511->1512 1513 3f13546-3f13580 call 3f132e8 call 3f122a8 1511->1513 1512->1506 1518 3f13582-3f13597 call 3f13338 1513->1518 1519 3f1359c-3f135a4 ExitProcess 1513->1519 1518->1519 1519->1506
                        APIs
                          • Part of subcall function 03F132A8: Sleep.KERNELBASE(000001F4), ref: 03F132B9
                        • CreateFileW.KERNELBASE(?,80000000,00000007,00000000,00000003,00000080,00000000), ref: 03F134E5
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2264943382.0000000003F11000.00000040.00000020.00020000.00000000.sdmp, Offset: 03F11000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_3f11000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: CreateFileSleep
                        • String ID: PLQF602NDZGOQVIPLDB
                        • API String ID: 2694422964-1604424423
                        • Opcode ID: 4db918f19eb66edbe06d6a948e0569b5b59ef897d3ccaa59e84a0a92d9ec2b76
                        • Instruction ID: 23af1ecd4d7266745cfa7dffb02164dd46363bbd417e8d9e3e56e894497e479d
                        • Opcode Fuzzy Hash: 4db918f19eb66edbe06d6a948e0569b5b59ef897d3ccaa59e84a0a92d9ec2b76
                        • Instruction Fuzzy Hash: DD51B275D04289EBEF11DBE4D814BEEBBB8AF54700F004199E608BB2C0D7BA0B44CB65

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 1521 413a88-413a99 call 41718c 1524 413b10-413b15 call 4171d1 1521->1524 1525 413a9b-413aa2 1521->1525 1526 413aa4-413abc call 418407 call 419f6d 1525->1526 1527 413ae7 1525->1527 1539 413ac7-413ad7 call 413ade 1526->1539 1540 413abe-413ac6 call 419f9d 1526->1540 1531 413ae8-413af8 RtlFreeHeap 1527->1531 1531->1524 1533 413afa-413b0f call 417f23 GetLastError call 417ee1 1531->1533 1533->1524 1539->1524 1546 413ad9-413adc 1539->1546 1540->1539 1546->1531
                        APIs
                        • __lock.LIBCMT ref: 00413AA6
                          • Part of subcall function 00418407: __mtinitlocknum.LIBCMT ref: 0041841D
                          • Part of subcall function 00418407: __amsg_exit.LIBCMT ref: 00418429
                          • Part of subcall function 00418407: EnterCriticalSection.KERNEL32(?,?,?,004224D3,00000004,0048CCA0,0000000C,00417011,00411739,?,00000000,00000000,00000000,?,00416C24,00000001), ref: 00418431
                        • ___sbh_find_block.LIBCMT ref: 00413AB1
                        • ___sbh_free_block.LIBCMT ref: 00413AC0
                        • RtlFreeHeap.NTDLL(00000000,00411739,0048C758,0000000C,004183E8,00000000,0048CA38,0000000C,00418422,00411739,?,?,004224D3,00000004,0048CCA0,0000000C), ref: 00413AF0
                        • GetLastError.KERNEL32(?,004224D3,00000004,0048CCA0,0000000C,00417011,00411739,?,00000000,00000000,00000000,?,00416C24,00000001,00000214), ref: 00413B01
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: CriticalEnterErrorFreeHeapLastSection___sbh_find_block___sbh_free_block__amsg_exit__lock__mtinitlocknum
                        • String ID:
                        • API String ID: 2714421763-0
                        • Opcode ID: 1be655156b84d1756d47887b3dc267bc1ef03bd4322eaa0c22e254cdcea9361a
                        • Instruction ID: 54fb22c17cbd059cfb8714ef359fce415cc636064f476ff80f42ef981757bf49
                        • Opcode Fuzzy Hash: 1be655156b84d1756d47887b3dc267bc1ef03bd4322eaa0c22e254cdcea9361a
                        • Instruction Fuzzy Hash: 7401A731A08301BADF206F71AC09BDF3B64AF00759F10052FF544A6182DB7D9AC19B9C

                        Control-flow Graph

                        • Executed
                        • Not Executed
                        control_flow_graph 1547 40f5e0-40f62f call 40f580 call 413990 call 4112ef call 40f6a0 call 40f6d0 1558 40f631-40f653 1547->1558 1558->1558 1559 40f655-40f66d call 414e06 1558->1559 1562 40f673-40f67b call 40f450 1559->1562 1563 42b2ee 1559->1563 1566 42b2f8-42b322 call 4151b0 call 44afdc 1562->1566 1567 40f681-40f695 call 414e94 1562->1567 1563->1566 1574 42b324-42b330 1566->1574 1574->1574 1575 42b332-42b338 call 415484 1574->1575 1577 42b33d-42b343 1575->1577
                        APIs
                          • Part of subcall function 0040F580: _wcslen.LIBCMT ref: 0040F58A
                          • Part of subcall function 0040F580: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000001,00000000,00000000,00000000,00000000,?,?,?,?,?,?), ref: 0040F5A3
                          • Part of subcall function 0040F580: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000001,00000000,00000000,00000000,00000000,?,-00000010,00000001,?,?,?,?), ref: 0040F5CC
                        • _strcat.LIBCMT ref: 0040F603
                          • Part of subcall function 0040F6A0: _memset.LIBCMT ref: 0040F6A8
                          • Part of subcall function 0040F6D0: _strlen.LIBCMT ref: 0040F6D8
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: ByteCharMultiWide$_memset_strcat_strlen_wcslen
                        • String ID: HH
                        • API String ID: 1194219731-2761332787
                        • Opcode ID: 6830d432ce0edc537904fcc81a92ccb4243d6e1eaca554fb6fd30da9042373f9
                        • Instruction ID: 1fd31f67f6889806bd2ce24d6488871f5ee50ddf162d20410a363c4a19aba518
                        • Opcode Fuzzy Hash: 6830d432ce0edc537904fcc81a92ccb4243d6e1eaca554fb6fd30da9042373f9
                        • Instruction Fuzzy Hash: 022158B260825067C724EF7A9C8266EF7D8AF85308F148C3FF554D2282F638D555879A
                        APIs
                        • CreateProcessW.KERNELBASE(?,00000000), ref: 03F12AD5
                        • Wow64GetThreadContext.KERNEL32(?,00010007), ref: 03F12AF9
                        • ReadProcessMemory.KERNELBASE(?,?,?,00000004,00000000), ref: 03F12B1B
                        Memory Dump Source
                        • Source File: 00000000.00000002.2264943382.0000000003F11000.00000040.00000020.00020000.00000000.sdmp, Offset: 03F11000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_3f11000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: Process$ContextCreateMemoryReadThreadWow64
                        • String ID:
                        • API String ID: 2438371351-0
                        • Opcode ID: ec40cea32e34b77dc66852b254e16eb814eeb5cb53dbe13a3b9b961a1e41453f
                        • Instruction ID: d194326a50da4fdc90e9c1c75361fb444287ef515558295a1a069494b95c044a
                        • Opcode Fuzzy Hash: ec40cea32e34b77dc66852b254e16eb814eeb5cb53dbe13a3b9b961a1e41453f
                        • Instruction Fuzzy Hash: 3F620834A142589BEB24CFA4DC40BDEB376EF58300F1095A9D10DEB390E77A9E91CB59
                        APIs
                        • _malloc.LIBCMT ref: 00411734
                          • Part of subcall function 004138BA: __FF_MSGBANNER.LIBCMT ref: 004138DD
                          • Part of subcall function 004138BA: __NMSG_WRITE.LIBCMT ref: 004138E4
                          • Part of subcall function 004138BA: RtlAllocateHeap.NTDLL(00000000,0041172A,?,?,?,?,00411739,?,00401C0B), ref: 00413931
                        • std::bad_alloc::bad_alloc.LIBCMT ref: 00411757
                          • Part of subcall function 004116B0: std::exception::exception.LIBCMT ref: 004116BC
                        • std::bad_exception::bad_exception.LIBCMT ref: 0041176B
                        • __CxxThrowException@8.LIBCMT ref: 00411779
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: AllocateException@8HeapThrow_mallocstd::bad_alloc::bad_allocstd::bad_exception::bad_exceptionstd::exception::exception
                        • String ID:
                        • API String ID: 1411284514-0
                        • Opcode ID: ca7221cdd9cc9326792a0c346bb7c35cd30f9974032eaa45b6addcc39664c516
                        • Instruction ID: c554e94cc15d94fff19a40754e7570613bf3612ee9c26c673f8185df9075a277
                        • Opcode Fuzzy Hash: ca7221cdd9cc9326792a0c346bb7c35cd30f9974032eaa45b6addcc39664c516
                        • Instruction Fuzzy Hash: 6FF0E23550060A66CF08B723EC06ADE3B649F11798B10403BFA20552F2DF6DADC9865C
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: c2b84d901eedfcb5732c73c427cf3e6a40f349a1394e6728fcd5bdf3f2a5d4d9
                        • Instruction ID: a1f682be926937ece900e9fcc50ccc13891f43ead78ba7c6857800eee9f0599c
                        • Opcode Fuzzy Hash: c2b84d901eedfcb5732c73c427cf3e6a40f349a1394e6728fcd5bdf3f2a5d4d9
                        • Instruction Fuzzy Hash: EC81D2756043009FC310EF65C985B6AB7E4EF84315F008D2EF988AB392D779E909CB96
                        APIs
                        • RegOpenKeyExW.KERNELBASE(80000001,0040F0EE,00000000,00000001,80000001,?,0040F0EE,80000001,Control Panel\Mouse,SwapMouseButtons,00000004,?,?,0044BA28), ref: 0040F132
                        • RegQueryValueExW.KERNELBASE(?,?,00000000,00000000,80000001,80000001,?,0040F0EE,80000001,Control Panel\Mouse,SwapMouseButtons,00000004,?,?,0044BA28), ref: 0040F14F
                        • RegCloseKey.KERNELBASE(00000000,?,?,00000000,00000000,80000001,80000001,?,0040F0EE,80000001,Control Panel\Mouse,SwapMouseButtons,00000004,?,?,0044BA28), ref: 0040F159
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: CloseOpenQueryValue
                        • String ID:
                        • API String ID: 3677997916-0
                        • Opcode ID: 2fc94d7b08a1a7677ebb25c0c676948635cded20fa34e442ec21f1e1bf5971ab
                        • Instruction ID: 6acd5c45b0bc896a902747136fbadff1bb775023c46fd22fba7b324c5144c726
                        • Opcode Fuzzy Hash: 2fc94d7b08a1a7677ebb25c0c676948635cded20fa34e442ec21f1e1bf5971ab
                        • Instruction Fuzzy Hash: 60F0BDB0204202ABD614DF54DD88E6BB7F9EF88704F10492DB585D7250D7B4A804CB26
                        APIs
                        • _malloc.LIBCMT ref: 00435278
                          • Part of subcall function 004138BA: __FF_MSGBANNER.LIBCMT ref: 004138DD
                          • Part of subcall function 004138BA: __NMSG_WRITE.LIBCMT ref: 004138E4
                          • Part of subcall function 004138BA: RtlAllocateHeap.NTDLL(00000000,0041172A,?,?,?,?,00411739,?,00401C0B), ref: 00413931
                        • _malloc.LIBCMT ref: 00435288
                        • _malloc.LIBCMT ref: 00435298
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: _malloc$AllocateHeap
                        • String ID:
                        • API String ID: 680241177-0
                        • Opcode ID: d11b1792ef3d24f06ef5636d78d46cf58a843b0d423fa777cd48d8e801ebef30
                        • Instruction ID: 30b75876ff52ae1c35022de4a6700901ba1db26c97f4d16f7fcf584af9a5a73f
                        • Opcode Fuzzy Hash: d11b1792ef3d24f06ef5636d78d46cf58a843b0d423fa777cd48d8e801ebef30
                        • Instruction Fuzzy Hash: E5F0A0B1500F0046E660AB3198457C7A2E09B14307F00186FB6855618ADA7C69C4CEAC
                        APIs
                        • _wcslen.LIBCMT ref: 00401B71
                          • Part of subcall function 0041171A: _malloc.LIBCMT ref: 00411734
                          • Part of subcall function 0041171A: std::bad_alloc::bad_alloc.LIBCMT ref: 00411757
                          • Part of subcall function 0041171A: std::bad_exception::bad_exception.LIBCMT ref: 0041176B
                          • Part of subcall function 0041171A: __CxxThrowException@8.LIBCMT ref: 00411779
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: Exception@8Throw_malloc_wcslenstd::bad_alloc::bad_allocstd::bad_exception::bad_exception
                        • String ID: @EXITCODE
                        • API String ID: 580348202-3436989551
                        • Opcode ID: 48d001a4b96ee351bc7679959485890c1c6d832d60c6cde5ea273d4c8ab31dfe
                        • Instruction ID: 288ad252d7dad0c090ff8240dee62855692e698d70424b42c0a66861a7771545
                        • Opcode Fuzzy Hash: 48d001a4b96ee351bc7679959485890c1c6d832d60c6cde5ea273d4c8ab31dfe
                        • Instruction Fuzzy Hash: 73F06DF2A002025BD7649B35DC0276776E4AB44704F18C83EE14AC7791F6BDE8829B15
                        APIs
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: ClearVariant
                        • String ID:
                        • API String ID: 1473721057-0
                        • Opcode ID: e8abe42c1057cb3860218bb04af0a307767d699fcca626a70098e271a71bf477
                        • Instruction ID: 1f11e118333250ff1b1cce483c812f274274124743f71e781b8a547d9d3e43da
                        • Opcode Fuzzy Hash: e8abe42c1057cb3860218bb04af0a307767d699fcca626a70098e271a71bf477
                        • Instruction Fuzzy Hash: 35917E706042009FC714DF55D890A6AB7E5EF89318F14896FF849AB392D738EE41CB9E
                        APIs
                        • CreateFileW.KERNELBASE(?,80000000,00000001,00000000,00000003,00000080,00000000,?,0040DFD2,?,00000001,00403843,?), ref: 0040F00A
                        • CreateFileW.KERNEL32(?,C0000000,00000003,00000000,00000004,00000080,00000000,?,0040DFD2,?,00000001,00403843,?), ref: 004299D9
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: CreateFile
                        • String ID:
                        • API String ID: 823142352-0
                        • Opcode ID: 7605a8ea73ac57d11bec7dd1d6207c313580f8ed20fa142c5c15d61e0266fbc2
                        • Instruction ID: 855a981e3d87b0586b227f36a287a9e63fe5cd358b5bfab8de368ff291d46a89
                        • Opcode Fuzzy Hash: 7605a8ea73ac57d11bec7dd1d6207c313580f8ed20fa142c5c15d61e0266fbc2
                        • Instruction Fuzzy Hash: 67011D703803107AF2311F28AD5BF5632546B44B24F244B39FBD5BE2E2D2F86885970C
                        APIs
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: __lock_file_memset
                        • String ID:
                        • API String ID: 26237723-0
                        • Opcode ID: c74911371e76cb9dc4786cfdbe28690debad29cef5acae8c4501fea9e7903076
                        • Instruction ID: c8a12bf2a45d0ac11074f8cac28b928f9e20b60047ac9024d749846706a082ab
                        • Opcode Fuzzy Hash: c74911371e76cb9dc4786cfdbe28690debad29cef5acae8c4501fea9e7903076
                        • Instruction Fuzzy Hash: 32012971C00609FBCF22AF65DC029DF3B31AF44714F04815BF82416261D7798AA2DF99
                        APIs
                          • Part of subcall function 00417F23: __getptd_noexit.LIBCMT ref: 00417F23
                          • Part of subcall function 00417EBB: __decode_pointer.LIBCMT ref: 00417EC6
                        • __lock_file.LIBCMT ref: 00414EE4
                          • Part of subcall function 00415965: __lock.LIBCMT ref: 0041598A
                        • __fclose_nolock.LIBCMT ref: 00414EEE
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: __decode_pointer__fclose_nolock__getptd_noexit__lock__lock_file
                        • String ID:
                        • API String ID: 717694121-0
                        • Opcode ID: 6051778e024176e7de16a1974b8d1b3b80c3b8a23747dfcb666cdf4e7799d8f6
                        • Instruction ID: 225a509e04b880138f2478077c57af59103cae2c072c29012e7845c0956b1514
                        • Opcode Fuzzy Hash: 6051778e024176e7de16a1974b8d1b3b80c3b8a23747dfcb666cdf4e7799d8f6
                        • Instruction Fuzzy Hash: DEF06270D0470499C721BB6A9802ADE7AB0AFC1338F21864FE479A72D1C77C46C29F5D
                        APIs
                        • TranslateMessage.USER32(?), ref: 004098F6
                        • DispatchMessageW.USER32(?), ref: 00409901
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: Message$DispatchTranslate
                        • String ID:
                        • API String ID: 1706434739-0
                        • Opcode ID: 743ba5b075e4e96b6aa8f27e888cbbcb244a1ef3297f43ff84cf2107d4412f6a
                        • Instruction ID: 6b3a2aeb923af73eb4cdb1bab797699f2cf27729a5018e8568c19fb4e3feaf67
                        • Opcode Fuzzy Hash: 743ba5b075e4e96b6aa8f27e888cbbcb244a1ef3297f43ff84cf2107d4412f6a
                        • Instruction Fuzzy Hash: D4F05471114301AEDA24DBE58D41B5BB3A8AFD8700F408C2EBA51E61C1FBF8E404C76A
                        APIs
                        • TranslateMessage.USER32(?), ref: 004098F6
                        • DispatchMessageW.USER32(?), ref: 00409901
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: Message$DispatchTranslate
                        • String ID:
                        • API String ID: 1706434739-0
                        • Opcode ID: fb629fc6ca96518639a0c0a81923e3da878f7f29ff55e6bd70df59113b88f2fd
                        • Instruction ID: cc4909b6a78c34842ee59a7900970f574117f06624f4f9c7373c79b1fb9dfc76
                        • Opcode Fuzzy Hash: fb629fc6ca96518639a0c0a81923e3da878f7f29ff55e6bd70df59113b88f2fd
                        • Instruction Fuzzy Hash: DDF054B1114301AADA14DBE58D41B5BB3A4AF94740F408C2EBA11E52C1EBFCD504C71A
                        APIs
                        • CreateProcessW.KERNELBASE(?,00000000), ref: 03F12AD5
                        • Wow64GetThreadContext.KERNEL32(?,00010007), ref: 03F12AF9
                        • ReadProcessMemory.KERNELBASE(?,?,?,00000004,00000000), ref: 03F12B1B
                        Memory Dump Source
                        • Source File: 00000000.00000002.2264943382.0000000003F11000.00000040.00000020.00020000.00000000.sdmp, Offset: 03F11000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_3f11000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: Process$ContextCreateMemoryReadThreadWow64
                        • String ID:
                        • API String ID: 2438371351-0
                        • Opcode ID: 1e5ff81ed8f871418fabb2f1fb9f15c50bab29dc79b391b745a61db8bf218849
                        • Instruction ID: 2376d8b63657db98b2af68c063ee25f6b343f725165a2fb4902fe87be2392fb2
                        • Opcode Fuzzy Hash: 1e5ff81ed8f871418fabb2f1fb9f15c50bab29dc79b391b745a61db8bf218849
                        • Instruction Fuzzy Hash: 6012DC24E24658C6EB24DF64D8507DEB232FF68300F1094E9910DEB7A4E77A4E91CF5A
                        APIs
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: ProtectVirtual
                        • String ID:
                        • API String ID: 544645111-0
                        • Opcode ID: 160be14eaa7db79452b6aeb530136e2f2731e3e0b6e758b09a27e7bca35b483d
                        • Instruction ID: fb1d736feddc8336b94c661b4f3a99b04f66f7614ca83ae43ac4a02a862e88ab
                        • Opcode Fuzzy Hash: 160be14eaa7db79452b6aeb530136e2f2731e3e0b6e758b09a27e7bca35b483d
                        • Instruction Fuzzy Hash: 1331D574A00105DFC718DF99E490AAAFBA6FB49304B2486A6E409CB751D774EDC1CBC5
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: a12857963b59ba27d86be744ec8e6ce9272b51880a9e98fb69d1fc4369ccfb77
                        • Instruction ID: 573dba848690e0cdfd4c9be45b5663ff9194aa529e9341154cf92adfcd841cf8
                        • Opcode Fuzzy Hash: a12857963b59ba27d86be744ec8e6ce9272b51880a9e98fb69d1fc4369ccfb77
                        • Instruction Fuzzy Hash: 5E11C374200200ABC7249FAAD8D5F2A73A5AF45304B244C6FE845E7392D73CEC81EB5E
                        APIs
                        • DefWindowProcW.USER32(?,?,?,?), ref: 00401123
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: ProcWindow
                        • String ID:
                        • API String ID: 181713994-0
                        • Opcode ID: 2bcff8431ba1ff294e2b1c33dceaa93ee25f984dfbecb3b506615433fd530346
                        • Instruction ID: 72bdf1ad184d721e15e17473fba0dc1faec6c1a9a9d1f3fcb71c15abd8c9f185
                        • Opcode Fuzzy Hash: 2bcff8431ba1ff294e2b1c33dceaa93ee25f984dfbecb3b506615433fd530346
                        • Instruction Fuzzy Hash: FDF05436700118A7DF38995CE89ACFF632AD7ED350F418227FD152B3A6813C5C41966E
                        APIs
                        • HeapCreate.KERNELBASE(00000000,00001000,00000000), ref: 0041AA46
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: CreateHeap
                        • String ID:
                        • API String ID: 10892065-0
                        • Opcode ID: 715419928b85d2867e9ba06f33a68846dd0d9c70f7b25bc38942ce62b1fa172d
                        • Instruction ID: 99ddfbee892492b32903703907324a593b21f4d4a70cf9c354be63060b8faba1
                        • Opcode Fuzzy Hash: 715419928b85d2867e9ba06f33a68846dd0d9c70f7b25bc38942ce62b1fa172d
                        • Instruction Fuzzy Hash: 56D05E325543449EDF009F71AC087663FDCE788395F008836BC1CC6150E778C950CA08
                        APIs
                          • Part of subcall function 00444326: SetFilePointerEx.KERNEL32(00000000,00000001,00000000,00000000,00000001,?,?,0044434E,?,?,00429A83,?,00487174,00000003,0040DFEE,?), ref: 004442F3
                        • WriteFile.KERNELBASE(?,?,00000001,?,00000000,?,?,00429A83,?,00487174,00000003,0040DFEE,?,?,00000001,00403843), ref: 00444362
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: File$PointerWrite
                        • String ID:
                        • API String ID: 539440098-0
                        • Opcode ID: 35769b91a3a7bdb08b20991cec1574ff36ffa6c1adc4d20a0c17b9033c9b0ad0
                        • Instruction ID: 4a339a6eb5dfef6003722c1615037f540bc53d76d7f4c43935d02bdd90bbdfc9
                        • Opcode Fuzzy Hash: 35769b91a3a7bdb08b20991cec1574ff36ffa6c1adc4d20a0c17b9033c9b0ad0
                        • Instruction Fuzzy Hash: 7CE09275104311AFD250DF54D944F9BB3F8AF88714F108D0EF59587241D7B4A9848BA6
                        APIs
                        • DefWindowProcW.USER32(?,?,?,?), ref: 00401123
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: ProcWindow
                        • String ID:
                        • API String ID: 181713994-0
                        • Opcode ID: 837c1f5b160989e4bc04331483680d437582dbd9ffcfcea34caefcb6c1da81af
                        • Instruction ID: 4c36cba44089d0e03573cc5e8dee84df23505be31ebc2729507753268ee0d302
                        • Opcode Fuzzy Hash: 837c1f5b160989e4bc04331483680d437582dbd9ffcfcea34caefcb6c1da81af
                        • Instruction Fuzzy Hash: C3C08C72100008BB8700DE04EC44CFBB72CEBD8310700C20BBC0586201C230885097A1
                        APIs
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: __wfsopen
                        • String ID:
                        • API String ID: 197181222-0
                        • Opcode ID: d1a4d26266dcb7911ef956bf4afcad96e19892d5a9e8770749e386b2bd63db79
                        • Instruction ID: 6225ca515e7db1e5d7746fb8cf1e0ad45b41b4d1817cc5a1d8a93eb941133566
                        • Opcode Fuzzy Hash: d1a4d26266dcb7911ef956bf4afcad96e19892d5a9e8770749e386b2bd63db79
                        • Instruction Fuzzy Hash: EDC09B7644010C77CF122943FC02E453F1997C0764F044011FB1C1D561D577D5619589
                        APIs
                        • CloseHandle.KERNELBASE(00000000,?,0040DF8E), ref: 0040D91D
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: CloseHandle
                        • String ID:
                        • API String ID: 2962429428-0
                        • Opcode ID: b0db0cc9728059d6acb69f925b284233246e7185417bf28957a0aabd78f307cc
                        • Instruction ID: 397672216df932ca6c22f29d52987cd2165f63c791f69eb8015935d900cfb6d9
                        • Opcode Fuzzy Hash: b0db0cc9728059d6acb69f925b284233246e7185417bf28957a0aabd78f307cc
                        • Instruction Fuzzy Hash: 16E0DEB5900B019EC7318F6AE544416FBF8AEE46213248E2FD4E6D2A64D3B4A5898F54
                        APIs
                        • Sleep.KERNELBASE(000001F4), ref: 03F132B9
                        Memory Dump Source
                        • Source File: 00000000.00000002.2264943382.0000000003F11000.00000040.00000020.00020000.00000000.sdmp, Offset: 03F11000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_3f11000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: Sleep
                        • String ID:
                        • API String ID: 3472027048-0
                        • Opcode ID: 368835ae2f5fba710e6c01549c2017e46dd928bc4d187f44ede00cceab054826
                        • Instruction ID: c1dc5b8bb83e8d89aaf4c251115e10a807d6d4ce9216b37b009e8ef46f8d4d7c
                        • Opcode Fuzzy Hash: 368835ae2f5fba710e6c01549c2017e46dd928bc4d187f44ede00cceab054826
                        • Instruction Fuzzy Hash: 76E0E67494010DDFDB00EFB8D5496DDBBB4EF04301F1001A1FD01E2280DA309D608A72
                        APIs
                        • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 0047C158
                        • DefDlgProcW.USER32(?,0000004E,?,?,004A83D8,?,004A83D8,?), ref: 0047C173
                        • GetKeyState.USER32(00000011), ref: 0047C1A4
                        • GetKeyState.USER32(00000009), ref: 0047C1AD
                        • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 0047C1C0
                        • GetKeyState.USER32(00000010), ref: 0047C1CA
                        • GetWindowLongW.USER32(00000002,000000F0), ref: 0047C1DE
                        • SendMessageW.USER32(00000002,0000110A,00000009,00000000), ref: 0047C20A
                        • SendMessageW.USER32(00000002,0000113E,00000000,?), ref: 0047C22D
                        • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 0047C2D6
                        • SendMessageW.USER32 ref: 0047C2FB
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: MessageSend$State$LongProcWindow
                        • String ID: @GUI_DRAGID$F
                        • API String ID: 1562745308-4164748364
                        • Opcode ID: dcc01cbd87ddd492c2c278cbacd50e58f25e8ccd866e9ebab9dee97b514268e5
                        • Instruction ID: f40edf6d5039c675f00343e7880f865f139be9e64e9b8d530a61de5f06f6045f
                        • Opcode Fuzzy Hash: dcc01cbd87ddd492c2c278cbacd50e58f25e8ccd866e9ebab9dee97b514268e5
                        • Instruction Fuzzy Hash: C6429F702042019FD714CF54C884FAB77A5EB89B04F548A6EFA48AB291DBB4EC45CB5A
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID:
                        • String ID: PF$'|G$*"D$*vG$+%F$0wE$2G$5CG$7eF$<HF$<G$ApG$DvE$GSG$IqE$K@G$LbF$MdF$NgF$PIF$YtG$^[F$_?G$b"D$i}G$j)F$kQG$lE$rTG$vjE$}eE$*F$3G$_G$wG
                        • API String ID: 0-3772701627
                        • Opcode ID: bb854585b2a8d25cf70b859c951904b6599901827447d171664d6ae6ba41e592
                        • Instruction ID: b1e67458769bbea4a86cd8903524db5b6e79558e2e7ab8c51025fc7bd56032a7
                        • Opcode Fuzzy Hash: bb854585b2a8d25cf70b859c951904b6599901827447d171664d6ae6ba41e592
                        • Instruction Fuzzy Hash: 118366F1905B409FC351DFAAF984605BAE1F3AA3157A2857FC5088B731D7B8194A8F4C
                        APIs
                        • GetForegroundWindow.USER32(00000000,?,?,004448AF,?), ref: 004375B3
                        • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 004375D8
                        • IsIconic.USER32(?), ref: 004375E1
                        • ShowWindow.USER32(?,00000009,?,?,004448AF,?), ref: 004375EE
                        • SetForegroundWindow.USER32(?), ref: 004375FD
                        • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 00437615
                        • GetCurrentThreadId.KERNEL32 ref: 00437619
                        • GetWindowThreadProcessId.USER32(?,00000000), ref: 00437624
                        • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,004448AF,?), ref: 00437632
                        • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,004448AF,?), ref: 00437638
                        • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,004448AF,?), ref: 0043763E
                        • SetForegroundWindow.USER32(?), ref: 00437645
                        • MapVirtualKeyW.USER32(00000012,00000000), ref: 00437654
                        • keybd_event.USER32(00000012,00000000), ref: 0043765D
                        • MapVirtualKeyW.USER32(00000012,00000000), ref: 0043766B
                        • keybd_event.USER32(00000012,00000000), ref: 00437674
                        • MapVirtualKeyW.USER32(00000012,00000000), ref: 00437682
                        • keybd_event.USER32(00000012,00000000), ref: 0043768B
                        • MapVirtualKeyW.USER32(00000012,00000000), ref: 00437699
                        • keybd_event.USER32(00000012,00000000), ref: 004376A2
                        • SetForegroundWindow.USER32(?), ref: 004376AD
                        • AttachThreadInput.USER32(00000000,00000000,00000000,?,?,004448AF), ref: 004376CD
                        • AttachThreadInput.USER32(00000000,00000000,00000000,?,?,004448AF), ref: 004376D3
                        • AttachThreadInput.USER32(00000000,00000000,00000000,?,?,004448AF), ref: 004376D9
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: Thread$Window$AttachInput$ForegroundVirtualkeybd_event$Process$CurrentFindIconicShow
                        • String ID: Shell_TrayWnd
                        • API String ID: 3778422247-2988720461
                        • Opcode ID: ec12ba9e870cc2e5dd85ad52799cb15a6745d125a488419c4f0ebb71fc1ee38e
                        • Instruction ID: 6108fbe056c1a000d5481f33e03d330ccc862392245923d3170deea12ea07584
                        • Opcode Fuzzy Hash: ec12ba9e870cc2e5dd85ad52799cb15a6745d125a488419c4f0ebb71fc1ee38e
                        • Instruction Fuzzy Hash: AC31A4712803157FE6245BA59D0EF7F3F9CEB48B51F10082EFA02EA1D1DAE458009B79
                        APIs
                        • _memset.LIBCMT ref: 0044621B
                        • DuplicateTokenEx.ADVAPI32(?,00000000,00000000,00000002,00000001,?,?,?,?,?,?,?,?,?,?,?), ref: 00446277
                        • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0044628A
                        • OpenWindowStationW.USER32(winsta0,00000000,00060000), ref: 004462A4
                        • GetProcessWindowStation.USER32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 004462BD
                        • SetProcessWindowStation.USER32(00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004462C8
                        • OpenDesktopW.USER32(default,00000000,00000000,00060081), ref: 004462E4
                        • _wcslen.LIBCMT ref: 0044639E
                          • Part of subcall function 0041171A: _malloc.LIBCMT ref: 00411734
                        • _wcsncpy.LIBCMT ref: 004463C7
                        • LoadUserProfileW.USERENV(?,00000000,00000000,?,?,00000000,?,?,?,?), ref: 004463E7
                        • CreateEnvironmentBlock.USERENV(?,?,00000000,00000000,?,?,00000000,?,?,?,?), ref: 00446408
                        • CreateProcessAsUserW.ADVAPI32(?,00000000,00000000,00000000,00000000,?,?,?,?,?,?,00000000,?,?,00000000,?), ref: 00446446
                        • UnloadUserProfile.USERENV(?,?,?,?,?,?,?), ref: 00446483
                        • CloseWindowStation.USER32(00000000,?,?,?,?), ref: 00446497
                        • CloseDesktop.USER32(00000000,?,?,?,?), ref: 0044649E
                        • SetProcessWindowStation.USER32(?,?,?,?,?), ref: 004464A9
                        • CloseHandle.KERNEL32(?,?,?,?,?), ref: 004464B4
                        • DestroyEnvironmentBlock.USERENV(?,?,?,?,?,?), ref: 004464C8
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: StationWindow$CloseProcess$User$BlockCreateDesktopEnvironmentHandleOpenProfile$DestroyDuplicateLoadTokenUnload_malloc_memset_wcslen_wcsncpy
                        • String ID: $default$winsta0
                        • API String ID: 2173856841-1027155976
                        • Opcode ID: 8783c105518f9fa52f5c80a6299cf7ec7b6e28c011eada52347f54b488ad9e21
                        • Instruction ID: eafd5d154f9bcf2590b8f8eb1e0f3d39b01f77f2fd200ee1cb9c7344d9c52646
                        • Opcode Fuzzy Hash: 8783c105518f9fa52f5c80a6299cf7ec7b6e28c011eada52347f54b488ad9e21
                        • Instruction Fuzzy Hash: DD819170208341AFE724DF65C848B6FBBE8AF89744F04491DF69097291DBB8D805CB6B
                        APIs
                          • Part of subcall function 0040FFB0: GetFullPathNameW.KERNEL32(00000000,00000104,C:\Users\user\Desktop\Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exe,?,C:\Users\user\Desktop\Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exe,004A8E80,C:\Users\user\Desktop\Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exe,0040F3D2), ref: 0040FFCA
                          • Part of subcall function 00436A1D: __wsplitpath.LIBCMT ref: 00436A45
                          • Part of subcall function 00436A1D: __wsplitpath.LIBCMT ref: 00436A6C
                          • Part of subcall function 00436A1D: __wcsicoll.LIBCMT ref: 00436A93
                          • Part of subcall function 00436AC4: GetFileAttributesW.KERNEL32(?,0044BD82,?,?,?), ref: 00436AC9
                        • _wcscat.LIBCMT ref: 0044BD96
                        • _wcscat.LIBCMT ref: 0044BDBF
                        • __wsplitpath.LIBCMT ref: 0044BDEC
                        • FindFirstFileW.KERNEL32(?,?), ref: 0044BE04
                        • _wcscpy.LIBCMT ref: 0044BE73
                        • _wcscat.LIBCMT ref: 0044BE85
                        • _wcscat.LIBCMT ref: 0044BE97
                        • lstrcmpiW.KERNEL32(?,?), ref: 0044BEC3
                        • DeleteFileW.KERNEL32(?), ref: 0044BED5
                        • MoveFileW.KERNEL32(?,?), ref: 0044BEF5
                        • CopyFileW.KERNEL32(?,?,00000000), ref: 0044BF0C
                        • DeleteFileW.KERNEL32(?), ref: 0044BF17
                        • CopyFileW.KERNEL32(?,?,00000000), ref: 0044BF2E
                        • FindClose.KERNEL32(00000000), ref: 0044BF35
                        • MoveFileW.KERNEL32(?,?), ref: 0044BF51
                        • FindNextFileW.KERNEL32(00000000,00000010), ref: 0044BF66
                        • FindClose.KERNEL32(00000000), ref: 0044BF7E
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: File$Find_wcscat$__wsplitpath$CloseCopyDeleteMove$AttributesFirstFullNameNextPath__wcsicoll_wcscpylstrcmpi
                        • String ID: \*.*
                        • API String ID: 2188072990-1173974218
                        • Opcode ID: 37b83e77465c63a9a0fc5a2f65b261a2e9867c78515d1bc57cb11e6e3b171851
                        • Instruction ID: 14f7055b3521afb04026f42b490306401b0ba37f80ed0ea0ca267746d8cc4687
                        • Opcode Fuzzy Hash: 37b83e77465c63a9a0fc5a2f65b261a2e9867c78515d1bc57cb11e6e3b171851
                        • Instruction Fuzzy Hash: CA5166B2008344AAD720DBA4DC44FDF73E8AB85314F448D1EF68982141EB79D64CCBAA
                        APIs
                        • GetFullPathNameW.KERNEL32(?,00000104,?,?), ref: 00434D75
                        • __swprintf.LIBCMT ref: 00434D91
                        • _wcslen.LIBCMT ref: 00434D9B
                        • _wcslen.LIBCMT ref: 00434DB0
                        • _wcslen.LIBCMT ref: 00434DC5
                        • CreateDirectoryW.KERNEL32(?,00000000), ref: 00434DD7
                        • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000003,02200000,00000000), ref: 00434E0A
                        • _memset.LIBCMT ref: 00434E27
                        • _wcslen.LIBCMT ref: 00434E3C
                        • _wcsncpy.LIBCMT ref: 00434E6F
                        • DeviceIoControl.KERNEL32(00000000,000900A4,?,?,00000000,00000000,?,00000000), ref: 00434EA9
                        • CloseHandle.KERNEL32(00000000), ref: 00434EB4
                        • RemoveDirectoryW.KERNEL32(?), ref: 00434EBB
                        • CloseHandle.KERNEL32(00000000), ref: 00434ECE
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: _wcslen$CloseCreateDirectoryHandle$ControlDeviceFileFullNamePathRemove__swprintf_memset_wcsncpy
                        • String ID: :$\$\??\%s
                        • API String ID: 302090198-3457252023
                        • Opcode ID: 1623bec2b974bb3ee5261838648fb58b2a9d6db5aa255760d49714c370e47f4e
                        • Instruction ID: 730b2dca1b6b09bd6b76555d3316dee95f4818bcffb97f26f8f03165767cfd2f
                        • Opcode Fuzzy Hash: 1623bec2b974bb3ee5261838648fb58b2a9d6db5aa255760d49714c370e47f4e
                        • Instruction Fuzzy Hash: 30416676604340ABE330EB64DC49FEF73E8AFD8714F00891EF649921D1E7B4A645876A
                        APIs
                          • Part of subcall function 00444233: _wcslen.LIBCMT ref: 0044424E
                        • OpenProcess.KERNEL32(00000001,00000000,?), ref: 0046449E
                        • GetLastError.KERNEL32 ref: 004644B4
                        • GetCurrentThread.KERNEL32 ref: 004644C8
                        • OpenThreadToken.ADVAPI32(00000000), ref: 004644CF
                        • GetCurrentProcess.KERNEL32(00000028,?), ref: 004644E0
                        • OpenProcessToken.ADVAPI32(00000000), ref: 004644E7
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: OpenProcess$CurrentThreadToken$ErrorLast_wcslen
                        • String ID: SeDebugPrivilege
                        • API String ID: 1312810259-2896544425
                        • Opcode ID: bb2abcbadcb50e0008f3b1fe3e217bfa736f6ade076d8095da49bf04f95d98f8
                        • Instruction ID: c3f5e6af55eb0da9fa74db60d4f5a84adac3a89a74612fbe59a223ef38337450
                        • Opcode Fuzzy Hash: bb2abcbadcb50e0008f3b1fe3e217bfa736f6ade076d8095da49bf04f95d98f8
                        • Instruction Fuzzy Hash: 0E51A171200201AFD710DF65DD85F5BB7A8AB84704F10892EFB44DB2C1D7B8E844CBAA
                        APIs
                        • GetCurrentDirectoryW.KERNEL32(00000104,?,00000001,?,00000000), ref: 0040D6E5
                          • Part of subcall function 00401F80: GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exe,00000104,?,?,?,?,00000000), ref: 00401FAD
                          • Part of subcall function 00401F80: __wcsicoll.LIBCMT ref: 00402078
                          • Part of subcall function 00401F80: __wcsicoll.LIBCMT ref: 0040208E
                          • Part of subcall function 00401F80: __wcsicoll.LIBCMT ref: 004020A4
                          • Part of subcall function 00401F80: __wcsicoll.LIBCMT ref: 004020BA
                          • Part of subcall function 00401F80: _wcscpy.LIBCMT ref: 004020EF
                        • IsDebuggerPresent.KERNEL32(?), ref: 0040D6F1
                        • GetFullPathNameW.KERNEL32(C:\Users\user\Desktop\Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exe,00000104,?,004A7CF8,004A7CFC), ref: 0040D763
                          • Part of subcall function 00401440: GetFullPathNameW.KERNEL32(?,00000104,?,00000000), ref: 00401483
                        • SetCurrentDirectoryW.KERNEL32(?,00000001,C:\Users\user\Desktop\Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exe,00000004), ref: 0040D7D6
                        • MessageBoxA.USER32(00000000,This is a compiled AutoIt script. AV researchers please email avsupport@autoitscript.com for support.,004846D6,00000010), ref: 00431AAB
                        • SetCurrentDirectoryW.KERNEL32(?,C:\Users\user\Desktop\Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exe,00000004), ref: 00431B0E
                        • GetModuleFileNameW.KERNEL32(00000000,?,00000104,C:\Users\user\Desktop\Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exe,00000004), ref: 00431B3F
                        • GetForegroundWindow.USER32(runas,?,?,?,00000001), ref: 00431B8B
                        • ShellExecuteW.SHELL32(00000000), ref: 00431B92
                          • Part of subcall function 004101F0: GetSysColorBrush.USER32(0000000F), ref: 004101F9
                          • Part of subcall function 004101F0: LoadCursorW.USER32(00000000,00007F00), ref: 00410209
                          • Part of subcall function 004101F0: LoadIconW.USER32(?,00000063), ref: 0041021F
                          • Part of subcall function 004101F0: LoadIconW.USER32(?,000000A4), ref: 00410232
                          • Part of subcall function 004101F0: LoadIconW.USER32(?,000000A2), ref: 00410245
                          • Part of subcall function 004101F0: LoadImageW.USER32(?,00000063,00000001,00000010,00000010,00000000), ref: 0041026A
                          • Part of subcall function 004101F0: RegisterClassExW.USER32 ref: 004102C6
                          • Part of subcall function 004103E0: CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,?,00000000), ref: 00410415
                          • Part of subcall function 004103E0: CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,?,00000000), ref: 0041043E
                          • Part of subcall function 004103E0: ShowWindow.USER32(?,00000000), ref: 00410454
                          • Part of subcall function 004103E0: ShowWindow.USER32(?,00000000), ref: 0041045E
                          • Part of subcall function 0040E1E0: _memset.LIBCMT ref: 0040E202
                          • Part of subcall function 0040E1E0: Shell_NotifyIconW.SHELL32(00000000,?), ref: 0040E2C7
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: LoadWindow$IconName__wcsicoll$CurrentDirectory$CreateFileFullModulePathShow$BrushClassColorCursorDebuggerExecuteForegroundImageMessageNotifyPresentRegisterShellShell__memset_wcscpy
                        • String ID: @GH$@GH$C:\Users\user\Desktop\Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exe$This is a compiled AutoIt script. AV researchers please email avsupport@autoitscript.com for support.$runas
                        • API String ID: 2493088469-2037364478
                        • Opcode ID: 69cfb0be49d24e5250ef6e64c59b5ea2b0a961f7c54b5140d3e7fdea8d41d4c7
                        • Instruction ID: f6e0ab4c143dd9a1f797559286fb6c41f0380d60009eb7dc722615656bf0e84e
                        • Opcode Fuzzy Hash: 69cfb0be49d24e5250ef6e64c59b5ea2b0a961f7c54b5140d3e7fdea8d41d4c7
                        • Instruction Fuzzy Hash: 0341F731618341ABD320F7A19C49BAF3BA4AB96704F04493FF941672D1DBBC9949C72E
                        APIs
                          • Part of subcall function 00401B70: _wcslen.LIBCMT ref: 00401B71
                        • GetCurrentDirectoryW.KERNEL32(00000104,?,?), ref: 00403871
                        • GetFullPathNameW.KERNEL32(?,00000104,?,?), ref: 00403887
                        • __wsplitpath.LIBCMT ref: 004038B2
                          • Part of subcall function 00413DB0: __wsplitpath_helper.LIBCMT ref: 00413DF2
                        • _wcscpy.LIBCMT ref: 004038C7
                        • _wcscat.LIBCMT ref: 004038DC
                        • SetCurrentDirectoryW.KERNEL32(?), ref: 004038EC
                          • Part of subcall function 0041171A: _malloc.LIBCMT ref: 00411734
                          • Part of subcall function 0041171A: std::bad_alloc::bad_alloc.LIBCMT ref: 00411757
                          • Part of subcall function 0041171A: std::bad_exception::bad_exception.LIBCMT ref: 0041176B
                          • Part of subcall function 0041171A: __CxxThrowException@8.LIBCMT ref: 00411779
                          • Part of subcall function 00403F40: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,00000000,?,?,0040397D,?,?,00000010), ref: 00403F54
                          • Part of subcall function 00403F40: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,00000000,00000000,?,00000010), ref: 00403F8B
                        • _wcscpy.LIBCMT ref: 004039C2
                        • _wcslen.LIBCMT ref: 00403A53
                        • _wcslen.LIBCMT ref: 00403AAA
                        Strings
                        • #include depth exceeded. Make sure there are no recursive includes, xrefs: 0042B87B
                        • Error opening the file, xrefs: 0042B8AC
                        • _, xrefs: 00403B48
                        • Unterminated string, xrefs: 0042B9BA
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: _wcslen$ByteCharCurrentDirectoryMultiWide_wcscpy$Exception@8FullNamePathThrow__wsplitpath__wsplitpath_helper_malloc_wcscatstd::bad_alloc::bad_allocstd::bad_exception::bad_exception
                        • String ID: #include depth exceeded. Make sure there are no recursive includes$Error opening the file$Unterminated string$_
                        • API String ID: 4115725249-188983378
                        • Opcode ID: e410348e96554644cb024ebf95e8b2d2088fffc0e8404256067a24ee959a0054
                        • Instruction ID: dca64db042171ec5605b2d10b6a92a42a2076cc25022adee7b8115af8a15fc96
                        • Opcode Fuzzy Hash: e410348e96554644cb024ebf95e8b2d2088fffc0e8404256067a24ee959a0054
                        • Instruction Fuzzy Hash: 16D1D5B15083019AD710EF65C841AEB77E8AF95308F04492FF5C563292DB78DA49C7AB
                        APIs
                        • FindFirstFileW.KERNEL32(?,?), ref: 00434C12
                        • GetFileAttributesW.KERNEL32(?), ref: 00434C4F
                        • SetFileAttributesW.KERNEL32(?,?), ref: 00434C65
                        • FindNextFileW.KERNEL32(00000000,?), ref: 00434C77
                        • FindClose.KERNEL32(00000000), ref: 00434C88
                        • FindClose.KERNEL32(00000000), ref: 00434C9C
                        • FindFirstFileW.KERNEL32(*.*,?), ref: 00434CB7
                        • SetCurrentDirectoryW.KERNEL32(?), ref: 00434CFE
                        • SetCurrentDirectoryW.KERNEL32(0048A090), ref: 00434D22
                        • FindNextFileW.KERNEL32(00000000,00000010), ref: 00434D2A
                        • FindClose.KERNEL32(00000000), ref: 00434D35
                        • FindClose.KERNEL32(00000000), ref: 00434D43
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: Find$File$Close$AttributesCurrentDirectoryFirstNext
                        • String ID: *.*
                        • API String ID: 1409584000-438819550
                        • Opcode ID: 55a9fa3bdb603958be151e0ad833d8004315071fb05557dfda8e1c4e562a15c1
                        • Instruction ID: 399dbb17912f16e5170155dcc5475d9346bc7ba5aa4a4c8a0ea4d4714b2c7a66
                        • Opcode Fuzzy Hash: 55a9fa3bdb603958be151e0ad833d8004315071fb05557dfda8e1c4e562a15c1
                        • Instruction Fuzzy Hash: 4141D8726042086BD710EF64DC45AEFB3A8AAC9311F14592FFD54C3280EB79E915C7B9
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: Timetime$Sleep
                        • String ID: BUTTON
                        • API String ID: 4176159691-3405671355
                        • Opcode ID: c9fcf2e0d9fa6a0073e84c27d550d5c6e5d49d4b0adb2218bf3fff485548fdb5
                        • Instruction ID: 32c89cc89acb3c111fc3cc5f781edb0c57d51ec263d79eeef99f8852f1a29925
                        • Opcode Fuzzy Hash: c9fcf2e0d9fa6a0073e84c27d550d5c6e5d49d4b0adb2218bf3fff485548fdb5
                        • Instruction Fuzzy Hash: CB21B7723843016BE330DB74FD4DF5A7B94A7A5B51F244876F600E6290D7A5D442876C
                        APIs
                          • Part of subcall function 004392BC: GetUserObjectSecurity.USER32(?,?,?,00000000,?), ref: 004392DE
                          • Part of subcall function 004392BC: GetLastError.KERNEL32 ref: 004392E4
                          • Part of subcall function 004392BC: GetUserObjectSecurity.USER32(?,?,00000000,?,?), ref: 0043930B
                          • Part of subcall function 0043928B: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004392A5
                        • GetSecurityDescriptorDacl.ADVAPI32(?,00000004,?,?,?,?), ref: 00445E4B
                        • _memset.LIBCMT ref: 00445E61
                        • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00445E83
                        • GetLengthSid.ADVAPI32(?), ref: 00445E92
                        • GetAce.ADVAPI32(?,00000000,?,?,00000018), ref: 00445EDE
                        • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00445EFB
                        • GetLengthSid.ADVAPI32(?,?,00000018), ref: 00445F11
                        • GetLengthSid.ADVAPI32(?,00000008,?,?,00000000,?,00000000), ref: 00445F39
                        • CopySid.ADVAPI32(00000000,?,00000000,?,00000000), ref: 00445F40
                        • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?,?,00000000,?,00000000), ref: 00445F6E
                        • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000,?,00000000,?,00000000), ref: 00445F8B
                        • SetUserObjectSecurity.USER32(?,?,?), ref: 00445FA0
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: Security$DescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast_memset
                        • String ID:
                        • API String ID: 3490752873-0
                        • Opcode ID: b11fc48791dee11005ef1ac308328aec1e94b5ee495351b15ab77ecbbd68b2cc
                        • Instruction ID: 491154c1e478dcf6c9ac3cbca3c2c9e2645d4ee7bbdc2abf5fae4ada557f6fe4
                        • Opcode Fuzzy Hash: b11fc48791dee11005ef1ac308328aec1e94b5ee495351b15ab77ecbbd68b2cc
                        • Instruction Fuzzy Hash: 85519D71108301ABD610DF61CD84E6FB7E9AFC9B04F04491EFA869B242D778E909C76B
                        APIs
                        • OleInitialize.OLE32(00000000), ref: 0047AA03
                        • CLSIDFromProgID.OLE32(00000000,?), ref: 0047AA27
                        • CoCreateInstance.OLE32(?,00000000,00000005,004829C0,?), ref: 0047AAAA
                        • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000002,00000003,00000000,00000000,00000000), ref: 0047AB6B
                        • _memset.LIBCMT ref: 0047AB7C
                        • _wcslen.LIBCMT ref: 0047AC68
                        • _memset.LIBCMT ref: 0047ACCD
                        • CoCreateInstanceEx.OLE32 ref: 0047AD06
                        • CoSetProxyBlanket.OLE32(004829D0,?,?,?,?,?,?,00000800), ref: 0047AD53
                        Strings
                        • NULL Pointer assignment, xrefs: 0047AD84
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: CreateInitializeInstance_memset$BlanketFromProgProxySecurity_wcslen
                        • String ID: NULL Pointer assignment
                        • API String ID: 1588287285-2785691316
                        • Opcode ID: 40e9c8eb680feb4042e694522f3113d29542bf103086fe34e1494599e09369de
                        • Instruction ID: 16786b45dbc5194aa398acfc0f0ff3b91b98a178c64a073a91da7f4e0cb75f58
                        • Opcode Fuzzy Hash: 40e9c8eb680feb4042e694522f3113d29542bf103086fe34e1494599e09369de
                        • Instruction Fuzzy Hash: 54B10DB15083409FD320EF65C881B9FB7E8BBC8744F108E2EF58997291D7759948CB66
                        APIs
                        • GetCurrentProcess.KERNEL32(00000028,?), ref: 004364B9
                        • OpenProcessToken.ADVAPI32(00000000), ref: 004364C0
                        • LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 004364D6
                        • AdjustTokenPrivileges.ADVAPI32 ref: 004364FE
                        • GetLastError.KERNEL32 ref: 00436504
                        • ExitWindowsEx.USER32(?,00000000), ref: 00436527
                        • InitiateSystemShutdownExW.ADVAPI32(00000000,00000000,00000000,00000000,00000000,00000001), ref: 00436557
                        • SetSystemPowerState.KERNEL32(00000001,00000000), ref: 0043656A
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: ProcessSystemToken$AdjustCurrentErrorExitInitiateLastLookupOpenPowerPrivilegePrivilegesShutdownStateValueWindows
                        • String ID: SeShutdownPrivilege
                        • API String ID: 2938487562-3733053543
                        • Opcode ID: 9f228ad1da6a4c81f8cb5394189ecc1147849337ed66d96e43b1ced3868a671c
                        • Instruction ID: b625d7910520021a286729d09db348b3c4b0b131b75d5259d4bd29649b467962
                        • Opcode Fuzzy Hash: 9f228ad1da6a4c81f8cb5394189ecc1147849337ed66d96e43b1ced3868a671c
                        • Instruction Fuzzy Hash: E021D5B02803017FF7149B64DD4AF6B3398EB48B10F948829FE09852D2D6BDE844973D
                        APIs
                        • __swprintf.LIBCMT ref: 00436162
                        • __swprintf.LIBCMT ref: 00436176
                          • Part of subcall function 0041353A: __woutput_l.LIBCMT ref: 0041358F
                        • __wcsicoll.LIBCMT ref: 00436185
                        • FindResourceW.KERNEL32(?,?,0000000E), ref: 004361A6
                        • LoadResource.KERNEL32(?,00000000), ref: 004361AE
                        • LockResource.KERNEL32(00000000), ref: 004361B5
                        • FindResourceW.KERNEL32(?,?,00000003), ref: 004361DA
                        • LoadResource.KERNEL32(?,00000000), ref: 004361E4
                        • SizeofResource.KERNEL32(?,00000000), ref: 004361F0
                        • LockResource.KERNEL32(?), ref: 004361FD
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: Resource$FindLoadLock__swprintf$Sizeof__wcsicoll__woutput_l
                        • String ID:
                        • API String ID: 2406429042-0
                        • Opcode ID: c1b2c305ea449a9eaa2c50be24a6d356ee30b865a6e7eb3c9e4c44cc17d92184
                        • Instruction ID: 79d88324f8a28cdfdddc37bd7103cac5134eefaeeaedb246b69d205017f9fa0d
                        • Opcode Fuzzy Hash: c1b2c305ea449a9eaa2c50be24a6d356ee30b865a6e7eb3c9e4c44cc17d92184
                        • Instruction Fuzzy Hash: 82313432104210BFD700EF64ED88EAF77A9FB89304F00882BFA4196150E778D940CB68
                        APIs
                        • SetErrorMode.KERNEL32(00000001), ref: 0045D522
                        • GetDiskFreeSpaceW.KERNEL32(?,?,?,?,?,?), ref: 0045D593
                        • GetLastError.KERNEL32 ref: 0045D59D
                        • SetErrorMode.KERNEL32(?), ref: 0045D629
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: Error$Mode$DiskFreeLastSpace
                        • String ID: INVALID$NOTREADY$READONLY$READY$UNKNOWN
                        • API String ID: 4194297153-14809454
                        • Opcode ID: 49e0e17e9479d30b414134c7f78092e00673ae1a45d158f41d80208550ba4cb8
                        • Instruction ID: 49a1caac5541b587bc648ef7caa6256b54369420b38b3993b587487a6931f65b
                        • Opcode Fuzzy Hash: 49e0e17e9479d30b414134c7f78092e00673ae1a45d158f41d80208550ba4cb8
                        • Instruction Fuzzy Hash: BA31AD75A083009FC310EF55D98090BB7E1AF89315F448D6FF94997362D778E9068B6A
                        APIs
                        • MkParseDisplayName.OLE32(?,00000000,?,?), ref: 0047AF0F
                          • Part of subcall function 004781AE: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00000001,00000000,NULL Pointer assignment,00000001), ref: 00478201
                          • Part of subcall function 004781AE: VariantCopy.OLEAUT32(?,?), ref: 00478259
                          • Part of subcall function 004781AE: VariantCopy.OLEAUT32(-00000058,?), ref: 00478270
                          • Part of subcall function 004781AE: VariantCopy.OLEAUT32(-00000078,?), ref: 00478287
                        • OleInitialize.OLE32(00000000), ref: 0047AE06
                          • Part of subcall function 0040FFF0: _wcslen.LIBCMT ref: 0040FFF2
                          • Part of subcall function 0040FFF0: _wcscpy.LIBCMT ref: 00410012
                        • _wcslen.LIBCMT ref: 0047AE18
                        • CreateBindCtx.OLE32(00000000,?), ref: 0047AEC2
                        • CLSIDFromProgID.OLE32(00000000,?,?), ref: 0047AFCC
                        • GetActiveObject.OLEAUT32(?,00000000,?), ref: 0047AFF9
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: CopyVariant$_wcslen$ActiveBindCreateDisplayErrorFromInitializeLastNameObjectParseProg_wcscpy
                        • String ID: HH
                        • API String ID: 1915432386-2761332787
                        • Opcode ID: e5cc958d5f324366fbee3d2ecbe33304f19c15b46d8e68c756c5eb73bbadfcb0
                        • Instruction ID: 7e3b4e38c6064d991530b19baaff212313fd3e9d55f264e0ba959e8ba912c45c
                        • Opcode Fuzzy Hash: e5cc958d5f324366fbee3d2ecbe33304f19c15b46d8e68c756c5eb73bbadfcb0
                        • Instruction Fuzzy Hash: 6C915C71604301ABD710EB65CC85F9BB3E8AFC8714F10892EF64597291EB78E909CB5A
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID:
                        • String ID: DEFINE$`$h$h
                        • API String ID: 0-4194577831
                        • Opcode ID: 924177e0c3576f85a96b78a37b3c3cedf46843da4e7c3acb3e3d7f55582469aa
                        • Instruction ID: b1cbab3e2140d6a963e4b85c5b61650905c2e88cbb7a9c7ccaf19de07e543520
                        • Opcode Fuzzy Hash: 924177e0c3576f85a96b78a37b3c3cedf46843da4e7c3acb3e3d7f55582469aa
                        • Instruction Fuzzy Hash: 9802A1715083818FE725CF29C88076BBBE2BFD5304F28896EE89587342D779D849CB56
                        APIs
                        • socket.WSOCK32(00000002,00000001,00000006,?,00000000), ref: 004648B0
                        • WSAGetLastError.WSOCK32(00000000,00000002,00000001,00000006,?,00000000), ref: 004648BE
                        • bind.WSOCK32(00000000,?,00000010,00000002,00000001,00000006,?,00000000), ref: 004648DA
                        • WSAGetLastError.WSOCK32(00000000,00000000,?,00000010,00000002,00000001,00000006,?,00000000), ref: 004648E6
                        • closesocket.WSOCK32(00000000,00000000,00000000,00000000,00000005,00000000,?,00000010,00000002,00000001,00000006,?,00000000), ref: 0046492D
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: ErrorLast$bindclosesocketsocket
                        • String ID:
                        • API String ID: 2609815416-0
                        • Opcode ID: f055706b1daf61e2065e9fedb91be4565bf8eae27f8502184711caae908a2a6c
                        • Instruction ID: d240999dee57073d64b91b26c15bb406cb7727aead8f71c00845428af50f987f
                        • Opcode Fuzzy Hash: f055706b1daf61e2065e9fedb91be4565bf8eae27f8502184711caae908a2a6c
                        • Instruction Fuzzy Hash: C731CB712002009BD710FF2ADC81B6BB3E8EF85724F144A5FF594A72D2D779AC85876A
                        APIs
                        • CreateToolhelp32Snapshot.KERNEL32 ref: 00437043
                        • Process32FirstW.KERNEL32(00000000,00000002), ref: 00437050
                        • Process32NextW.KERNEL32(00000000,?), ref: 00437075
                        • __wsplitpath.LIBCMT ref: 004370A5
                          • Part of subcall function 00413DB0: __wsplitpath_helper.LIBCMT ref: 00413DF2
                        • _wcscat.LIBCMT ref: 004370BA
                        • __wcsicoll.LIBCMT ref: 004370C8
                        • CloseHandle.KERNEL32(00000000,?), ref: 00437105
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32__wcsicoll__wsplitpath__wsplitpath_helper_wcscat
                        • String ID:
                        • API String ID: 2547909840-0
                        • Opcode ID: fd838752e9d0606085fad0ec29118efadb7b5f17250a81beb0a2f2c9513d2e10
                        • Instruction ID: d866d71778569fbbd99b025f777f77cc3db9ba9c83dfb601fa45888e96c7797d
                        • Opcode Fuzzy Hash: fd838752e9d0606085fad0ec29118efadb7b5f17250a81beb0a2f2c9513d2e10
                        • Instruction Fuzzy Hash: 9C21A7B20083819BD735DB55C881BEFB7E8BB99304F00491EF5C947241EB79A589CB6A
                        APIs
                          • Part of subcall function 00401B70: _wcslen.LIBCMT ref: 00401B71
                        • FindFirstFileW.KERNEL32(?,?,?,?,?,00000000), ref: 0045217E
                        • Sleep.KERNEL32(0000000A,?,?,00000000), ref: 004521B2
                        • FindNextFileW.KERNEL32(?,?,?,00000000), ref: 004522AC
                        • FindClose.KERNEL32(?,?,00000000), ref: 004522C3
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: Find$File$CloseFirstNextSleep_wcslen
                        • String ID: *.*
                        • API String ID: 2693929171-438819550
                        • Opcode ID: 17936c38af85c1dbfc3d1ebbd0b26446ca2a596e07a4ad84d79ac0689e190811
                        • Instruction ID: e6452ff64139cddd5fd774ab19bf2199aa97b2a19dc0f7115334900b47d689b2
                        • Opcode Fuzzy Hash: 17936c38af85c1dbfc3d1ebbd0b26446ca2a596e07a4ad84d79ac0689e190811
                        • Instruction Fuzzy Hash: BD419D756083409FC314DF25C984A9FB7E4BF86305F04491FF98993291DBB8E949CB5A
                        APIs
                        • OpenClipboard.USER32(?), ref: 0046C635
                        • IsClipboardFormatAvailable.USER32(0000000D), ref: 0046C643
                        • GetClipboardData.USER32(0000000D), ref: 0046C64F
                        • CloseClipboard.USER32 ref: 0046C65D
                        • GlobalLock.KERNEL32(00000000), ref: 0046C688
                        • CloseClipboard.USER32 ref: 0046C692
                        • IsClipboardFormatAvailable.USER32(00000001), ref: 0046C6D5
                        • GetClipboardData.USER32(00000001), ref: 0046C6DD
                        • GlobalLock.KERNEL32(00000000), ref: 0046C6EE
                        • GlobalUnlock.KERNEL32(00000000), ref: 0046C726
                        • CloseClipboard.USER32 ref: 0046C866
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: Clipboard$CloseGlobal$AvailableDataFormatLock$OpenUnlock
                        • String ID: HH
                        • API String ID: 589737431-2761332787
                        • Opcode ID: 76419e0badb028214ed7bad9e924c36871e80023f9f647d131bfc03e45e064d3
                        • Instruction ID: 5556deb4c8197336e1b92b5e2a85e957832ef7964462d916cb468ff193882e13
                        • Opcode Fuzzy Hash: 76419e0badb028214ed7bad9e924c36871e80023f9f647d131bfc03e45e064d3
                        • Instruction Fuzzy Hash: 7301F5762042005FC300AFB9ED45B6A7BA4EF59704F04097FF980A72C1EBB1E915C7AA
                        APIs
                        • __wcsicoll.LIBCMT ref: 0043643C
                        • mouse_event.USER32(00000800,00000000,00000000,00000078,00000000), ref: 00436452
                        • __wcsicoll.LIBCMT ref: 00436466
                        • mouse_event.USER32(00000800,00000000,00000000,00000088,00000000), ref: 0043647C
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: __wcsicollmouse_event
                        • String ID: DOWN
                        • API String ID: 1033544147-711622031
                        • Opcode ID: 8e71a22f1bb6dc727f393f419cee3c46fab46d9365d91d475c80ba63e0095046
                        • Instruction ID: 8a73d33e481528181e274ae5662561dddcd8f7088196b39fde8242b6fe69d79f
                        • Opcode Fuzzy Hash: 8e71a22f1bb6dc727f393f419cee3c46fab46d9365d91d475c80ba63e0095046
                        • Instruction Fuzzy Hash: 75E0927558872039FC4036253C02FFB174CAB66796F018116FE00D1291EA586D865BBD
                        APIs
                          • Part of subcall function 004647A2: inet_addr.WSOCK32(?), ref: 004647C7
                        • socket.WSOCK32(00000002,00000002,00000011,?,00000000), ref: 00474213
                        • WSAGetLastError.WSOCK32(00000000), ref: 00474233
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: ErrorLastinet_addrsocket
                        • String ID:
                        • API String ID: 4170576061-0
                        • Opcode ID: c11ce247c64ee683b380b6a697379cd3ea863651eb179087c325b129d43524e0
                        • Instruction ID: 44a7e99483396e6262e636993c5e510db402c36a24f0b6146f21617b09e75fab
                        • Opcode Fuzzy Hash: c11ce247c64ee683b380b6a697379cd3ea863651eb179087c325b129d43524e0
                        • Instruction Fuzzy Hash: B6412C7164030067E720BB3A8C83F5A72D89F40728F144D5EF954BB2C3D6BAAD45475D
                        APIs
                        • GetCursorPos.USER32(004A83D8), ref: 0045636A
                        • ScreenToClient.USER32(004A83D8,?), ref: 0045638A
                        • GetAsyncKeyState.USER32(?), ref: 004563D0
                        • GetAsyncKeyState.USER32(?), ref: 004563DC
                        • GetWindowLongW.USER32(?,000000F0), ref: 00456430
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: AsyncState$ClientCursorLongScreenWindow
                        • String ID:
                        • API String ID: 3539004672-0
                        • Opcode ID: 8b6f1a7d11e91e3692d621cb91ecba55955a7a9a0de246f0cd2a62484a80ce0b
                        • Instruction ID: 0eacbf52c9ff4b21db6d2500407d28a57be55752a0539e191fb639d8ee6a043b
                        • Opcode Fuzzy Hash: 8b6f1a7d11e91e3692d621cb91ecba55955a7a9a0de246f0cd2a62484a80ce0b
                        • Instruction Fuzzy Hash: 8E416071108341ABD724DF55CD84EBBB7E9EF86725F540B0EB8A543281C734A848CB6A
                        APIs
                          • Part of subcall function 0046DD22: IsWindow.USER32(00000000), ref: 0046DD51
                        • IsWindowVisible.USER32 ref: 00477314
                        • IsWindowEnabled.USER32 ref: 00477324
                        • GetForegroundWindow.USER32(?,?,?,00000001,?,?), ref: 00477331
                        • IsIconic.USER32 ref: 0047733F
                        • IsZoomed.USER32 ref: 0047734D
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: Window$EnabledForegroundIconicVisibleZoomed
                        • String ID:
                        • API String ID: 292994002-0
                        • Opcode ID: 1c24098bd8cb9da3f496229370c910df04dc27541171caa4f2956f9c30b83eee
                        • Instruction ID: c753cb395bd8887e5e04db90522a3107d7308fd2cfa588f53a4db7a4177bc043
                        • Opcode Fuzzy Hash: 1c24098bd8cb9da3f496229370c910df04dc27541171caa4f2956f9c30b83eee
                        • Instruction Fuzzy Hash: 351172327041119BE3209B26DD05B9FB7A8AF91310F05882EFC49E7250D7B8EC42D7A9
                        APIs
                        • CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000003,02000080,00000000,75923220,00000000,00000000,00442E95,?,?,?), ref: 00436D4F
                        • SetFileTime.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,00000000), ref: 00436D8C
                        • CloseHandle.KERNEL32(00000000,?,?,?,00000000), ref: 00436D93
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: File$CloseCreateHandleTime
                        • String ID:
                        • API String ID: 3397143404-0
                        • Opcode ID: 17e11168520f802dddbe8c477e19047108492bf153e6cd976562f268bfda3e60
                        • Instruction ID: bce1a9391340f9688fe0750810cd2cb1b104417d8b3c1e96578cdf6de8724fbd
                        • Opcode Fuzzy Hash: 17e11168520f802dddbe8c477e19047108492bf153e6cd976562f268bfda3e60
                        • Instruction Fuzzy Hash: A4F0C83634132077E5301A69AC8DFCF276CABDAB32F20452EF741A61C083D51445977D
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: _strncmp
                        • String ID: ACCEPT$^$h
                        • API String ID: 909875538-4263704089
                        • Opcode ID: adbbb77bd847cefbadd23aa8e42bde8f813033e7c46a43322acc698efb747d92
                        • Instruction ID: 72a2cba82410d8b1d90f72ff5cad5771b474d57714a55a9933f2c727144888ce
                        • Opcode Fuzzy Hash: adbbb77bd847cefbadd23aa8e42bde8f813033e7c46a43322acc698efb747d92
                        • Instruction Fuzzy Hash: AE22A0746083818FE725CF29C48076BBBE2BFC9304F24896EE8D587351D779984ACB56
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID:
                        • String ID: ERCP$VUUU$VUUU$VUUU
                        • API String ID: 0-2165971703
                        • Opcode ID: fe5f619ecbbb89e409f3ebcf557090f4afc22d0cdf4dbad8df8e547bb5c0b5b7
                        • Instruction ID: 514654dd073cfe12bfc68f6c44a091d7a3824994b709b832431b3f3de6bbd106
                        • Opcode Fuzzy Hash: fe5f619ecbbb89e409f3ebcf557090f4afc22d0cdf4dbad8df8e547bb5c0b5b7
                        • Instruction Fuzzy Hash: 5562D3716087818BE734CF18C8807ABB7E1EBC6314F154A2FE49986390E779D949CB5B
                        APIs
                        • FindFirstFileW.KERNEL32(00000000,?,?), ref: 0045C9BE
                        • FindNextFileW.KERNEL32(00000000,?), ref: 0045CA1B
                        • FindClose.KERNEL32(00000000,00000001,00000000), ref: 0045CA4A
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: Find$File$CloseFirstNext
                        • String ID:
                        • API String ID: 3541575487-0
                        • Opcode ID: 14602e3ddb85434cb4a191148b4ac58dc13c9e22f939418703ff5d8e88b69fcb
                        • Instruction ID: 18858b47483a38653cd59612877c1399ad483e9f26b014a4aa46912757e3bc7b
                        • Opcode Fuzzy Hash: 14602e3ddb85434cb4a191148b4ac58dc13c9e22f939418703ff5d8e88b69fcb
                        • Instruction Fuzzy Hash: EC41CE756003009FC720EF79D880A9BB3E4FF89315F208A6EED698B391D775A844CB95
                        APIs
                        • GetFileAttributesW.KERNEL32(00000001,00000000), ref: 00436AEF
                        • FindFirstFileW.KERNEL32(00000001,?), ref: 00436B00
                        • FindClose.KERNEL32(00000000), ref: 00436B13
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: FileFind$AttributesCloseFirst
                        • String ID:
                        • API String ID: 48322524-0
                        • Opcode ID: 9dc85b775151a348b3ed896f2b5842869c214baa03f23a1e311506cc1954de59
                        • Instruction ID: 417b6d6de692ea6945bae3bf725251b28653fd5bce93257cef0f58e2a105c1b1
                        • Opcode Fuzzy Hash: 9dc85b775151a348b3ed896f2b5842869c214baa03f23a1e311506cc1954de59
                        • Instruction Fuzzy Hash: 23E02236804418678600AB7CAC0C4EE779CDB0A335F100B96FE38C21D0D775A9408FEA
                        APIs
                        • __time64.LIBCMT ref: 004433A2
                          • Part of subcall function 00414CEF: GetSystemTimeAsFileTime.KERNEL32(?,?,?,?,004341DB,00000000,?,0044248A,?,?,?,0048B850), ref: 00414CFA
                          • Part of subcall function 00414CEF: __aulldiv.LIBCMT ref: 00414D1A
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: Time$FileSystem__aulldiv__time64
                        • String ID: rJ
                        • API String ID: 2893107130-1865492326
                        • Opcode ID: e603e75d0767fd135478995c8e8d26e9f594f0c4df67822259ddb38eb763753e
                        • Instruction ID: ebc1a5536eae3429eadb0b33e849de59894c076497330b79c1ff8485d89898ec
                        • Opcode Fuzzy Hash: e603e75d0767fd135478995c8e8d26e9f594f0c4df67822259ddb38eb763753e
                        • Instruction Fuzzy Hash: B721A2336205108BF321CF36CC41652B7E7EBE0314F268A6AE4A5973C5CA797906CB98
                        APIs
                        • __time64.LIBCMT ref: 004433A2
                          • Part of subcall function 00414CEF: GetSystemTimeAsFileTime.KERNEL32(?,?,?,?,004341DB,00000000,?,0044248A,?,?,?,0048B850), ref: 00414CFA
                          • Part of subcall function 00414CEF: __aulldiv.LIBCMT ref: 00414D1A
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: Time$FileSystem__aulldiv__time64
                        • String ID: rJ
                        • API String ID: 2893107130-1865492326
                        • Opcode ID: e8e365b2ab883cc854990c78a2143569adcb81f7322f31e235de15ec19987b7e
                        • Instruction ID: 4b4e0c3debee0a45c2bc781276f994e79ac96c452fb6cf924f1e6ade5adf298d
                        • Opcode Fuzzy Hash: e8e365b2ab883cc854990c78a2143569adcb81f7322f31e235de15ec19987b7e
                        • Instruction Fuzzy Hash: E82187336345108BF321CF36CC4165277E3EBE0314B258B6AD4A5973C5CA797906CB88
                        APIs
                        • InternetQueryDataAvailable.WININET(?,?,?,?,00000000,00000000), ref: 004428C2
                        • InternetReadFile.WININET(?,00000000,?,?), ref: 004428F9
                          • Part of subcall function 0044286A: GetLastError.KERNEL32(00000000,0044AA07,?,00000000,00000000,00000001,?,?), ref: 00442880
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: Internet$AvailableDataErrorFileLastQueryRead
                        • String ID:
                        • API String ID: 901099227-0
                        • Opcode ID: 0771251b70b9bd68c35fac6f7da5b5f16004994504cb59d35d549d3fc14a9ba4
                        • Instruction ID: 2c15810e60b1cb59304632cc8162977c32d0240baa2dcf3c2cd6ef22f942a6bb
                        • Opcode Fuzzy Hash: 0771251b70b9bd68c35fac6f7da5b5f16004994504cb59d35d549d3fc14a9ba4
                        • Instruction Fuzzy Hash: 452174B12043016BF220EF56DD45FAFB3E8ABD4715F40492EF285A6180D7B8E949C76A
                        APIs
                        • FindFirstFileW.KERNEL32(00000000,?,?), ref: 0045DDA1
                        • FindClose.KERNEL32(00000000), ref: 0045DDDD
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: Find$CloseFileFirst
                        • String ID:
                        • API String ID: 2295610775-0
                        • Opcode ID: eac1d012b3ae473636f11b903683455954ec17c127a785734040b224e9a5f79e
                        • Instruction ID: 3577cc1601137e614a3334ffa73c6d258275d41fe8d72aaca367a27ef3e2a016
                        • Opcode Fuzzy Hash: eac1d012b3ae473636f11b903683455954ec17c127a785734040b224e9a5f79e
                        • Instruction Fuzzy Hash: DE11E5766002049FD710EF6ADC89A5AF7E5EF84325F10892EF958D7281CB75E8048B94
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID:
                        • String ID: 0vH$HH
                        • API String ID: 0-728391547
                        • Opcode ID: 96d535d6e61c6cd6e5d21badf476ce2a2faa32e114d6f0ae27a3d334794412dd
                        • Instruction ID: 538a6706abcc28c04bdc151be30d2aa4e2083a8dfdfa6c30a7857f36827e6882
                        • Opcode Fuzzy Hash: 96d535d6e61c6cd6e5d21badf476ce2a2faa32e114d6f0ae27a3d334794412dd
                        • Instruction Fuzzy Hash: 60E1BE725143109FC310EF25C881A9FB7E5AFC4708F108D2EF589AB281D779E946CB9A
                        APIs
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: _memset
                        • String ID:
                        • API String ID: 2102423945-0
                        • Opcode ID: b8def19716de174921965326585c8a0a0c2eba4d3f226f62ebfac136bfb84777
                        • Instruction ID: fac722ae1e10b3ad9494cda40f9fb3e9e62b3c26aea04ddfc6562ea9d2065ebb
                        • Opcode Fuzzy Hash: b8def19716de174921965326585c8a0a0c2eba4d3f226f62ebfac136bfb84777
                        • Instruction Fuzzy Hash: C512B4B7B983194FDB48DEE4DCC169573E1FB98304F09A43C9A15C7306F6E8AA094794
                        APIs
                        • DefDlgProcW.USER32(?,?,?,?,004A83D8,?), ref: 0047E22C
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: Proc
                        • String ID:
                        • API String ID: 2346855178-0
                        • Opcode ID: 4f476b527310cd4595d6f2246be334f82b87c4d4a511bc9a4ae10ad49a3a576c
                        • Instruction ID: e1c03c818efbd3cbf3664a0c3e659178dbc9a05004c0f073233894ce1d713c90
                        • Opcode Fuzzy Hash: 4f476b527310cd4595d6f2246be334f82b87c4d4a511bc9a4ae10ad49a3a576c
                        • Instruction Fuzzy Hash: 4EB1E63330602429E114916BBC88EBFBB9CD7D677BB208B7FF142C1582DB5B6425A179
                        APIs
                        • BlockInput.USER32(00000001), ref: 0045A272
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: BlockInput
                        • String ID:
                        • API String ID: 3456056419-0
                        • Opcode ID: f8b7596c9daf0cf449ec099d4cdbafb4be693b9bdeaa48314d03f681346fce8b
                        • Instruction ID: 5d782454ef4d0180448527013755d2523f66e5fc327f68786c1d80a86620ac83
                        • Opcode Fuzzy Hash: f8b7596c9daf0cf449ec099d4cdbafb4be693b9bdeaa48314d03f681346fce8b
                        • Instruction Fuzzy Hash: D2E04F752043019BC700EF71C545A5BB7E4AF94314F108C6EF845A7351D775AC45CB66
                        APIs
                        • LogonUserW.ADVAPI32(?,?,?,?,00000000,?), ref: 0043918E
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: LogonUser
                        • String ID:
                        • API String ID: 1244722697-0
                        • Opcode ID: 365ca9639b26e9c6c56151d88f527b1e4ffaee0f54dfd66c8778d151900be7f4
                        • Instruction ID: 63114e5cfb2c4979e73f5d19eacf740c811f86df1a08bc2cb556a5e36cce81ff
                        • Opcode Fuzzy Hash: 365ca9639b26e9c6c56151d88f527b1e4ffaee0f54dfd66c8778d151900be7f4
                        • Instruction Fuzzy Hash: 8DD0ECB52686066FD204CB24D846E2B77E9A7C4701F008A0CB196D2280C670D805CA32
                        APIs
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: NameUser
                        • String ID:
                        • API String ID: 2645101109-0
                        • Opcode ID: b783c70369e54a54257db95ea8fbffa2a0b511f3d9d58af1a6b6f1143851980f
                        • Instruction ID: 8011c19b6c32d183c263453b2018abc548473ce9ed5616c99acac4896e71f792
                        • Opcode Fuzzy Hash: b783c70369e54a54257db95ea8fbffa2a0b511f3d9d58af1a6b6f1143851980f
                        • Instruction Fuzzy Hash: F6E08C322083058FC310EF55F8405ABB390EB94311F004C3FE64AA2191DA79920EDFAB
                        APIs
                        • SetUnhandledExceptionFilter.KERNEL32(Function_00021FEC), ref: 00422033
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: ExceptionFilterUnhandled
                        • String ID:
                        • API String ID: 3192549508-0
                        • Opcode ID: 299f58dbcf75cd09f1fee721c9404e411c3f17cf80a1a40ae63587de51767455
                        • Instruction ID: 3275b40964251646410af8875a24301f93fa315c26af6adae0ca3d0f7a721f84
                        • Opcode Fuzzy Hash: 299f58dbcf75cd09f1fee721c9404e411c3f17cf80a1a40ae63587de51767455
                        • Instruction Fuzzy Hash: CD9002743511144A4A011BB16E5D90925D46A586067920875B411C4064DB9840019619
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 0666e2c6603716d584354562bcf590181c980fb8da26174d951f804026303a75
                        • Instruction ID: b3f199f19983f506b623bfe7955a95149e6efe4e98ce3416cc40fa12ddcf4508
                        • Opcode Fuzzy Hash: 0666e2c6603716d584354562bcf590181c980fb8da26174d951f804026303a75
                        • Instruction Fuzzy Hash: 46D19073C0A9B30A8735812D42582BFEE626FD578131EC3E29CD07F38AD26B5DA195D4
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: c40bcf876c129f9393d32ca3cb7471e4bcf7a4352579634fb414d11934eaa4f2
                        • Instruction ID: c47bdb3f9c9e38c5d46ddb9e43dedaf70276048770aeb58bd274f21c588a824b
                        • Opcode Fuzzy Hash: c40bcf876c129f9393d32ca3cb7471e4bcf7a4352579634fb414d11934eaa4f2
                        • Instruction Fuzzy Hash: 1CD19073D1A9B30A8735852D42581AFEE626FD578031EC3E2CCD07F38AD16B5DA191D4
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 8709e21481f65d4d57cc4b3952fb3adbcebd3cc8b64ff3d20fdf858c0bfd14a0
                        • Instruction ID: ac15b8da1a4b082d71a0b082c8349c97121379a14580263daf363e6ab8f75410
                        • Opcode Fuzzy Hash: 8709e21481f65d4d57cc4b3952fb3adbcebd3cc8b64ff3d20fdf858c0bfd14a0
                        • Instruction Fuzzy Hash: 87C18173C0A9B30A8736812D42641AFEE626FD579031FC3E2CCD47F38A91AB5DA195D4
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: a6a9d25a147ba64f4d06249d12fe21364a5b6889ab238d0ba2e949acfc497403
                        • Instruction ID: aa957cafbedeae1199dea6a597ba911d219650f283d164fb65797e90308ef47b
                        • Opcode Fuzzy Hash: a6a9d25a147ba64f4d06249d12fe21364a5b6889ab238d0ba2e949acfc497403
                        • Instruction Fuzzy Hash: 5FC18E73D0A9B30A8735812D42581AFEE626FD578031EC3E28CE46F38ED26F5DA195D4
                        Memory Dump Source
                        • Source File: 00000000.00000002.2264943382.0000000003F11000.00000040.00000020.00020000.00000000.sdmp, Offset: 03F11000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_3f11000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 424b499c86482d5e2cad33d2eb2b77d7085f14ac4781241b47b3debc7e1ef18c
                        • Instruction ID: 65491252a1f23401c941d66611a9af3b8531c79d91055b82f4454250e110a6a8
                        • Opcode Fuzzy Hash: 424b499c86482d5e2cad33d2eb2b77d7085f14ac4781241b47b3debc7e1ef18c
                        • Instruction Fuzzy Hash: 5641C171D1051CEBCF48CFADC991AAEFBF2AF88201F548299D516AB345D730AB41DB80
                        Memory Dump Source
                        • Source File: 00000000.00000002.2264943382.0000000003F11000.00000040.00000020.00020000.00000000.sdmp, Offset: 03F11000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_3f11000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 6091d3ab8c142cd01bdaf95ad615aaddba634de501579065cef803e1d5150a63
                        • Instruction ID: dce6d5bade63163ad455988e46a9dcd17aa31dcba053f8b8486b11ce1dc1d99a
                        • Opcode Fuzzy Hash: 6091d3ab8c142cd01bdaf95ad615aaddba634de501579065cef803e1d5150a63
                        • Instruction Fuzzy Hash: A9019278E10209EFCB58DF99D5909AEF7B5FB88310F208599DC09A7705D730AE51DB80
                        Memory Dump Source
                        • Source File: 00000000.00000002.2264943382.0000000003F11000.00000040.00000020.00020000.00000000.sdmp, Offset: 03F11000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_3f11000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 2824983519b781728331ca74e43d8f1b114060d413125894b627f2317d3cf6f3
                        • Instruction ID: f3a4e5ba5050bd691cbe42cbdc505189fb4ebed44b67a15cc5af7f40e60c8639
                        • Opcode Fuzzy Hash: 2824983519b781728331ca74e43d8f1b114060d413125894b627f2317d3cf6f3
                        • Instruction Fuzzy Hash: B9019278E10209EFCB44DF99D5909AEF7B5FB88310F248599E809A7305D730AE51DB80
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 304d221b5688423ebfa6c473264aec07cdb78ae451f757bdd5acbbf2c1e92ad4
                        • Instruction ID: b8cfd58d412160527e66ace840abba843d94ac3f5b06779728c9fe736b8606cc
                        • Opcode Fuzzy Hash: 304d221b5688423ebfa6c473264aec07cdb78ae451f757bdd5acbbf2c1e92ad4
                        • Instruction Fuzzy Hash: ECD012F621844146F33144D866C0BD100437344310FB58C276005CEBC1C0DDECD6C229
                        Memory Dump Source
                        • Source File: 00000000.00000002.2264943382.0000000003F11000.00000040.00000020.00020000.00000000.sdmp, Offset: 03F11000, based on PE: false
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_3f11000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: e1f80ac41b4fc2d45690e214ca5193b9bf4f67450f61a2a701b7f1fb86cd8f4e
                        • Instruction ID: 2052e7d0eb43af8a57a5c2d707c06396f1b84aee57587abda472ed480d51124b
                        • Opcode Fuzzy Hash: e1f80ac41b4fc2d45690e214ca5193b9bf4f67450f61a2a701b7f1fb86cd8f4e
                        • Instruction Fuzzy Hash: 1AB012310527488BC2118B89E008B1073ECA308E04F1000B0D40C07B01827874008D48
                        APIs
                        • DeleteObject.GDI32(?), ref: 004593D7
                        • DeleteObject.GDI32(?), ref: 004593F1
                        • DestroyWindow.USER32(?), ref: 00459407
                        • GetDesktopWindow.USER32 ref: 0045942A
                        • GetWindowRect.USER32(00000000), ref: 00459431
                        • SetRect.USER32(50000001,00000000,00000000,000001F4,?), ref: 00459568
                        • AdjustWindowRectEx.USER32(?,88C00000,00000000,?), ref: 00459577
                        • CreateWindowExW.USER32(?,AutoIt v3,00000000,?,88C00000,?,?,50000001,?,?,00000000,00000000), ref: 004595BB
                        • GetClientRect.USER32(00000000,?), ref: 004595C8
                        • CreateWindowExW.USER32(00000000,static,00000000,5000000E,00000000,00000000,?,?,?,00000000,00000000,00000000), ref: 00459615
                        • CreateFileW.KERNEL32(00000000,?,80000000,00000000,00000000,00000003,00000000,00000000,?,50000001,?,?,00000000,00000000,00000000), ref: 00459635
                        • GetFileSize.KERNEL32(00000000,00000000,?,50000001,?,?,00000000,00000000,00000000), ref: 00459654
                        • GlobalAlloc.KERNEL32(00000002,00000000,?,50000001,?,?,00000000,00000000,00000000), ref: 0045965F
                        • GlobalLock.KERNEL32(00000000), ref: 00459668
                        • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,50000001,?,?,00000000,00000000,00000000), ref: 00459678
                        • GlobalUnlock.KERNEL32(00000000), ref: 0045967F
                        • CloseHandle.KERNEL32(00000000,?,50000001,?,?,00000000,00000000,00000000), ref: 00459686
                        • CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,50000001,?,?,00000000,00000000,00000000), ref: 00459694
                        • OleLoadPicture.OLEAUT32(?,00000000,00000000,00482A20,000001F4), ref: 004596AD
                        • GlobalFree.KERNEL32(00000000), ref: 004596C0
                        • CopyImage.USER32(000000FF,00000000,00000000,00000000,00002000), ref: 004596EF
                        • SendMessageW.USER32(00000000,00000172,00000000,000000FF), ref: 00459712
                        • SetWindowPos.USER32(00000000,00000000,00000000,00000000,?,?,00000020,?,50000001,?,?,00000000,00000000,00000000), ref: 0045973D
                        • ShowWindow.USER32(?,00000004,?,50000001,?,?,00000000,00000000,00000000), ref: 0045974B
                        • CreateWindowExW.USER32(00000000,static,00000000,?,?,0000000B,0000000B,?,?,?,00000000,00000000), ref: 0045979C
                        • CreateDCW.GDI32(DISPLAY,00000000,00000000,00000000), ref: 004597AD
                        • GetStockObject.GDI32(00000011), ref: 004597B7
                        • SelectObject.GDI32(00000000,00000000), ref: 004597BF
                        • GetTextFaceW.GDI32(00000000,00000040,00000190,?,50000001,?,?,00000000,00000000,00000000), ref: 004597CD
                        • GetDeviceCaps.GDI32(00000000,0000005A), ref: 004597D6
                        • DeleteDC.GDI32(00000000), ref: 004597E1
                        • _wcslen.LIBCMT ref: 00459800
                        • _wcscpy.LIBCMT ref: 0045981F
                        • CreateFontW.GDI32(?,00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,00000190), ref: 004598BB
                        • SendMessageW.USER32(?,00000030,00000000,00000001), ref: 004598D0
                        • GetDC.USER32(?), ref: 004598DE
                        • SelectObject.GDI32(00000000,?), ref: 004598EE
                        • SelectObject.GDI32(00000000,?), ref: 00459919
                        • ReleaseDC.USER32(?,00000000), ref: 00459925
                        • MoveWindow.USER32(?,0000000B,?,?,?,00000001), ref: 00459943
                        • ShowWindow.USER32(?,00000004,?,00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,00000190), ref: 00459951
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: Window$Create$Object$Global$Rect$DeleteFileSelect$MessageSendShow$AdjustAllocCapsClientCloseCopyDesktopDestroyDeviceFaceFontFreeHandleImageLoadLockMovePictureReadReleaseSizeStockStreamTextUnlock_wcscpy_wcslen
                        • String ID: $AutoIt v3$DISPLAY$static
                        • API String ID: 4040870279-2373415609
                        • Opcode ID: d6fd8d7be04635d93ea84c38fc4cb072183cdb5133bdcfdddae5d23db1010fc6
                        • Instruction ID: fce7466cc8f2b4b34a2e278d60cb4f704f90ff1017bfb666dbfc83d8aba9d67a
                        • Opcode Fuzzy Hash: d6fd8d7be04635d93ea84c38fc4cb072183cdb5133bdcfdddae5d23db1010fc6
                        • Instruction Fuzzy Hash: 3F028C70204301EFD714DF64DE89F2BB7A8AB84705F104A2DFA45AB2D2D7B4E805CB69
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: __wcsnicmp
                        • String ID: #NoAutoIt3Execute$#OnAutoItStartRegister$#ce$#comments-end$#comments-start$#cs$#include$#include-once$#notrayicon$#requireadmin$Cannot parse #include$Unterminated group of comments
                        • API String ID: 1038674560-3360698832
                        • Opcode ID: 87a66eadcaf8420a9e8e1157d1f7c7fd58aef90dc088af7a86e197dee8fb1ec4
                        • Instruction ID: b6083b7aed1673b33e689ff2aa7e8f17f47d7310e90ec65f4167159f85ee96f3
                        • Opcode Fuzzy Hash: 87a66eadcaf8420a9e8e1157d1f7c7fd58aef90dc088af7a86e197dee8fb1ec4
                        • Instruction Fuzzy Hash: 5A611471B4071076EA306A229C46FAB735CDF14345F50052FFC01A628BE7ADDA4A86EE
                        APIs
                        • GetSysColor.USER32(0000000E), ref: 00433D81
                        • SetTextColor.GDI32(?,00000000), ref: 00433D89
                        • GetSysColor.USER32(00000012), ref: 00433DA3
                        • SetTextColor.GDI32(?,?), ref: 00433DAB
                        • GetSysColorBrush.USER32(0000000F), ref: 00433DBF
                        • GetSysColor.USER32(0000000F), ref: 00433DCB
                        • CreateSolidBrush.GDI32(?), ref: 00433DD4
                        • GetSysColor.USER32(00000011), ref: 00433DEB
                        • CreatePen.GDI32(00000000,00000001,00743C00), ref: 00433DFD
                        • SelectObject.GDI32(?,00000000), ref: 00433E0D
                        • SetBkColor.GDI32(?,?), ref: 00433E19
                        • SelectObject.GDI32(?,?), ref: 00433E29
                        • InflateRect.USER32(?,000000FF,000000FF), ref: 00433E54
                        • RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 00433E73
                        • GetWindowLongW.USER32 ref: 00433E8A
                        • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00433EAC
                        • GetWindowTextW.USER32(00000000,00000000,00000105), ref: 00433EE1
                        • InflateRect.USER32(?,000000FD,000000FD), ref: 00433F13
                        • DrawFocusRect.USER32(?,?), ref: 00433F1F
                        • GetSysColor.USER32(00000011), ref: 00433F2E
                        • SetTextColor.GDI32(?,00000000), ref: 00433F36
                        • DrawTextW.USER32(?,?,000000FF,?,?), ref: 00433F4E
                        • SelectObject.GDI32(?,?), ref: 00433F63
                        • DeleteObject.GDI32(?), ref: 00433F70
                        • SelectObject.GDI32(?,?), ref: 00433F78
                        • DeleteObject.GDI32(00000000), ref: 00433F7B
                        • SetTextColor.GDI32(?,?), ref: 00433F83
                        • SetBkColor.GDI32(?,?), ref: 00433F8F
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: Color$ObjectText$RectSelect$BrushCreateDeleteDrawInflateWindow$FocusLongMessageRoundSendSolid
                        • String ID:
                        • API String ID: 1582027408-0
                        • Opcode ID: 697ef1e2b469c7a94178de5208286552364449c38c8500f3df1fcdb24db8d4eb
                        • Instruction ID: aa454ab644ffbff4d2185aee23397a25bdbdaef3ad5a75b83a3ebbbeed3afe32
                        • Opcode Fuzzy Hash: 697ef1e2b469c7a94178de5208286552364449c38c8500f3df1fcdb24db8d4eb
                        • Instruction Fuzzy Hash: 53710570508340AFD304DF68DD88A6FBBF9FF89711F104A2DFA5592290D7B4E9418B6A
                        APIs
                        • OpenClipboard.USER32(?), ref: 0046C635
                        • IsClipboardFormatAvailable.USER32(0000000D), ref: 0046C643
                        • GetClipboardData.USER32(0000000D), ref: 0046C64F
                        • CloseClipboard.USER32 ref: 0046C65D
                        • GlobalLock.KERNEL32(00000000), ref: 0046C688
                        • CloseClipboard.USER32 ref: 0046C692
                        • IsClipboardFormatAvailable.USER32(00000001), ref: 0046C6D5
                        • GetClipboardData.USER32(00000001), ref: 0046C6DD
                        • GlobalLock.KERNEL32(00000000), ref: 0046C6EE
                        • GlobalUnlock.KERNEL32(00000000), ref: 0046C726
                        • CloseClipboard.USER32 ref: 0046C866
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: Clipboard$CloseGlobal$AvailableDataFormatLock$OpenUnlock
                        • String ID: HH
                        • API String ID: 589737431-2761332787
                        • Opcode ID: 1f8588b948bb152d659cc961560e711d284fc80ef968a1445fa6f6d22cce4332
                        • Instruction ID: ccec0c76267f611a980a6192e38ed766f4c6ddce8b7f15b38bc446a2cb1d96e7
                        • Opcode Fuzzy Hash: 1f8588b948bb152d659cc961560e711d284fc80ef968a1445fa6f6d22cce4332
                        • Instruction Fuzzy Hash: 4D61E5722003019BD310EF65DD86B5E77A8EF54715F00483EFA41E72D1EBB5D9048BAA
                        APIs
                        • GetCursorPos.USER32(?), ref: 00456692
                        • GetDesktopWindow.USER32 ref: 004566AA
                        • GetWindowRect.USER32(00000000), ref: 004566B1
                        • GetWindowLongW.USER32(?,000000F0), ref: 0045670D
                        • GetWindowLongW.USER32(?,000000F0), ref: 00456720
                        • DestroyWindow.USER32(?), ref: 00456731
                        • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,00000003,80000000,80000000,80000000,80000000,00000000,00000000,00000000,00000000), ref: 00456779
                        • SendMessageW.USER32(00000000,00000432,00000000,0000002C), ref: 00456797
                        • SendMessageW.USER32(?,00000439,00000000,0000002C), ref: 004567C0
                        • SendMessageW.USER32(?,00000421,?,?), ref: 004567D8
                        • SendMessageW.USER32(?,0000041D,00000000,00000000), ref: 004567EE
                        • IsWindowVisible.USER32(?), ref: 00456812
                        • SendMessageW.USER32(?,00000412,00000000,D8F0D8F0), ref: 0045682E
                        • SendMessageW.USER32(?,00000411,00000001,0000002C), ref: 00456843
                        • GetWindowRect.USER32(?,?), ref: 0045685C
                        • MonitorFromPoint.USER32(?,?,00000002), ref: 00456880
                        • GetMonitorInfoW.USER32 ref: 00456894
                        • CopyRect.USER32(?,?), ref: 004568A8
                        • SendMessageW.USER32(?,00000412,00000000), ref: 0045690A
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: Window$MessageSend$Rect$LongMonitor$CopyCreateCursorDesktopDestroyFromInfoPointVisible
                        • String ID: ($,$tooltips_class32
                        • API String ID: 541082891-3320066284
                        • Opcode ID: 25380f5391d2fe641591a116f81b43842710cc101ecbbf85cfa067c854d9f55a
                        • Instruction ID: 3987ef5f26dee50c6234681dd74380f3ee0746d74ffcadc96223edc745891050
                        • Opcode Fuzzy Hash: 25380f5391d2fe641591a116f81b43842710cc101ecbbf85cfa067c854d9f55a
                        • Instruction Fuzzy Hash: 33B18EB0604341AFD714DF64C984B6BB7E5EF88704F408D2DF989A7292D778E848CB5A
                        APIs
                        • _wcslen.LIBCMT ref: 00454DCF
                        • _wcslen.LIBCMT ref: 00454DE2
                        • __wcsicoll.LIBCMT ref: 00454DEF
                        • _wcslen.LIBCMT ref: 00454E04
                        • __wcsicoll.LIBCMT ref: 00454E11
                        • _wcslen.LIBCMT ref: 00454E24
                        • __wcsicoll.LIBCMT ref: 00454E31
                          • Part of subcall function 004115D0: __wcsicmp_l.LIBCMT ref: 00411657
                        • LoadImageW.USER32(00000000,?,00000001,?,?,00002010), ref: 00454E65
                        • LoadLibraryExW.KERNEL32(?,00000000,00000032,?,?,?,?,?,?,?,?,?,00000000), ref: 00454E79
                        • LoadImageW.USER32(00000000,00000000,?,00000001,?,?), ref: 00454EB7
                        • LoadImageW.USER32(00000000,?,00000001,?,?,00000000), ref: 00454EFB
                        • LoadImageW.USER32(00000000,00000000,?,00000001,?,?), ref: 00454F2C
                        • FreeLibrary.KERNEL32(00000000), ref: 00454F37
                        • ExtractIconExW.SHELL32(?,00000000,00000000,?,00000001), ref: 00454F94
                        • DestroyIcon.USER32(?), ref: 00454FA2
                        • SendMessageW.USER32(?,00000170,00000000,00000000), ref: 00454FC0
                        • SendMessageW.USER32(?,00000064,00000172,00000001), ref: 00454FCC
                        • MoveWindow.USER32(?,?,?,?,?,00000001), ref: 00454FF1
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: Load$Image_wcslen$__wcsicoll$IconLibraryMessageSend$DestroyExtractFreeMoveWindow__wcsicmp_l
                        • String ID: .dll$.exe$.icl
                        • API String ID: 2511167534-1154884017
                        • Opcode ID: 3f138871eb6b7f703bfd118eaab481945a2915db6d26b5ab3e2ea40d00a2935e
                        • Instruction ID: 777b7c61fe84a0ac0f88e3bb9536c5d4e291b97e4b5026f6b39318954af55ba4
                        • Opcode Fuzzy Hash: 3f138871eb6b7f703bfd118eaab481945a2915db6d26b5ab3e2ea40d00a2935e
                        • Instruction Fuzzy Hash: D461D9711043016AE620DF659D85F7B73ECEF84B0AF00481EFE81D5182E7B9A989C77A
                        APIs
                        • GetFileVersionInfoSizeW.VERSION(?,?), ref: 00436B4E
                        • GetFileVersionInfoW.VERSION(?,00000000,00000000,00000000), ref: 00436B73
                        • _wcslen.LIBCMT ref: 00436B79
                        • _wcscpy.LIBCMT ref: 00436B9F
                        • _wcscat.LIBCMT ref: 00436BC0
                        • VerQueryValueW.VERSION(00000000,\VarFileInfo\Translation,?,?,?,?,?,?,?,?,?,00000000,00000000,00000000), ref: 00436BE7
                        • _wcscat.LIBCMT ref: 00436C2A
                        • _wcscat.LIBCMT ref: 00436C31
                        • __wcsicoll.LIBCMT ref: 00436C4B
                        • _wcsncpy.LIBCMT ref: 00436C62
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: _wcscat$FileInfoVersion$QuerySizeValue__wcsicoll_wcscpy_wcslen_wcsncpy
                        • String ID: %u.%u.%u.%u$04090000$DefaultLangCodepage$StringFileInfo\$\VarFileInfo\Translation
                        • API String ID: 1503153545-1459072770
                        • Opcode ID: 4bf5914395717010b0ea9e2d69638f6034391d2624482ee6cf2f9dbb9f61e865
                        • Instruction ID: f4118b49cd66f9fee818cdfc0bae26735a4a754b0a3131160812af9443992caa
                        • Opcode Fuzzy Hash: 4bf5914395717010b0ea9e2d69638f6034391d2624482ee6cf2f9dbb9f61e865
                        • Instruction Fuzzy Hash: B54115B264020137D200B7269C83EFF735CDE99715F54091FFE45A2253FA2EA69642BE
                        APIs
                          • Part of subcall function 004431E0: __time64.LIBCMT ref: 004431EA
                        • _fseek.LIBCMT ref: 004527FC
                        • __wsplitpath.LIBCMT ref: 0045285C
                        • _wcscpy.LIBCMT ref: 00452871
                        • _wcscat.LIBCMT ref: 00452886
                        • __wsplitpath.LIBCMT ref: 004528B0
                        • _wcscat.LIBCMT ref: 004528C8
                        • _wcscat.LIBCMT ref: 004528DD
                        • __fread_nolock.LIBCMT ref: 00452914
                        • __fread_nolock.LIBCMT ref: 00452925
                        • __fread_nolock.LIBCMT ref: 00452944
                        • __fread_nolock.LIBCMT ref: 00452955
                        • __fread_nolock.LIBCMT ref: 00452976
                        • __fread_nolock.LIBCMT ref: 00452987
                        • __fread_nolock.LIBCMT ref: 00452998
                        • __fread_nolock.LIBCMT ref: 004529A9
                          • Part of subcall function 004523CE: __fread_nolock.LIBCMT ref: 004523ED
                          • Part of subcall function 004523CE: __fread_nolock.LIBCMT ref: 00452432
                          • Part of subcall function 004523CE: __fread_nolock.LIBCMT ref: 0045244F
                          • Part of subcall function 004523CE: _wcscpy.LIBCMT ref: 0045247D
                          • Part of subcall function 004523CE: __fread_nolock.LIBCMT ref: 0045248E
                          • Part of subcall function 004523CE: __fread_nolock.LIBCMT ref: 004524AB
                          • Part of subcall function 004523CE: _wcscpy.LIBCMT ref: 004524D9
                        • __fread_nolock.LIBCMT ref: 00452A39
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: __fread_nolock$_wcscat_wcscpy$__wsplitpath$__time64_fseek
                        • String ID:
                        • API String ID: 2054058615-0
                        • Opcode ID: 983239acf030dd5dbcb525efe1f3094d5bf78e470c43ee0c462dc16c64ee25c2
                        • Instruction ID: 66779ec6e5012556871fefb3c18d5d4f0449fb8b445ab61f685bb60241e2a5ae
                        • Opcode Fuzzy Hash: 983239acf030dd5dbcb525efe1f3094d5bf78e470c43ee0c462dc16c64ee25c2
                        • Instruction Fuzzy Hash: 16C14EB2508340ABD320DF65C881EEBB7E8EFC9714F444D2FF68987241E6799544CBA6
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID:
                        • String ID: 0
                        • API String ID: 0-4108050209
                        • Opcode ID: 832d7dfe82571d46151d64c4ba74b7ae12496bc5cddea04242c0c379dd164914
                        • Instruction ID: a4e6889c8706d2a682ad3cc8acca51b009283e1ae9b51da70db0806919efebf9
                        • Opcode Fuzzy Hash: 832d7dfe82571d46151d64c4ba74b7ae12496bc5cddea04242c0c379dd164914
                        • Instruction Fuzzy Hash: 95C104723403416BF3209B64DC46FBBB794EB95321F04453FFA45D62C1EBBA9409876A
                        APIs
                          • Part of subcall function 0041171A: _malloc.LIBCMT ref: 00411734
                        • GetWindowRect.USER32(?,?), ref: 004701EA
                        • GetClientRect.USER32(?,?), ref: 004701FA
                        • GetSystemMetrics.USER32(00000007), ref: 00470202
                        • GetSystemMetrics.USER32(00000008), ref: 00470216
                        • GetSystemMetrics.USER32(00000004), ref: 00470238
                        • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 0047026B
                        • GetSystemMetrics.USER32(00000007), ref: 00470273
                        • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 004702A0
                        • GetSystemMetrics.USER32(00000008), ref: 004702A8
                        • GetSystemMetrics.USER32(00000004), ref: 004702CF
                        • SetRect.USER32(?,00000000,00000000,?,?), ref: 004702F1
                        • AdjustWindowRectEx.USER32(?,?,00000000,000000FF), ref: 00470304
                        • CreateWindowExW.USER32(?,AutoIt v3 GUI,?,?,?,?,?,?,?,00000000,00400000,00000000), ref: 0047033E
                        • SetWindowLongW.USER32(00000000,000000EB,?), ref: 00470356
                        • GetClientRect.USER32(?,?), ref: 00470371
                        • GetStockObject.GDI32(00000011), ref: 00470391
                        • SendMessageW.USER32(?,00000030,00000000), ref: 0047039D
                        • SetTimer.USER32(00000000,00000000,00000028,Function_00061E7F), ref: 004703C4
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: System$Metrics$Rect$Window$ClientInfoParameters$AdjustCreateLongMessageObjectSendStockTimer_malloc
                        • String ID: AutoIt v3 GUI
                        • API String ID: 867697134-248962490
                        • Opcode ID: 0d702e1f111dc4b461eb7f98f3a5a74387d5f37c8fb6fd827a42ca67ae032642
                        • Instruction ID: 96ed3905d942d8c5c267f8207effb08aff50268186fc7250a269a1908d1679c9
                        • Opcode Fuzzy Hash: 0d702e1f111dc4b461eb7f98f3a5a74387d5f37c8fb6fd827a42ca67ae032642
                        • Instruction Fuzzy Hash: 27B19F71205301AFD324DF68DD45B6BB7E4FB88710F108A2EFA9587290DBB5E844CB5A
                        APIs
                        • SetWindowPos.USER32(004A83D8,00000000,00000000,00000000,00000000,00000000,00000013,004A83D8,?,?), ref: 0044880A
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: Window
                        • String ID: 0
                        • API String ID: 2353593579-4108050209
                        • Opcode ID: ca380a5f1b7b22306afb7d181ee8588f63c71b92ae7430e038360cbc2591eaeb
                        • Instruction ID: 13976ff69904029c6bcd7d6129a783336058688c161485e0dcc644b2654616cc
                        • Opcode Fuzzy Hash: ca380a5f1b7b22306afb7d181ee8588f63c71b92ae7430e038360cbc2591eaeb
                        • Instruction Fuzzy Hash: 94B19DB02443419FF324CF14C889BABBBE4EB89744F14491EF991972D1DBB8E845CB5A
                        APIs
                        • GetSysColor.USER32 ref: 0044A11D
                        • GetClientRect.USER32(?,?), ref: 0044A18D
                        • SendMessageW.USER32(?,00001328,00000000,?), ref: 0044A1A6
                        • GetWindowDC.USER32(?), ref: 0044A1B3
                        • GetPixel.GDI32(00000000,?,?), ref: 0044A1C6
                        • ReleaseDC.USER32(?,00000000), ref: 0044A1D6
                        • GetSysColor.USER32(0000000F), ref: 0044A1EC
                        • GetWindowLongW.USER32(?,000000F0), ref: 0044A207
                        • GetSysColor.USER32(0000000F), ref: 0044A216
                        • GetSysColor.USER32(00000005), ref: 0044A21E
                        • GetWindowDC.USER32 ref: 0044A277
                        • GetPixel.GDI32(00000000,00000000,00000000), ref: 0044A28A
                        • GetPixel.GDI32(00000000,?,00000000), ref: 0044A29F
                        • GetPixel.GDI32(00000000,00000000,?), ref: 0044A2B4
                        • GetPixel.GDI32(00000000,?,?), ref: 0044A2D0
                        • ReleaseDC.USER32(?,00000000), ref: 0044A2D8
                        • SetTextColor.GDI32(00000000,?), ref: 0044A2F6
                        • SetBkMode.GDI32(00000000,00000001), ref: 0044A30A
                        • GetStockObject.GDI32(00000005), ref: 0044A312
                        • SetBkColor.GDI32(00000000,00000000), ref: 0044A328
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: Color$Pixel$Window$Release$ClientLongMessageModeObjectRectSendStockText
                        • String ID:
                        • API String ID: 1744303182-0
                        • Opcode ID: c697551d262e08263a45fd1ab6b47457a8b4de30e4a023901e5f3e03e0b3260a
                        • Instruction ID: f407f88e1fc9bdd08975b2e96734b256c85d8f08b0ead5e1f8dbf5832e348edb
                        • Opcode Fuzzy Hash: c697551d262e08263a45fd1ab6b47457a8b4de30e4a023901e5f3e03e0b3260a
                        • Instruction Fuzzy Hash: AD6148315442016BE3209B388C88BBFB7A4FB49324F54079EF9A8973D0D7B99C51D76A
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: __wcsicoll$__wcsnicmp
                        • String ID: ACTIVE$ALL$CLASSNAME=$HANDLE=$LAST$REGEXP=$[ACTIVE$[ALL$[CLASS:$[HANDLE:$[LAST$[REGEXPTITLE:
                        • API String ID: 790654849-1810252412
                        • Opcode ID: 3ef763bd77a89c14e9ef14da431a542ecfa9ee53dca0875bc5fd58ba0035de2e
                        • Instruction ID: 1b62209f2aa4de5792947d5a3aa61dcd1c874d3672784017b8f4b2c72f71c34c
                        • Opcode Fuzzy Hash: 3ef763bd77a89c14e9ef14da431a542ecfa9ee53dca0875bc5fd58ba0035de2e
                        • Instruction Fuzzy Hash: 7A3193B1644301A7CA00FA61DC83F5B73A85F54759F100A3FB955B61D6FA6CEA0C862F
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID:
                        • String ID: >>>AUTOIT SCRIPT<<<$\
                        • API String ID: 0-1896584978
                        • Opcode ID: 044f2c4ecf877d2b2fc48157703a0e30c53185d3f7c6c17f150f9ffb4993ef22
                        • Instruction ID: e6fbcda15cb9520e0e34bfac0f9750edaedb1b44b840e2dcfb1a2c219c195b9a
                        • Opcode Fuzzy Hash: 044f2c4ecf877d2b2fc48157703a0e30c53185d3f7c6c17f150f9ffb4993ef22
                        • Instruction Fuzzy Hash: 907186B2504300ABC720EB65C885FEBB3E8AF94714F148D1FF58997142E679E648C75A
                        APIs
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: InitVariant
                        • String ID:
                        • API String ID: 1927566239-0
                        • Opcode ID: 0ce8a0180f427c6633dd7a645a706da8f2470da33a28fd12fcc8bbcffff15558
                        • Instruction ID: b17386a2766a1a739d91313a8bf0106a5dd250ff49ec0cac6ee5761d63536315
                        • Opcode Fuzzy Hash: 0ce8a0180f427c6633dd7a645a706da8f2470da33a28fd12fcc8bbcffff15558
                        • Instruction Fuzzy Hash: 87A1F5766146019FC300EF65D88499FB7AAFF85315F408D3EFA49C3211D77AD4098BAA
                        APIs
                          • Part of subcall function 004021E0: _wcslen.LIBCMT ref: 004021F2
                        • GetForegroundWindow.USER32(?,?), ref: 0046D7C1
                        • GetForegroundWindow.USER32 ref: 0046DBA4
                        • IsWindow.USER32(?), ref: 0046DBDE
                        • GetDesktopWindow.USER32 ref: 0046DCB5
                        • EnumChildWindows.USER32(00000000), ref: 0046DCBC
                        • EnumWindows.USER32(00460772,?), ref: 0046DCC4
                          • Part of subcall function 00445975: _wcslen.LIBCMT ref: 00445984
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: Window$EnumForegroundWindows_wcslen$ChildDesktop
                        • String ID: ACTIVE$ALL$CLASS$HANDLE$INSTANCE$LAST$REGEXPCLASS$REGEXPTITLE$TITLE
                        • API String ID: 1322021666-1919597938
                        • Opcode ID: f0ae0bd5c84c8fbd9fa80e8b17a650ade3f6139d63811c55da114ce2128ba9af
                        • Instruction ID: 252cd24da08a8cddfda52e39780f3f39bafd894638fb43d2866a45805a666b3e
                        • Opcode Fuzzy Hash: f0ae0bd5c84c8fbd9fa80e8b17a650ade3f6139d63811c55da114ce2128ba9af
                        • Instruction Fuzzy Hash: 96F1C571D143409BCB00EF61C881EAB73A4BF95308F44496FF9456B286E77DE909CB6A
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: __wcsicoll$IconLoad
                        • String ID: blank$info$question$stop$warning
                        • API String ID: 2485277191-404129466
                        • Opcode ID: 5bed60ec3368b378429e4d7d86c3e9ed6cb6a0c6f582f3c961ebbe10ae210b10
                        • Instruction ID: 3fdcc892c2a25cebf9aff257507665a297d4e16c4260cb8f6e9492a672fb13e0
                        • Opcode Fuzzy Hash: 5bed60ec3368b378429e4d7d86c3e9ed6cb6a0c6f582f3c961ebbe10ae210b10
                        • Instruction Fuzzy Hash: CB2128B6B08301A7D610A725BC05FDF27489FA8365F004C2BF941E2283F3A8A45583BD
                        APIs
                        • CompareStringW.KERNEL32(?,?,004832AC,00000001,004832AC,00000001), ref: 00428611
                        • GetLastError.KERNEL32(?,?,004832AC,00000001,004832AC,00000001), ref: 00428627
                        • strncnt.LIBCMT ref: 00428646
                        • strncnt.LIBCMT ref: 0042865A
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: strncnt$CompareErrorLastString
                        • String ID:
                        • API String ID: 1776594460-0
                        • Opcode ID: 409d39d31d49c90a4132468ed3074cd5345a98ee66abf4e21a74ff80ab18450e
                        • Instruction ID: 056e5a993d73ec50dc3c8e072878bb631c9b69e1f80941a2a69bbd8adeb14d7f
                        • Opcode Fuzzy Hash: 409d39d31d49c90a4132468ed3074cd5345a98ee66abf4e21a74ff80ab18450e
                        • Instruction Fuzzy Hash: 0DA1B131B01225AFDF219F61EC41AAF7BB6AF94340FA4402FF81196251DF3D8891CB58
                        APIs
                        • LoadIconW.USER32(?,00000063), ref: 004545DA
                        • SendMessageW.USER32(?,00000080,00000000,00000000), ref: 004545EC
                        • SetWindowTextW.USER32(?,?), ref: 00454606
                        • GetDlgItem.USER32(?,000003EA), ref: 0045461F
                        • SetWindowTextW.USER32(00000000,?), ref: 00454626
                        • GetDlgItem.USER32(?,000003E9), ref: 00454637
                        • SetWindowTextW.USER32(00000000,?), ref: 0045463E
                        • SendDlgItemMessageW.USER32(?,000003E9,000000CC,?,00000000), ref: 00454663
                        • SendDlgItemMessageW.USER32(?,000003E9,000000C5,?,00000000), ref: 0045467D
                        • GetWindowRect.USER32(?,?), ref: 00454688
                        • SetWindowTextW.USER32(?,?), ref: 004546FD
                        • GetDesktopWindow.USER32 ref: 00454708
                        • GetWindowRect.USER32(00000000), ref: 0045470F
                        • MoveWindow.USER32(?,?,00000000,?,?,00000000), ref: 00454760
                        • GetClientRect.USER32(?,?), ref: 0045476F
                        • PostMessageW.USER32(?,00000005,00000000,?), ref: 0045479E
                        • SetTimer.USER32(?,0000040A,?,00000000), ref: 004547E9
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: Window$ItemMessageText$RectSend$ClientDesktopIconLoadMovePostTimer
                        • String ID:
                        • API String ID: 3869813825-0
                        • Opcode ID: d6d25c813e590b752cbfd9858452ff05e3d443d6a6ce6916d89e520ab15b373f
                        • Instruction ID: 4e77de65cc6986e78e6be143d0a4b9e7f39e78804b6f4fc71fe9e35dfcfd5046
                        • Opcode Fuzzy Hash: d6d25c813e590b752cbfd9858452ff05e3d443d6a6ce6916d89e520ab15b373f
                        • Instruction Fuzzy Hash: 8C616D71604701AFD320DF68CD88F2BB7E8AB88709F004E1DF98697691D7B8E849CB55
                        APIs
                        • LoadCursorW.USER32(00000000,00007F8A), ref: 00458D2D
                        • LoadCursorW.USER32(00000000,00007F00), ref: 00458D3A
                        • LoadCursorW.USER32(00000000,00007F03), ref: 00458D47
                        • LoadCursorW.USER32(00000000,00007F8B), ref: 00458D54
                        • LoadCursorW.USER32(00000000,00007F01), ref: 00458D61
                        • LoadCursorW.USER32(00000000,00007F81), ref: 00458D6E
                        • LoadCursorW.USER32(00000000,00007F88), ref: 00458D7B
                        • LoadCursorW.USER32(00000000,00007F80), ref: 00458D88
                        • LoadCursorW.USER32(00000000,00007F86), ref: 00458D95
                        • LoadCursorW.USER32(00000000,00007F83), ref: 00458DA2
                        • LoadCursorW.USER32(00000000,00007F85), ref: 00458DAF
                        • LoadCursorW.USER32(00000000,00007F82), ref: 00458DBC
                        • LoadCursorW.USER32(00000000,00007F84), ref: 00458DC9
                        • LoadCursorW.USER32(00000000,00007F04), ref: 00458DD6
                        • LoadCursorW.USER32(00000000,00007F02), ref: 00458DE3
                        • LoadCursorW.USER32(00000000,00007F89), ref: 00458DF0
                        • GetCursorInfo.USER32 ref: 00458E03
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: Cursor$Load$Info
                        • String ID:
                        • API String ID: 2577412497-0
                        • Opcode ID: 0c78b259ae472df09145ddf792cd37f85d2c816b82f1d484569203a38ef646a1
                        • Instruction ID: 36b4ee280ed0253346847529aeb00c95e660e1b7f2a6688567eec4957a26740b
                        • Opcode Fuzzy Hash: 0c78b259ae472df09145ddf792cd37f85d2c816b82f1d484569203a38ef646a1
                        • Instruction Fuzzy Hash: D9311671E4C3156AE7509F758C5AB1BBEE0AF40B54F004D2FF2889F2D1DAB9E4448B86
                        APIs
                        • PostMessageW.USER32(?,00000112,0000F060,00000000), ref: 004696CC
                        • GetFocus.USER32 ref: 004696E0
                        • GetDlgCtrlID.USER32(00000000), ref: 004696EB
                        • PostMessageW.USER32(?,00000111,?,00000000), ref: 0046973F
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: MessagePost$CtrlFocus
                        • String ID: 0
                        • API String ID: 1534620443-4108050209
                        • Opcode ID: 3dab727c688772619e9efc5d23afb6fcae73775eddc560d175f3e695e52b8611
                        • Instruction ID: 7d80af5808d25915b866e76daf530f36ef8b085de22dc1c7fc8dbb607ae8adb7
                        • Opcode Fuzzy Hash: 3dab727c688772619e9efc5d23afb6fcae73775eddc560d175f3e695e52b8611
                        • Instruction Fuzzy Hash: 1591E1B1604301ABD710DF14D884BABB7A8FB89714F004A1EF99497391E7B4DC49CBAB
                        APIs
                        • _memset.LIBCMT ref: 00468107
                        • GetMenuItemInfoW.USER32(?,00000007,00000000,?), ref: 00468190
                        • GetMenuItemCount.USER32(?), ref: 00468227
                        • DeleteMenu.USER32(?,00000005,00000000), ref: 004682B8
                        • DeleteMenu.USER32(?,00000004,00000000), ref: 004682C1
                        • DeleteMenu.USER32(?,00000006,00000000,?,00000004,00000000), ref: 004682CA
                        • DeleteMenu.USER32(00000000,00000003,00000000,?,00000006,00000000,?,00000004,00000000), ref: 004682D3
                        • GetMenuItemCount.USER32 ref: 004682DC
                        • SetMenuItemInfoW.USER32 ref: 00468317
                        • GetCursorPos.USER32(00000000), ref: 00468322
                        • SetForegroundWindow.USER32(?), ref: 0046832D
                        • TrackPopupMenuEx.USER32(?,00000000,00000000,00000006,?,00000000,?,?,00000006,00000000,?,00000004,00000000), ref: 00468345
                        • PostMessageW.USER32(?,00000000,00000000,00000000), ref: 00468352
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: Menu$DeleteItem$CountInfo$CursorForegroundMessagePopupPostTrackWindow_memset
                        • String ID: 0
                        • API String ID: 3993528054-4108050209
                        • Opcode ID: d5573be1ba1a613c106f8e764602a2d45d8b266f51cd1eb04f60dea375430468
                        • Instruction ID: a450cccb4b36e122d1eca3afa35c85d1e57e2007e4dd5bc50ce81cada7f4397f
                        • Opcode Fuzzy Hash: d5573be1ba1a613c106f8e764602a2d45d8b266f51cd1eb04f60dea375430468
                        • Instruction Fuzzy Hash: 3C71C070648301ABE3309B14CC49F5BB7E8BF86724F244B0EF5A5563D1DBB9A8458B1B
                        APIs
                        • DragQueryPoint.SHELL32(?,?), ref: 0046F2DA
                          • Part of subcall function 00441CB4: ClientToScreen.USER32(00000000,?), ref: 00441CDE
                          • Part of subcall function 00441CB4: GetWindowRect.USER32(?,?), ref: 00441D5A
                          • Part of subcall function 00441CB4: PtInRect.USER32(?,?,?), ref: 00441D6F
                        • SendMessageW.USER32(?), ref: 0046F34C
                        • DragQueryFileW.SHELL32(?,000000FF,00000000,00000000), ref: 0046F355
                        • DragQueryFileW.SHELL32(?,00000000,?,00000104), ref: 0046F37F
                        • _wcscat.LIBCMT ref: 0046F3BC
                        • SendMessageW.USER32(?,000000C2,00000001,?), ref: 0046F3D1
                        • SendMessageW.USER32(?,000000B0,?,?), ref: 0046F3E3
                        • SendMessageW.USER32(?,000000B1,?,?), ref: 0046F3F1
                        • SendMessageW.USER32(?,000000B1,?,?), ref: 0046F40E
                        • DragFinish.SHELL32(?), ref: 0046F414
                        • DefDlgProcW.USER32(?,00000233,?,00000000,?,?,?), ref: 0046F4FC
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: MessageSend$Drag$Query$FileRect$ClientFinishPointProcScreenWindow_wcscat
                        • String ID: @GUI_DRAGFILE$@GUI_DRAGID$@GUI_DROPID
                        • API String ID: 4085615965-3440237614
                        • Opcode ID: e6dc8860684545ee98a9b737372e313d8034606243f87d3f07a4344f64e9a130
                        • Instruction ID: d92027b63b9478c52a8b17f069484fb886a707b260a555cedefccfc898d4b85d
                        • Opcode Fuzzy Hash: e6dc8860684545ee98a9b737372e313d8034606243f87d3f07a4344f64e9a130
                        • Instruction Fuzzy Hash: 596170716043009BD700EF54D885E5FB7A8FFC9714F104A2EF99097291D7B8A949CBAA
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: __wcsicoll
                        • String ID: LEFT$MAIN$MENU$MIDDLE$PRIMARY$RIGHT$SECONDARY
                        • API String ID: 3832890014-4202584635
                        • Opcode ID: 3f0b73fdde0a53fb0a00575eab05b85141dd4a2dcfcc4ab19f269ee93bd0b8a8
                        • Instruction ID: bf73cd225697d97a5a257e466bf5c8c79b4efa22739c650e03c6b1f9c6e9338c
                        • Opcode Fuzzy Hash: 3f0b73fdde0a53fb0a00575eab05b85141dd4a2dcfcc4ab19f269ee93bd0b8a8
                        • Instruction Fuzzy Hash: 1D01616160562122FE11322A7C03BDF15898F5139AF14447BFC05F1282FF4DDA8692EE
                        APIs
                        • _memset.LIBCMT ref: 004669C4
                        • _wcsncpy.LIBCMT ref: 00466A21
                        • _wcsncpy.LIBCMT ref: 00466A4D
                          • Part of subcall function 0040FFF0: _wcslen.LIBCMT ref: 0040FFF2
                          • Part of subcall function 0040FFF0: _wcscpy.LIBCMT ref: 00410012
                        • _wcstok.LIBCMT ref: 00466A90
                          • Part of subcall function 004142A3: __getptd.LIBCMT ref: 004142A9
                        • _wcstok.LIBCMT ref: 00466B3F
                        • _wcscpy.LIBCMT ref: 00466BC8
                        • GetOpenFileNameW.COMDLG32(00000058), ref: 00466CFE
                        • _wcslen.LIBCMT ref: 00466D1D
                        • _memset.LIBCMT ref: 00466BEE
                          • Part of subcall function 004021E0: _wcslen.LIBCMT ref: 004021F2
                        • _wcslen.LIBCMT ref: 00466D4B
                        • GetSaveFileNameW.COMDLG32(00000058), ref: 00466D9E
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: _wcslen$FileName_memset_wcscpy_wcsncpy_wcstok$OpenSave__getptd
                        • String ID: X$HH
                        • API String ID: 3021350936-1944015008
                        • Opcode ID: b06cb37d3db4ad53d3a41f94d3d7a052046d00add24c9c6de48b5fd017d77e84
                        • Instruction ID: 73e83d7ea4d12cbe09e247b0b8120e99e9ae8af51722f6ce2f45a1bbad6557a4
                        • Opcode Fuzzy Hash: b06cb37d3db4ad53d3a41f94d3d7a052046d00add24c9c6de48b5fd017d77e84
                        • Instruction Fuzzy Hash: D1C1B2715043408BC714EF65C981A9FB3E4BF84304F15892FF949AB292EB78E905CB9B
                        APIs
                        • _memset.LIBCMT ref: 0045F4AE
                        • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 0045F519
                        • SetMenuItemInfoW.USER32(00000008,00000004,00000000,?), ref: 0045F556
                        • Sleep.KERNEL32(000001F4,?,?,00000000,?), ref: 0045F568
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: InfoItemMenu$Sleep_memset
                        • String ID: 0
                        • API String ID: 1504565804-4108050209
                        • Opcode ID: b2eb264578549714347dca4c6cc1c63db220fd8d89572d1a81e0d1d82c6caf25
                        • Instruction ID: 9e8996cb251b45e9fd8013479734a73363ce4640cf951279a7d2fdadd0934edb
                        • Opcode Fuzzy Hash: b2eb264578549714347dca4c6cc1c63db220fd8d89572d1a81e0d1d82c6caf25
                        • Instruction Fuzzy Hash: E171E3711043406BD3109F54DD48FABBBE8EBD5306F04086FFD8587252D6B9A94EC76A
                        APIs
                        • DestroyWindow.USER32(?,004A83D8,?), ref: 00455800
                        • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00400000,00000000), ref: 00455847
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: Window$CreateDestroy
                        • String ID: ,$tooltips_class32
                        • API String ID: 1109047481-3856767331
                        • Opcode ID: 0ca5ab61cf6a2cad142a114e1c8ac043728d1bef212d4075191e352a737c6d07
                        • Instruction ID: af4df8b80438f92fd5356fe82daba85812243c44dff517d7eb602cf52e2cfce3
                        • Opcode Fuzzy Hash: 0ca5ab61cf6a2cad142a114e1c8ac043728d1bef212d4075191e352a737c6d07
                        • Instruction Fuzzy Hash: BF719075244704AFE320DB28CC85F7B77E4EB89700F50491EFA8197391E6B5E905CB59
                        APIs
                        • _wcsncpy.LIBCMT ref: 0045CCFA
                        • __wsplitpath.LIBCMT ref: 0045CD3C
                        • _wcscat.LIBCMT ref: 0045CD51
                        • _wcscat.LIBCMT ref: 0045CD63
                        • GetCurrentDirectoryW.KERNEL32(00000104,?,?,?,?,?,?,?,00000104,?), ref: 0045CD78
                        • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?,?,?,00000104,?), ref: 0045CD8C
                          • Part of subcall function 00436AC4: GetFileAttributesW.KERNEL32(?,0044BD82,?,?,?), ref: 00436AC9
                        • GetFileAttributesW.KERNEL32(?,?,?,?,?,?,?,?,00000104,?), ref: 0045CDD0
                        • SetFileAttributesW.KERNEL32(?,?,?,?,?,?,?,?,?,00000104,?), ref: 0045CDE6
                        • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?,?,?,?,00000104,?), ref: 0045CDF8
                        • SetCurrentDirectoryW.KERNEL32(?), ref: 0045CE08
                        • _wcscpy.LIBCMT ref: 0045CE14
                        • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?,?,?,?,00000104,?), ref: 0045CE5A
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: CurrentDirectory$AttributesFile$_wcscat$__wsplitpath_wcscpy_wcsncpy
                        • String ID: *.*
                        • API String ID: 1153243558-438819550
                        • Opcode ID: 5bfa431d4ef7075d2dc920e4199facb1e2714bc7465ef22df03346902ac9b5e5
                        • Instruction ID: 4b7f18f3392d5c51d0b0bcfc25b88d1348604f1c1aa494fd035d881d108a9fe9
                        • Opcode Fuzzy Hash: 5bfa431d4ef7075d2dc920e4199facb1e2714bc7465ef22df03346902ac9b5e5
                        • Instruction Fuzzy Hash: 0561E5B61043419FD731EF54C885AEBB7E4EB84305F44882FED8983242D67D998E879E
                        APIs
                        • _memset.LIBCMT ref: 00455127
                        • GetMenuItemInfoW.USER32 ref: 00455146
                        • DeleteMenu.USER32(?,?,00000000), ref: 004551B2
                        • DeleteMenu.USER32(?,?,00000000), ref: 004551C8
                        • GetMenuItemCount.USER32(?), ref: 004551D9
                        • SetMenu.USER32(?,00000000), ref: 004551E7
                        • DestroyMenu.USER32(?,?,00000000), ref: 004551F4
                        • DrawMenuBar.USER32 ref: 00455207
                        • DeleteObject.GDI32(?), ref: 0045564E
                        • DeleteObject.GDI32(?), ref: 0045565C
                        • DestroyIcon.USER32(?,?,?,?,?), ref: 0045566A
                        • DestroyWindow.USER32(?,?,?,?,?), ref: 00455678
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: Menu$Delete$Destroy$ItemObject$CountDrawIconInfoWindow_memset
                        • String ID: 0
                        • API String ID: 1663942905-4108050209
                        • Opcode ID: 9367fca2e423954c8e95e5664296e443175f4f0a3dc8af8de701f007cae6aaa4
                        • Instruction ID: b4bdd7d0bd4ee66815c45afb4cba49e6688c1fb7c5fb2b704b87d0eb3faa17d4
                        • Opcode Fuzzy Hash: 9367fca2e423954c8e95e5664296e443175f4f0a3dc8af8de701f007cae6aaa4
                        • Instruction Fuzzy Hash: F4413B70600A01AFD715DF24D9A8B6B77A8BF44302F40891DFD49CB292DB78EC44CBA9
                        APIs
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: __get_daylight__invoke_watson$__gmtime64_s$__getptd_noexit
                        • String ID:
                        • API String ID: 1481289235-0
                        • Opcode ID: 0c2ddcf2cfad548662a25bd64df7f8cdb197bd458fe0989c9b03f034f06c5664
                        • Instruction ID: 11750150b5911b8a2d77b888e51b7102539fbc40f42687a9f62e69b5342e6946
                        • Opcode Fuzzy Hash: 0c2ddcf2cfad548662a25bd64df7f8cdb197bd458fe0989c9b03f034f06c5664
                        • Instruction Fuzzy Hash: 8461B372B00B15DBD724AB69DC81AEB73E99F84324F14452FF011D7682EB78DA808B58
                        APIs
                        • ExtractIconExW.SHELL32(?,?,?,?,00000001), ref: 0046FB61
                        • ExtractIconExW.SHELL32(?,000000FF,?,?,00000001), ref: 0046FB7A
                        • SendMessageW.USER32 ref: 0046FBAF
                        • SendMessageW.USER32 ref: 0046FBE2
                        • ImageList_Create.COMCTL32(00000010,00000010,00000021,?,00000001), ref: 0046FC1B
                        • SendMessageW.USER32(?,00001003,00000001,00000000), ref: 0046FC3E
                        • ImageList_Create.COMCTL32(00000020,00000020,00000021,?,00000001), ref: 0046FC51
                        • SendMessageW.USER32(?,00001003,00000000,00000000), ref: 0046FC73
                        • ImageList_ReplaceIcon.COMCTL32(?,000000FF,?), ref: 0046FC97
                        • ImageList_ReplaceIcon.COMCTL32(?,000000FF,?), ref: 0046FCA5
                        • SendMessageW.USER32 ref: 0046FD00
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: MessageSend$IconImageList_$CreateExtractReplace
                        • String ID:
                        • API String ID: 2632138820-0
                        • Opcode ID: 84d296b218fe0245d687438722339ecf4745b7249032fe4bb2113eafbff2dc59
                        • Instruction ID: f8b2170a3f6480226351c2682443129a31dd3945ebd2779c8b18a40e734619f9
                        • Opcode Fuzzy Hash: 84d296b218fe0245d687438722339ecf4745b7249032fe4bb2113eafbff2dc59
                        • Instruction Fuzzy Hash: A461BF70208305AFD320DF14DC85F5BB7E4FB89B14F10492EFA85972D1E7B4A8498B66
                        APIs
                        • LoadCursorW.USER32(00000000,00007F89), ref: 00433BC7
                        • LoadCursorW.USER32(00000000,00007F8A), ref: 00433BDE
                        • LoadCursorW.USER32(00000000,00007F03), ref: 00433BF5
                        • LoadCursorW.USER32(00000000,00007F8B), ref: 00433C0C
                        • LoadCursorW.USER32(00000000,00007F01), ref: 00433C23
                        • LoadCursorW.USER32(00000000,00007F88), ref: 00433C3A
                        • LoadCursorW.USER32(00000000,00007F86), ref: 00433C51
                        • LoadCursorW.USER32(00000000,00007F83), ref: 00433C68
                        • LoadCursorW.USER32(00000000,00007F85), ref: 00433C7F
                        • LoadCursorW.USER32(00000000,00007F82), ref: 00433C96
                        • LoadCursorW.USER32(00000000,00007F84), ref: 00433CAD
                        • LoadCursorW.USER32(00000000,00007F04), ref: 00433CC4
                        • LoadCursorW.USER32(00000000,00007F02), ref: 00433CDB
                        • LoadCursorW.USER32(00000000,00000000), ref: 00433CEF
                        • LoadCursorW.USER32(00000000,00007F00), ref: 00433D06
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: CursorLoad
                        • String ID:
                        • API String ID: 3238433803-0
                        • Opcode ID: a9ae3fa102d058121485b558102ae55493db0c8a3ed3723cc80ee02977cbc66e
                        • Instruction ID: acd63d7325575073817552101614e6badc0a76bef24473f745c9da0ba21645f6
                        • Opcode Fuzzy Hash: a9ae3fa102d058121485b558102ae55493db0c8a3ed3723cc80ee02977cbc66e
                        • Instruction Fuzzy Hash: 6D310E3058C302FFE7504F50EE0AB1C36A0BB48B47F008C7DF64AA62E0E6F055009B9A
                        APIs
                        • GetClassNameW.USER32(?,?,00000100), ref: 00460AF5
                        • _wcslen.LIBCMT ref: 00460B00
                        • __swprintf.LIBCMT ref: 00460B9E
                        • SendMessageTimeoutW.USER32(?,?,00000101,00000000,00000002,00001388,?), ref: 00460C11
                        • GetClassNameW.USER32(?,?,00000400), ref: 00460C8E
                        • GetDlgCtrlID.USER32(?), ref: 00460CE6
                        • GetWindowRect.USER32(?,?), ref: 00460D21
                        • GetParent.USER32(?), ref: 00460D40
                        • ScreenToClient.USER32(00000000), ref: 00460D47
                        • GetClassNameW.USER32(?,?,00000100), ref: 00460DBE
                        • GetWindowTextW.USER32(?,?,00000400), ref: 00460DFB
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: ClassName$Window$ClientCtrlMessageParentRectScreenSendTextTimeout__swprintf_wcslen
                        • String ID: %s%u
                        • API String ID: 1899580136-679674701
                        • Opcode ID: 263ba601bdfcacdbc09c0537f08939095875f2576dae1f9512caffb95b688f0a
                        • Instruction ID: ed0b46c26cbb3f928a943cd91895a09858176ee0e89b0f6962e21683ef9d2041
                        • Opcode Fuzzy Hash: 263ba601bdfcacdbc09c0537f08939095875f2576dae1f9512caffb95b688f0a
                        • Instruction Fuzzy Hash: 3AA1CD722043019BDB14DF54C884BEB73A8FF84714F04892EFD889B245E778E946CBA6
                        APIs
                        • CoTaskMemFree.OLE32(?), ref: 0047D6D3
                          • Part of subcall function 004021E0: _wcslen.LIBCMT ref: 004021F2
                        • StringFromCLSID.OLE32(?,?), ref: 0047D6B5
                          • Part of subcall function 0040FFF0: _wcslen.LIBCMT ref: 0040FFF2
                          • Part of subcall function 0040FFF0: _wcscpy.LIBCMT ref: 00410012
                        • StringFromIID.OLE32(?,?), ref: 0047D7F0
                        • CoTaskMemFree.OLE32(?), ref: 0047D80A
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: FreeFromStringTask_wcslen$_wcscpy
                        • String ID: 0vH$CLSID\$Interface\$ProgID$ToolBoxBitmap32$inprocserver32$localserver32$HH
                        • API String ID: 2485709727-934586222
                        • Opcode ID: 94ff36e8c5adf47d5d15ad8c3baf2c81511e2686fb9cf3bb874d512fd4cd8d9e
                        • Instruction ID: 9b1d76abf7044590dd80f2c514dab21f357569e7696d0ed80310904c07b122bf
                        • Opcode Fuzzy Hash: 94ff36e8c5adf47d5d15ad8c3baf2c81511e2686fb9cf3bb874d512fd4cd8d9e
                        • Instruction Fuzzy Hash: 63714BB5614201AFC304EF25C981D5BB3F8BF88704F108A2EF5599B351DB78E905CB6A
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: _wcscpy$Folder_memset$BrowseDesktopFromInitializeListMallocPathUninitialize
                        • String ID: HH
                        • API String ID: 3381189665-2761332787
                        • Opcode ID: cbd34bb05af2b60d6becc686f20e38c9c02ad4ea561bbadf99ecd2e28994155d
                        • Instruction ID: 9856a5a3be2a6f4b6f15ab218c20ab076772672eb14c4daba281b2e598c2a196
                        • Opcode Fuzzy Hash: cbd34bb05af2b60d6becc686f20e38c9c02ad4ea561bbadf99ecd2e28994155d
                        • Instruction Fuzzy Hash: E1619AB59043009FC320EF65C88499BB7E9BFC8704F048E1EF98987252D775E849CB6A
                        APIs
                        • GetDC.USER32(00000000), ref: 00434585
                        • CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 00434590
                        • CreateCompatibleDC.GDI32(00000000), ref: 0043459B
                        • SelectObject.GDI32(00000000,?), ref: 004345A9
                        • StretchBlt.GDI32(00000000,00000000,00000000,?,?,00000000,?,?,?,?,00CC0020), ref: 00434618
                        • GetDIBits.GDI32(00000000,?,00000000,00000000,00000000,?,00000000), ref: 00434665
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: CompatibleCreate$BitmapBitsObjectSelectStretch
                        • String ID: (
                        • API String ID: 3300687185-3887548279
                        • Opcode ID: f1a61bd92dc1e5bf4a907c179000b9c6a14a2e3466c3eeb116f883cf8bb2fa69
                        • Instruction ID: a007e7ec8c3f390601fcb6226b5fc218b62818acb39bbc9fe8cd9ddeb27b86ed
                        • Opcode Fuzzy Hash: f1a61bd92dc1e5bf4a907c179000b9c6a14a2e3466c3eeb116f883cf8bb2fa69
                        • Instruction Fuzzy Hash: E4514871508345AFD310CF69C884B6BBBE9EF8A310F14881DFA9687390D7B5E844CB66
                        APIs
                        • LoadStringW.USER32(?,00000066,?,00000FFF), ref: 0045E463
                          • Part of subcall function 00401B70: _wcslen.LIBCMT ref: 00401B71
                        • LoadStringW.USER32(?,00000072,?,00000FFF), ref: 0045E480
                        • __swprintf.LIBCMT ref: 0045E4D9
                        • _printf.LIBCMT ref: 0045E595
                        • _printf.LIBCMT ref: 0045E5B7
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: LoadString_printf$__swprintf_wcslen
                        • String ID: Error: $%s (%d) : ==> %s:$%s (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR $HH
                        • API String ID: 3590180749-2894483878
                        • Opcode ID: ef66654f81976a0e6a78d75721240b4b5dad2d0c7f05b7bb9659983eace5fa73
                        • Instruction ID: 42a5c2f6345f2e10047da6565a111f96cfad8617a22bea28fc44504b1d19b7ce
                        • Opcode Fuzzy Hash: ef66654f81976a0e6a78d75721240b4b5dad2d0c7f05b7bb9659983eace5fa73
                        • Instruction Fuzzy Hash: 9F51A171518345ABD324EF91CC41DAF77A8AF84754F04093FF94463292EB78EE488B6A
                        APIs
                        • GetWindowLongW.USER32(?,000000F0), ref: 0046F911
                        • LoadImageW.USER32(00000000,?,00000000,00000000,00000000,00002010), ref: 0046F929
                        • SendMessageW.USER32(?,000000F7,00000000,00000000), ref: 0046F942
                        • DeleteObject.GDI32(?), ref: 0046F950
                        • DestroyIcon.USER32(?,?,000000F7,00000000,00000000,?,00000000,00000000,00000000,00002010,?,000000F0), ref: 0046F95E
                        • LoadImageW.USER32(00000000,?,00000001,00000000,00000000,00002010), ref: 0046F9A8
                        • SendMessageW.USER32(?,000000F7,00000001,00000000), ref: 0046F9C1
                        • DeleteObject.GDI32(?), ref: 0046F9CF
                        • DestroyIcon.USER32(?,?,000000F7,00000001,00000000,?,00000001,00000000,00000000,00002010), ref: 0046F9DD
                        • ExtractIconExW.SHELL32(?,?,?,000000FF,00000001), ref: 0046FA1D
                        • DestroyIcon.USER32(?), ref: 0046FA4F
                        • SendMessageW.USER32(?,000000F7,00000001,?), ref: 0046FA5A
                        • DeleteObject.GDI32(?), ref: 0046FA68
                        • DestroyIcon.USER32(?,?,000000F7,00000001,?), ref: 0046FA76
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: Icon$Destroy$DeleteMessageObjectSend$ImageLoad$ExtractLongWindow
                        • String ID:
                        • API String ID: 3412594756-0
                        • Opcode ID: f692dd120a8e9e8c350368ee646f6d7ebba10fee5470a76da8eaf9bc85602db5
                        • Instruction ID: 2b127e2e725f503062080ad48664a75956f0b49bd2ac624c91da1236fc619d99
                        • Opcode Fuzzy Hash: f692dd120a8e9e8c350368ee646f6d7ebba10fee5470a76da8eaf9bc85602db5
                        • Instruction Fuzzy Hash: BD41B575344301ABE7209B65ED45B6B7398EB44711F00083EFA85A7381DBB9E809C76A
                        APIs
                          • Part of subcall function 0045335B: CharLowerBuffW.USER32(?,?,?,0045D9DB,?,?,?), ref: 0045336E
                          • Part of subcall function 00445975: _wcslen.LIBCMT ref: 00445984
                        • GetDriveTypeW.KERNEL32 ref: 0045DA30
                        • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 0045DA76
                        • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 0045DAAB
                        • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 0045DADF
                          • Part of subcall function 004021E0: _wcslen.LIBCMT ref: 004021F2
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: SendString$_wcslen$BuffCharDriveLowerType
                        • String ID: type cdaudio alias cd wait$ wait$close$close cd wait$closed$open$open $set cd door
                        • API String ID: 4013263488-4113822522
                        • Opcode ID: b9e44105478404289108567262d296c88e7101013f7783f6c7bd148379995db0
                        • Instruction ID: 78e8968fe3d68f28a61334a0544e46eb3ade7c09d07056eb4a028b8014bab4f9
                        • Opcode Fuzzy Hash: b9e44105478404289108567262d296c88e7101013f7783f6c7bd148379995db0
                        • Instruction Fuzzy Hash: 86516E71604300ABD710EF55CC85F5EB3E4AF88714F14496EF985AB2D2D7B8E908CB5A
                        APIs
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: _wcslen$_wcsncpy$LocalTime__wcstoi64
                        • String ID:
                        • API String ID: 228034949-0
                        • Opcode ID: d55b35800c2a6f74fd0df3de6656c0821778ac1c15f087543c4dc83ec7dd6154
                        • Instruction ID: c9113392db11e6d0b84b7dcaf0f9983ae7bcdcfbf3325debe08446cd55f13bc3
                        • Opcode Fuzzy Hash: d55b35800c2a6f74fd0df3de6656c0821778ac1c15f087543c4dc83ec7dd6154
                        • Instruction Fuzzy Hash: 874194B181435066DA10FF6AC8479DFB3A8EF89314F84495FF945D3162E378E64883AA
                        APIs
                        • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,?,?,?,?,?,?,?,0046FAD5), ref: 004334F4
                        • GetFileSize.KERNEL32(00000000,00000000,?,?,?,?,0046FAD5,?,?,?,?), ref: 0043350F
                        • GlobalAlloc.KERNEL32(00000002,00000000,?,?,?,?,0046FAD5,?,?,?,?), ref: 0043351A
                        • GlobalLock.KERNEL32(00000000), ref: 00433523
                        • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,?,?,?,0046FAD5,?,?,?,?), ref: 00433533
                        • GlobalUnlock.KERNEL32(00000000), ref: 0043353A
                        • CloseHandle.KERNEL32(00000000,?,?,?,?,0046FAD5,?,?,?,?), ref: 00433541
                        • CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,?,?,?,0046FAD5,?,?,?,?), ref: 0043354F
                        • OleLoadPicture.OLEAUT32(?,00000000,00000000,00482A20,?), ref: 00433568
                        • GlobalFree.KERNEL32(00000000), ref: 0043357B
                        • GetObjectW.GDI32(?,00000018,?), ref: 004335A6
                        • CopyImage.USER32(?,00000000,?,?,00002000), ref: 004335DB
                        • DeleteObject.GDI32(?), ref: 00433603
                        • SendMessageW.USER32(?,00000172,00000000,?), ref: 0043361B
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: Global$File$CreateObject$AllocCloseCopyDeleteFreeHandleImageLoadLockMessagePictureReadSendSizeStreamUnlock
                        • String ID:
                        • API String ID: 3969911579-0
                        • Opcode ID: c8af0a6d34b3156cf5dea3d494721158f709963105dd3e2632bd1b1f7de041f4
                        • Instruction ID: 5aed18668fdc988692497ed4484016cc97142e8c7c748bcd34b77a3330007e11
                        • Opcode Fuzzy Hash: c8af0a6d34b3156cf5dea3d494721158f709963105dd3e2632bd1b1f7de041f4
                        • Instruction Fuzzy Hash: 70410471204210AFD710DF64DC88F6BBBE8FB89711F10492DFA45972A0D7B5A941CBAA
                        APIs
                        • GetParent.USER32 ref: 00445A8D
                        • GetClassNameW.USER32(00000000,?,00000100), ref: 00445AA0
                        • __wcsicoll.LIBCMT ref: 00445AC4
                        • __wcsicoll.LIBCMT ref: 00445AE0
                        • SendMessageW.USER32(00000000,00000111,0000702B,00000000), ref: 00445B3D
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: __wcsicoll$ClassMessageNameParentSend
                        • String ID: SHELLDLL_DefView$details$largeicons$list$smallicons
                        • API String ID: 3125838495-3381328864
                        • Opcode ID: 6f6f70247b4827d2a410ddc22f410c306ecb8b2e46d0c95c17204de523c723c4
                        • Instruction ID: 9ea7b4bfd8e333fc3d4c3d1cc69785ca983c3453aa66f955cff8de8c622a02b1
                        • Opcode Fuzzy Hash: 6f6f70247b4827d2a410ddc22f410c306ecb8b2e46d0c95c17204de523c723c4
                        • Instruction Fuzzy Hash: F011E9B1B40301BBFF10B6659C46EAF739CDF94759F00081BFD44E6182F6ACA9458769
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: CopyVariant$ErrorLast
                        • String ID: Conversion of parameters failed$NULL Pointer assignment$Not an Object type
                        • API String ID: 2286883814-4206948668
                        • Opcode ID: 2f6e4bc4aaf8f7a3794965dba448b56a5b6575b3b05f264a778baa01eb75d6f6
                        • Instruction ID: 5c76bcf0434180a49ef26f8382d3619d889c8a8ee3f63882ad125ac36acecb62
                        • Opcode Fuzzy Hash: 2f6e4bc4aaf8f7a3794965dba448b56a5b6575b3b05f264a778baa01eb75d6f6
                        • Instruction Fuzzy Hash: 4EA1F0B1644300ABD620EB25CC81EABB3E9FBC4704F10891EF65987251D779E945CBAA
                        APIs
                          • Part of subcall function 0045335B: CharLowerBuffW.USER32(?,?,?,0045D9DB,?,?,?), ref: 0045336E
                          • Part of subcall function 00445975: _wcslen.LIBCMT ref: 00445984
                        • GetDriveTypeW.KERNEL32(?,?,00000061), ref: 00475EEC
                        • _wcscpy.LIBCMT ref: 00475F18
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: BuffCharDriveLowerType_wcscpy_wcslen
                        • String ID: a$all$cdrom$fixed$network$ramdisk$removable$unknown$HH
                        • API String ID: 3052893215-4176887700
                        • Opcode ID: 531685fb0cf90d6ae2ec3f9560420c3d557b818d2d0e5f32259ad5e7ccb69ffd
                        • Instruction ID: 30c0e749cffa51fc832ec364bb88d57898ea161693411a08ebb212f54f1b1ce2
                        • Opcode Fuzzy Hash: 531685fb0cf90d6ae2ec3f9560420c3d557b818d2d0e5f32259ad5e7ccb69ffd
                        • Instruction Fuzzy Hash: E951E5716047009BC710EF51D981B9BB3D4AB85705F108C2FF948AB382D7B9DE09879B
                        APIs
                        • StringFromIID.OLE32(?,?,00000003,?,?,00000000), ref: 004582E5
                          • Part of subcall function 0040FFF0: _wcslen.LIBCMT ref: 0040FFF2
                          • Part of subcall function 0040FFF0: _wcscpy.LIBCMT ref: 00410012
                          • Part of subcall function 004021E0: _wcslen.LIBCMT ref: 004021F2
                        • CoTaskMemFree.OLE32(?,00000000), ref: 00458335
                        • RegOpenKeyExW.ADVAPI32(80000000,?,00000000,00020019,?), ref: 00458351
                        • RegQueryValueExW.ADVAPI32 ref: 00458381
                        • CLSIDFromString.OLE32(00000000,?), ref: 004583AF
                        • RegQueryValueExW.ADVAPI32 ref: 004583E8
                        • LoadRegTypeLib.OLEAUT32(?,?), ref: 00458486
                          • Part of subcall function 00413F97: __wtof_l.LIBCMT ref: 00413FA1
                        • RegCloseKey.ADVAPI32(?), ref: 004584BA
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: FromQueryStringValue_wcslen$CloseFreeLoadOpenTaskType__wtof_l_wcscpy
                        • String ID: Version$\TypeLib$interface\
                        • API String ID: 656856066-939221531
                        • Opcode ID: fae0be2ce993580ee9701cb6b1f6a998fde8705fa16d3e1feab2af977247b743
                        • Instruction ID: 73379605cfaaf105ee685c6daddaf2c4824f5dc828714578f474d0d05c7db838
                        • Opcode Fuzzy Hash: fae0be2ce993580ee9701cb6b1f6a998fde8705fa16d3e1feab2af977247b743
                        • Instruction Fuzzy Hash: 19513B715083059BD310EF55D944A6FB3E8FFC8B08F004A2DF985A7251EA78DD09CB9A
                        APIs
                        • LoadStringW.USER32(?,00000066,?,00000FFF), ref: 0045E676
                          • Part of subcall function 00401B70: _wcslen.LIBCMT ref: 00401B71
                        • LoadStringW.USER32(?,?,?,00000FFF), ref: 0045E69A
                        • __swprintf.LIBCMT ref: 0045E6EE
                        • _printf.LIBCMT ref: 0045E7A9
                        • _printf.LIBCMT ref: 0045E7D2
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: LoadString_printf$__swprintf_wcslen
                        • String ID: Error: $%s (%d) : ==> %s:$%s (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR
                        • API String ID: 3590180749-2354261254
                        • Opcode ID: fd3ade05fede2dfa3d14bccfacac15f81e3d16141c85e45952f832d3a26197ce
                        • Instruction ID: 835382aeb01427732dc6b750cf2ba574ed77461063debdd42288bdc21f9728b4
                        • Opcode Fuzzy Hash: fd3ade05fede2dfa3d14bccfacac15f81e3d16141c85e45952f832d3a26197ce
                        • Instruction Fuzzy Hash: B051D5715143019BD324FB51CC41EAF77A8AF84354F14093FF94563292DB78AE49CB6A
                        APIs
                          • Part of subcall function 004021E0: _wcslen.LIBCMT ref: 004021F2
                        • _memset.LIBCMT ref: 00458194
                        • WNetAddConnection2W.MPR(?,?,?,00000000), ref: 004581D6
                        • RegConnectRegistryW.ADVAPI32(?,80000002,00000000), ref: 004581F4
                        • RegOpenKeyExW.ADVAPI32(?,?,00000000,00020019,00000000), ref: 00458219
                        • RegQueryValueExW.ADVAPI32(00000000,00000000,00000000,00000000,?,?), ref: 00458248
                        • CLSIDFromString.OLE32(00000000,?), ref: 00458279
                        • RegCloseKey.ADVAPI32(00000000), ref: 0045828F
                        • RegCloseKey.ADVAPI32(00000000), ref: 00458296
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: Close$ConnectConnection2FromOpenQueryRegistryStringValue_memset_wcslen
                        • String ID: SOFTWARE\Classes\$\CLSID$\IPC$
                        • API String ID: 2255324689-22481851
                        • Opcode ID: 40f125b4ffe5f12493adc0cb93ab67eb911e8c28f62e3d79c4190a4fe5521cad
                        • Instruction ID: 0916ae95de1959dc40878de41837780f7e862baf069d4d5c3429810960799c2e
                        • Opcode Fuzzy Hash: 40f125b4ffe5f12493adc0cb93ab67eb911e8c28f62e3d79c4190a4fe5521cad
                        • Instruction Fuzzy Hash: 4A4190725083019BD320EF54C845B5FB7E8AF84714F044D2EFA8577291DBB8E949CB9A
                        APIs
                        • RegOpenKeyExW.ADVAPI32(80000000,interface,00000000,00020019,?), ref: 00458513
                        • RegEnumKeyExW.ADVAPI32(?,00000000,?,?,00000000,00000000,00000000,?), ref: 00458538
                        • RegCloseKey.ADVAPI32(?), ref: 00458615
                          • Part of subcall function 004021E0: _wcslen.LIBCMT ref: 004021F2
                        • RegOpenKeyExW.ADVAPI32(80000000,?,00000000,00020019,000001FE,interface\), ref: 0045858A
                        • RegQueryValueExW.ADVAPI32(?,00000000,00000000,00000000,?,00000028), ref: 004585A8
                        • __wcsicoll.LIBCMT ref: 004585D6
                        • IIDFromString.OLE32(?,?,?,?), ref: 004585EB
                        • RegCloseKey.ADVAPI32(?), ref: 004585F8
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: CloseOpen$EnumFromQueryStringValue__wcsicoll_wcslen
                        • String ID: ($interface$interface\
                        • API String ID: 2231185022-3327702407
                        • Opcode ID: f3ba987632fb2ab980929a1e8c26c1d4f1068388d2a95cb25d4e52b6d927b3fe
                        • Instruction ID: 2ed788c9a442d2de66cb2a0eaf665167c450c6ff9570aaff4df7cfaf3afbbce1
                        • Opcode Fuzzy Hash: f3ba987632fb2ab980929a1e8c26c1d4f1068388d2a95cb25d4e52b6d927b3fe
                        • Instruction Fuzzy Hash: CE317271204305ABE710DF54DD85F6BB3E8FB84744F10492DF685A6191EAB8E908C76A
                        APIs
                        • WSAStartup.WSOCK32(00000101,?), ref: 004365A5
                        • gethostname.WSOCK32(00000100,00000100,00000101,?), ref: 004365BC
                        • gethostbyname.WSOCK32(00000101,00000100,00000100,00000101,?), ref: 004365C6
                        • _wcscpy.LIBCMT ref: 004365F5
                        • WSACleanup.WSOCK32 ref: 004365FD
                        • inet_ntoa.WSOCK32(00000100,?), ref: 00436624
                        • _strcat.LIBCMT ref: 0043662F
                        • _wcscpy.LIBCMT ref: 00436644
                        • WSACleanup.WSOCK32(?,?,?,?,?,?,00000100,?), ref: 00436652
                        • _wcscpy.LIBCMT ref: 00436666
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: _wcscpy$Cleanup$Startup_strcatgethostbynamegethostnameinet_ntoa
                        • String ID: 0.0.0.0
                        • API String ID: 2691793716-3771769585
                        • Opcode ID: 72edaa20f59d4c855ae2a4057bf2e912041bb0bcae33cfe0ba1e7234a9852c49
                        • Instruction ID: 29d249c793a1599df1911ffab6ed89036a29d54f41df1114d8fa63e2d2305339
                        • Opcode Fuzzy Hash: 72edaa20f59d4c855ae2a4057bf2e912041bb0bcae33cfe0ba1e7234a9852c49
                        • Instruction Fuzzy Hash: 5C21D4726003016BD620FB269C42FFF33A89FD4318F54492FF64456242EABDD58983AB
                        APIs
                        • GetModuleHandleW.KERNEL32(KERNEL32.DLL,0048C968,0000000C,00416C4D,00000000,00000000,?,00411739,00417F28,00413979,?,?,00411739,?,00401C0B), ref: 00416B24
                        • __crt_waiting_on_module_handle.LIBCMT ref: 00416B2F
                          • Part of subcall function 0041177F: Sleep.KERNEL32(000003E8,?,?,00416A38,KERNEL32.DLL,?,00411B0C,?,00413973,00411739,?,?,00411739,?,00401C0B), ref: 0041178B
                          • Part of subcall function 0041177F: GetModuleHandleW.KERNEL32(00411739,?,?,00416A38,KERNEL32.DLL,?,00411B0C,?,00413973,00411739,?,?,00411739,?,00401C0B), ref: 00411794
                        • GetProcAddress.KERNEL32(00000000,EncodePointer), ref: 00416B58
                        • GetProcAddress.KERNEL32(00411739,DecodePointer), ref: 00416B68
                        • __lock.LIBCMT ref: 00416B8A
                        • InterlockedIncrement.KERNEL32(00EA60FF), ref: 00416B97
                        • __lock.LIBCMT ref: 00416BAB
                        • ___addlocaleref.LIBCMT ref: 00416BC9
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: AddressHandleModuleProc__lock$IncrementInterlockedSleep___addlocaleref__crt_waiting_on_module_handle
                        • String ID: DecodePointer$EncodePointer$KERNEL32.DLL
                        • API String ID: 1028249917-2843748187
                        • Opcode ID: 149215eb9963fdce733e6eee9b7d54027110d9b9ecd285c2a82fe369659baa59
                        • Instruction ID: dfb830706c011728ae11a8c0f52cb2fa371409e71f4acd403326aacb15a29bdd
                        • Opcode Fuzzy Hash: 149215eb9963fdce733e6eee9b7d54027110d9b9ecd285c2a82fe369659baa59
                        • Instruction Fuzzy Hash: 4E119671944701AFD720EF76C905B9EBBE0AF00714F10495FE469A6391DB78A580CB1D
                        APIs
                        • SendMessageW.USER32(?,00000000,000000FF,?), ref: 0044931D
                        • SendMessageW.USER32(?,0045BBB0,00000000,00000000), ref: 0044932D
                        • CharNextW.USER32(?,?,?,?,0045BBB0,00000000,00000000,?,?), ref: 00449361
                        • SendMessageW.USER32(?,?,00000000,00000000), ref: 00449375
                        • SendMessageW.USER32(?,00000402,?), ref: 0044941C
                        • SendMessageW.USER32(004A83D8,000000C2,00000001,?), ref: 004494A0
                        • SendMessageW.USER32(?,00001002,00000000,?), ref: 00449515
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: MessageSend$CharNext
                        • String ID:
                        • API String ID: 1350042424-0
                        • Opcode ID: 5fd89deb92f75c0e0d7406111af65340a6b95ffecf1ba9c2db83920ef449de6e
                        • Instruction ID: cf19a455924c4199ae2d31ef2e344bdd2865620a2145bd440d1f5c61272ee54d
                        • Opcode Fuzzy Hash: 5fd89deb92f75c0e0d7406111af65340a6b95ffecf1ba9c2db83920ef449de6e
                        • Instruction Fuzzy Hash: 5D81B5312083019BE720DF15DC85FBBB7E4EBD9B20F00492EFA54962C0D7B99946D766
                        APIs
                        • GetKeyboardState.USER32(?,?,00000000), ref: 00453C0D
                        • SetKeyboardState.USER32(?), ref: 00453C5A
                        • GetAsyncKeyState.USER32(000000A0), ref: 00453C82
                        • GetKeyState.USER32(000000A0), ref: 00453C99
                        • GetAsyncKeyState.USER32(000000A1), ref: 00453CC9
                        • GetKeyState.USER32(000000A1), ref: 00453CDA
                        • GetAsyncKeyState.USER32(00000011), ref: 00453D07
                        • GetKeyState.USER32(00000011), ref: 00453D15
                        • GetAsyncKeyState.USER32(00000012), ref: 00453D3F
                        • GetKeyState.USER32(00000012), ref: 00453D4D
                        • GetAsyncKeyState.USER32(0000005B), ref: 00453D77
                        • GetKeyState.USER32(0000005B), ref: 00453D85
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: State$Async$Keyboard
                        • String ID:
                        • API String ID: 541375521-0
                        • Opcode ID: 439544d7db57c6269f5a832870b7215b314e2d5ec2fc8731d7b6f8ebe45629c5
                        • Instruction ID: 09d2c23b2f41f951af40c960ff4fa7a39ed3d74d48f5bb091813d5d41b5bf946
                        • Opcode Fuzzy Hash: 439544d7db57c6269f5a832870b7215b314e2d5ec2fc8731d7b6f8ebe45629c5
                        • Instruction Fuzzy Hash: BD5108311497C42AF731EF6048217A7BBE45F52782F488D5EE9C107283E619AB0C976B
                        APIs
                        • GetDlgItem.USER32(?,00000001), ref: 00437DD7
                        • GetWindowRect.USER32(00000000,?), ref: 00437DE9
                        • MoveWindow.USER32(00000000,0000000A,?,?,?,00000000), ref: 00437E5C
                        • GetDlgItem.USER32(?,00000002), ref: 00437E70
                        • GetWindowRect.USER32(00000000,?), ref: 00437E82
                        • MoveWindow.USER32(00000000,?,00000000,?,?,00000000), ref: 00437EDB
                        • GetDlgItem.USER32(?,000003E9), ref: 00437EEA
                        • GetWindowRect.USER32(00000000,?), ref: 00437EFC
                        • MoveWindow.USER32(00000000,0000000A,00000000,?,?,00000000), ref: 00437F46
                        • GetDlgItem.USER32(?,000003EA), ref: 00437F55
                        • MoveWindow.USER32(00000000,0000000A,0000000A,?,-000000FB,00000000), ref: 00437F6E
                        • InvalidateRect.USER32(?,00000000,00000001), ref: 00437F78
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: Window$ItemMoveRect$Invalidate
                        • String ID:
                        • API String ID: 3096461208-0
                        • Opcode ID: 85b2574db82c4a067caaf632f6dab2f3668a9f7fdedc9eb4d1c33f4a9692aa02
                        • Instruction ID: 6334a21bf5495bf578199e0a0c43900503e40640961724061e29feeedb49a886
                        • Opcode Fuzzy Hash: 85b2574db82c4a067caaf632f6dab2f3668a9f7fdedc9eb4d1c33f4a9692aa02
                        • Instruction Fuzzy Hash: 46511CB16083069FC318DF68DD85A2BB7E9ABC8300F144A2DF985D3391E6B4ED058B95
                        APIs
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: _wcscat_wcscpy$__wsplitpath$_wcschr
                        • String ID:
                        • API String ID: 136442275-0
                        • Opcode ID: 8bb1124220d8f68122d0f1a8633f784f40ed2a0c71bdd1f95919e960fb23027d
                        • Instruction ID: e47e2093bf76b35e8f1fec89578fc46911e8a4506192668d3a16ce6d5165f020
                        • Opcode Fuzzy Hash: 8bb1124220d8f68122d0f1a8633f784f40ed2a0c71bdd1f95919e960fb23027d
                        • Instruction Fuzzy Hash: 744124B2408345ABC235E754C885EEF73ECABD8314F44891EB68D42141EB796688C7A7
                        APIs
                          • Part of subcall function 00401B70: _wcslen.LIBCMT ref: 00401B71
                        • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0046B479
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: ConnectRegistry_wcslen
                        • String ID: HH
                        • API String ID: 535477410-2761332787
                        • Opcode ID: e91c6bd909ad74ed1928ed0244ed8aa8a8dc52ba60fb0b240039b69f8a910896
                        • Instruction ID: 7a368be733395892e28f24b11b3b05e85d853a2cd395d98498a1c99032eed9d9
                        • Opcode Fuzzy Hash: e91c6bd909ad74ed1928ed0244ed8aa8a8dc52ba60fb0b240039b69f8a910896
                        • Instruction Fuzzy Hash: 63E171B1604200ABC714EF28C981F1BB7E4EF88704F148A1EF685DB381D779E945CB9A
                        APIs
                        • GetClassNameW.USER32(?,?,00000400), ref: 004604B5
                        • GetWindowTextW.USER32(?,?,00000400), ref: 004604F1
                        • _wcslen.LIBCMT ref: 00460502
                        • CharUpperBuffW.USER32(?,00000000), ref: 00460510
                        • GetClassNameW.USER32(?,?,00000400), ref: 00460589
                        • GetWindowTextW.USER32(?,?,00000400), ref: 004605C2
                        • GetClassNameW.USER32(?,?,00000400), ref: 00460606
                        • GetClassNameW.USER32(?,?,00000400), ref: 0046063E
                        • GetWindowRect.USER32(?,?), ref: 004606AD
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: ClassName$Window$Text$BuffCharRectUpper_wcslen
                        • String ID: ThumbnailClass
                        • API String ID: 4123061591-1241985126
                        • Opcode ID: d81b9eb1014bf0c552f647121340d293adfb5e43e55e37c5a686eb3c785bede7
                        • Instruction ID: b645ef8d54a60b7d8a856e9fdf4d8999e4c56e3b903fe9b51be5921097eabf2a
                        • Opcode Fuzzy Hash: d81b9eb1014bf0c552f647121340d293adfb5e43e55e37c5a686eb3c785bede7
                        • Instruction Fuzzy Hash: 3F91B0715043019FDB14DF24C884BAB77A8EF84715F04896FFD85AA281E778E905CBAB
                        APIs
                          • Part of subcall function 00456354: GetCursorPos.USER32(004A83D8), ref: 0045636A
                          • Part of subcall function 00456354: ScreenToClient.USER32(004A83D8,?), ref: 0045638A
                          • Part of subcall function 00456354: GetAsyncKeyState.USER32(?), ref: 004563D0
                          • Part of subcall function 00456354: GetAsyncKeyState.USER32(?), ref: 004563DC
                        • DefDlgProcW.USER32(?,00000205,?,?,004A83D8,00000000,00000001,004A83D8,?), ref: 0046F55F
                        • ImageList_DragLeave.COMCTL32(00000000,004A83D8,00000000,00000001,004A83D8,?), ref: 0046F57D
                        • ImageList_EndDrag.COMCTL32 ref: 0046F583
                        • ReleaseCapture.USER32 ref: 0046F589
                        • SetWindowTextW.USER32(?,00000000), ref: 0046F620
                        • SendMessageW.USER32(?,000000B1,00000000,000000FF), ref: 0046F630
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: AsyncDragImageList_State$CaptureClientCursorLeaveMessageProcReleaseScreenSendTextWindow
                        • String ID: @GUI_DRAGFILE$@GUI_DROPID$HH
                        • API String ID: 2483343779-2060113733
                        • Opcode ID: b963958ab96ed52e1c3ab3b45c628991f908dc465e455618a5f6fc8545d443fb
                        • Instruction ID: 4b94e37398fb4c0e8bf176de98e3888209b69965db7f8e5b86c8cb252d1f017b
                        • Opcode Fuzzy Hash: b963958ab96ed52e1c3ab3b45c628991f908dc465e455618a5f6fc8545d443fb
                        • Instruction Fuzzy Hash: EB5106716043119BD700DF18DC85FAF77A5EB89310F04492EF941973A2DB789D49CBAA
                        APIs
                        • ExtractIconExW.SHELL32(?,?,00000000,?,00000001), ref: 0046FD8A
                        • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001,004A83D8,?), ref: 0046FDF0
                        • SendMessageW.USER32(?,00001109,00000000,00000000), ref: 0046FE0E
                        • ImageList_ReplaceIcon.COMCTL32(?,000000FF,?,004A83D8,?), ref: 0046FE20
                        • SendMessageW.USER32(?,0000113E,00000000,?), ref: 0046FEA5
                        • SendMessageW.USER32(?,0000113F,00000000,?), ref: 0046FEDF
                        • GetClientRect.USER32(?,?), ref: 0046FEF2
                        • RedrawWindow.USER32(?,?,00000000,00000000), ref: 0046FF02
                        • DestroyIcon.USER32(?), ref: 0046FFCC
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: IconMessageSend$ImageList_$ClientCreateDestroyExtractRectRedrawReplaceWindow
                        • String ID: 2
                        • API String ID: 1331449709-450215437
                        • Opcode ID: 0839cb131ab93339cce718f32a9fb856b385d6e902e652cc812f2dbbb554e4d7
                        • Instruction ID: e79942d1a0196d9b5e30c5c178d8ccafd59c9ae1e7fac48b8759c586c5a3b44e
                        • Opcode Fuzzy Hash: 0839cb131ab93339cce718f32a9fb856b385d6e902e652cc812f2dbbb554e4d7
                        • Instruction Fuzzy Hash: EB51AC702043019FD320CF44D885BAABBE5FB88700F04487EE684872A2D7B5A849CB5A
                        APIs
                        • GetCurrentProcess.KERNEL32(00000008,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00439409
                        • OpenThreadToken.ADVAPI32(00000000,?,?,?,?,?,?,?,?,?), ref: 0043940C
                        • GetCurrentProcess.KERNEL32(00000008,?,?,?,?,?,?,?,?,?,?), ref: 0043941D
                        • OpenProcessToken.ADVAPI32(00000000,?,?,?,?,?,?,?,?,?), ref: 00439420
                        • LookupPrivilegeValueW.ADVAPI32(00000000,SeAssignPrimaryTokenPrivilege,?), ref: 0043945B
                        • LookupPrivilegeValueW.ADVAPI32(00000000,SeIncreaseQuotaPrivilege,?), ref: 00439474
                        • _memcmp.LIBCMT ref: 004394A9
                        • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 004394F8
                        Strings
                        • SeIncreaseQuotaPrivilege, xrefs: 0043946A
                        • SeAssignPrimaryTokenPrivilege, xrefs: 00439455
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: Process$CurrentLookupOpenPrivilegeTokenValue$CloseHandleThread_memcmp
                        • String ID: SeAssignPrimaryTokenPrivilege$SeIncreaseQuotaPrivilege
                        • API String ID: 1446985595-805462909
                        • Opcode ID: 7b5964ebc210eec24af21402e2b7f40e95def761f5b1447ed6d44f65f7ea18b7
                        • Instruction ID: 628aaead06b6f58e004e5b45c2ed9710a22b4d2b921ab75b424857e8fd72c9d6
                        • Opcode Fuzzy Hash: 7b5964ebc210eec24af21402e2b7f40e95def761f5b1447ed6d44f65f7ea18b7
                        • Instruction Fuzzy Hash: DB31A371508312ABC710DF21CD41AAFB7E8FB99704F04591EF98193240E7B8DD4ACBAA
                        APIs
                        • SetErrorMode.KERNEL32(00000001), ref: 0045D848
                        • GetDriveTypeW.KERNEL32(?,?), ref: 0045D8A3
                        • SetErrorMode.KERNEL32(?,00000001,00000000), ref: 0045D94A
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: ErrorMode$DriveType
                        • String ID: CDROM$Fixed$Network$RAMDisk$Removable$Unknown$HH
                        • API String ID: 2907320926-41864084
                        • Opcode ID: f2537af69be7bdfb8cd077d5fba63d09357e4425d7c4eca9e5473fe3d57dd33a
                        • Instruction ID: d4cab332979e247f8c2da9788294718902473fa09eb5ff996f03d25688ce9cbb
                        • Opcode Fuzzy Hash: f2537af69be7bdfb8cd077d5fba63d09357e4425d7c4eca9e5473fe3d57dd33a
                        • Instruction Fuzzy Hash: C7318B75A083008FC310EF65E48481EB7A1AFC8315F648D2FF945A7362C779D9068BAB
                        APIs
                        • SafeArrayAccessData.OLEAUT32(CE8B7824,?), ref: 004672E6
                        • SafeArrayUnaccessData.OLEAUT32(CE8B7824), ref: 0046735D
                        • SafeArrayAccessData.OLEAUT32(CE8B7824,?), ref: 00467375
                        • SafeArrayUnaccessData.OLEAUT32(CE8B7824), ref: 004673ED
                        • SafeArrayGetVartype.OLEAUT32(CE8B7824,?), ref: 00467418
                        • SafeArrayAccessData.OLEAUT32(CE8B7824,?), ref: 00467445
                        • SafeArrayUnaccessData.OLEAUT32(CE8B7824), ref: 0046746A
                        • SafeArrayUnaccessData.OLEAUT32(CE8B7824), ref: 00467559
                        • SafeArrayAccessData.OLEAUT32(CE8B7824,?), ref: 0046748A
                          • Part of subcall function 0041171A: std::bad_alloc::bad_alloc.LIBCMT ref: 00411757
                          • Part of subcall function 0041171A: std::bad_exception::bad_exception.LIBCMT ref: 0041176B
                          • Part of subcall function 0041171A: __CxxThrowException@8.LIBCMT ref: 00411779
                        • SafeArrayAccessData.OLEAUT32(CE8B7824,?), ref: 00467571
                        • SafeArrayUnaccessData.OLEAUT32(CE8B7824), ref: 004675E4
                          • Part of subcall function 0041171A: _malloc.LIBCMT ref: 00411734
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: ArraySafe$Data$AccessUnaccess$Exception@8ThrowVartype_mallocstd::bad_alloc::bad_allocstd::bad_exception::bad_exception
                        • String ID:
                        • API String ID: 1932665248-0
                        • Opcode ID: 16f99e80be173eecdd1bb573f6b7f825babaa5351af7cc3efc94bb11c862a2f8
                        • Instruction ID: 42a0e90c8bf2b482c85e144861ec280134e9fb1dbd9e00a0d693b148f8e5f150
                        • Opcode Fuzzy Hash: 16f99e80be173eecdd1bb573f6b7f825babaa5351af7cc3efc94bb11c862a2f8
                        • Instruction Fuzzy Hash: E8B1BF752082009FD304DF29C884B6B77E5FF98318F14496EE98587362E779E885CB6B
                        APIs
                        • SendMessageW.USER32(?,0000101F,00000000,00000000), ref: 00448182
                        • SendMessageW.USER32(00000000,?,0000101F,00000000), ref: 00448185
                        • GetWindowLongW.USER32(?,000000F0), ref: 004481A7
                        • _memset.LIBCMT ref: 004481BA
                        • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 004481CC
                        • SendMessageW.USER32(?,0000104D,00000000,00000007), ref: 0044824E
                        • SendMessageW.USER32(?,00001074,?,00000007), ref: 004482A4
                        • SendMessageW.USER32(?,00001057,00000000,00000000), ref: 004482BE
                        • SendMessageW.USER32(?,0000101D,00000001,00000000), ref: 004482E3
                        • SendMessageW.USER32(?,0000101E,00000001,00000000), ref: 004482FC
                        • SendMessageW.USER32(?,00001008,?,00000007), ref: 00448317
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: MessageSend$LongWindow_memset
                        • String ID:
                        • API String ID: 830647256-0
                        • Opcode ID: 45db6e2e50868ce621a7577b0335e91e45f99dc9c013701cc26792922a244152
                        • Instruction ID: 69fd08a602074ed3d664547bad3ac5a94a9e6c02d61aa1d07dc3907ec7ad0976
                        • Opcode Fuzzy Hash: 45db6e2e50868ce621a7577b0335e91e45f99dc9c013701cc26792922a244152
                        • Instruction Fuzzy Hash: 41616F70208341AFE310DF54C881FABB7A4FF89704F14465EFA909B2D1DBB5A945CB56
                        APIs
                          • Part of subcall function 0043343D: InvalidateRect.USER32(?,00000000,00000001), ref: 004334BE
                        • DestroyAcceleratorTable.USER32(?), ref: 0046EA9F
                        • ImageList_Destroy.COMCTL32(?), ref: 0046EB04
                        • ImageList_Destroy.COMCTL32(?), ref: 0046EB18
                        • ImageList_Destroy.COMCTL32(?), ref: 0046EB24
                        • DeleteObject.GDI32(005C0000), ref: 0046EB4F
                        • DestroyIcon.USER32(006F004C), ref: 0046EB67
                        • DeleteObject.GDI32(C66857DB), ref: 0046EB7F
                        • DestroyWindow.USER32(006E006F), ref: 0046EB97
                        • DestroyIcon.USER32(?), ref: 0046EBBF
                        • DestroyIcon.USER32(?), ref: 0046EBCD
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: Destroy$IconImageList_$DeleteObject$AcceleratorInvalidateRectTableWindow
                        • String ID:
                        • API String ID: 802431696-0
                        • Opcode ID: 294737084f3018da842919bbfa865d3a976cdf3ad66c8c89ec2250206a47d952
                        • Instruction ID: 42d633cefbe7d7192e7a113645d0a532909e6831d49db23f2259be933aabe8c6
                        • Opcode Fuzzy Hash: 294737084f3018da842919bbfa865d3a976cdf3ad66c8c89ec2250206a47d952
                        • Instruction Fuzzy Hash: 17513178600202DFDB14DF26D894E2A77E9FB4AB14B54446EE502CB361EB38EC41CB5E
                        APIs
                        • GetKeyboardState.USER32(?,?,?), ref: 00444D8A
                        • GetAsyncKeyState.USER32(000000A0), ref: 00444E0F
                        • GetKeyState.USER32(000000A0), ref: 00444E26
                        • GetAsyncKeyState.USER32(000000A1), ref: 00444E40
                        • GetKeyState.USER32(000000A1), ref: 00444E51
                        • GetAsyncKeyState.USER32(00000011), ref: 00444E69
                        • GetKeyState.USER32(00000011), ref: 00444E77
                        • GetAsyncKeyState.USER32(00000012), ref: 00444E8F
                        • GetKeyState.USER32(00000012), ref: 00444E9D
                        • GetAsyncKeyState.USER32(0000005B), ref: 00444EB5
                        • GetKeyState.USER32(0000005B), ref: 00444EC3
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: State$Async$Keyboard
                        • String ID:
                        • API String ID: 541375521-0
                        • Opcode ID: d4a73a67db12bad31d9fb613c99c8778707defbe90317bf640d05d8e99de570f
                        • Instruction ID: c605e69a62dfc64c618b97cb3a1930d242a0674024be490a091b983f03ece729
                        • Opcode Fuzzy Hash: d4a73a67db12bad31d9fb613c99c8778707defbe90317bf640d05d8e99de570f
                        • Instruction Fuzzy Hash: 6A41C3646087C52DFB31966484017E7FFD16FA2708F58844FD1C5067C2DBAEA9C8C7AA
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID:
                        • String ID: HH
                        • API String ID: 0-2761332787
                        • Opcode ID: 31ff441d28c5e927918bd04bcaff178bc0424bc9c98581a0806166e4fd3f8403
                        • Instruction ID: 1932890218e454eaab518c2d08cf67ea4bcb6b95680f1d85a47b5a5cee1eebd3
                        • Opcode Fuzzy Hash: 31ff441d28c5e927918bd04bcaff178bc0424bc9c98581a0806166e4fd3f8403
                        • Instruction Fuzzy Hash: 99A1A1726043009BD710EF65DC82B6BB3E9ABD4718F008E2EF558E7281D779E9448B5A
                        APIs
                        • SendMessageW.USER32(00000000,00001036,00000010,00000010), ref: 004508CB
                        • SendMessageW.USER32(?,00001036,00000000,?), ref: 004508DB
                        • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000013,?,00001036,00000000,?,000000FF,?,SysListView32,004848E8,00000000), ref: 004508FC
                        • _wcslen.LIBCMT ref: 00450944
                        • _wcscat.LIBCMT ref: 00450955
                        • SendMessageW.USER32(?,00001057,00000000,?), ref: 0045096C
                        • SendMessageW.USER32(?,00001061,?,?), ref: 0045099B
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: MessageSend$Window_wcscat_wcslen
                        • String ID: -----$SysListView32
                        • API String ID: 4008455318-3975388722
                        • Opcode ID: 1aeeed20face43e167d1a5b6966347104c1855cbe0e780de9d31d79ee612f7fa
                        • Instruction ID: 786a3889ee88f98d9b0e9b4b0e1dacf7018a6923f31dd28eeaa3c07ad082d1a6
                        • Opcode Fuzzy Hash: 1aeeed20face43e167d1a5b6966347104c1855cbe0e780de9d31d79ee612f7fa
                        • Instruction Fuzzy Hash: 17519470504340ABE330DB65C885FABB3E4AF84714F104E1EFA94972D3D6B99989CB65
                        APIs
                        • _memset.LIBCMT ref: 00448625
                        • CreateMenu.USER32 ref: 0044863C
                        • SetMenu.USER32(?,00000000), ref: 0044864C
                        • GetMenuItemInfoW.USER32(?,?,00000000,004A83D8), ref: 004486D6
                        • IsMenu.USER32(?), ref: 004486EB
                        • CreatePopupMenu.USER32 ref: 004486F5
                        • InsertMenuItemW.USER32(?,?,00000001,004A83D8), ref: 00448739
                        • DrawMenuBar.USER32 ref: 00448742
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: Menu$CreateItem$DrawInfoInsertPopup_memset
                        • String ID: 0
                        • API String ID: 176399719-4108050209
                        • Opcode ID: 4add02930eb798c2c2cb68413aedc402262f89096725e95a36bc963f45c6c407
                        • Instruction ID: 98f94d81d6847d6484dd50bbdc77a0bd9f9f2d632c710d3394220f00cc789bef
                        • Opcode Fuzzy Hash: 4add02930eb798c2c2cb68413aedc402262f89096725e95a36bc963f45c6c407
                        • Instruction Fuzzy Hash: 86417675604201AFD700CF68D894A9BBBE4FF89314F14891EFA488B350DBB5A845CFA6
                        APIs
                          • Part of subcall function 00401B70: _wcslen.LIBCMT ref: 00401B71
                        • SendMessageW.USER32(00000000,0000018C,000000FF,00000000), ref: 00469277
                        • GetDlgCtrlID.USER32(00000000), ref: 00469289
                        • GetParent.USER32 ref: 004692A4
                        • SendMessageW.USER32(00000000,?,00000111), ref: 004692A7
                        • GetDlgCtrlID.USER32(00000000), ref: 004692AE
                        • GetParent.USER32 ref: 004692C7
                        • SendMessageW.USER32(00000000,?,00000111,?), ref: 004692CA
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: MessageSend$CtrlParent$_wcslen
                        • String ID: ComboBox$ListBox
                        • API String ID: 2040099840-1403004172
                        • Opcode ID: d7a46b5f720fef199203ad69d051b39deebb3b2451f9d950c399d088bcf038a9
                        • Instruction ID: ef07326ddff4210f4741e87947fad3c2ec39ee11b6619cfdf8cc81125e1c6f8c
                        • Opcode Fuzzy Hash: d7a46b5f720fef199203ad69d051b39deebb3b2451f9d950c399d088bcf038a9
                        • Instruction Fuzzy Hash: BC21D6716002147BD600AB65CC45DBFB39CEB85324F044A1FF954A73D1DAB8EC0947B9
                        APIs
                          • Part of subcall function 00401B70: _wcslen.LIBCMT ref: 00401B71
                        • SendMessageW.USER32(00000186,00000186,?,00000000), ref: 00469471
                        • GetDlgCtrlID.USER32(00000000), ref: 00469483
                        • GetParent.USER32 ref: 0046949E
                        • SendMessageW.USER32(00000000,?,00000111), ref: 004694A1
                        • GetDlgCtrlID.USER32(00000000), ref: 004694A8
                        • GetParent.USER32 ref: 004694C1
                        • SendMessageW.USER32(00000000,?,00000111,?), ref: 004694C4
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: MessageSend$CtrlParent$_wcslen
                        • String ID: ComboBox$ListBox
                        • API String ID: 2040099840-1403004172
                        • Opcode ID: 2e10f5a1695edfae3743bbe69767f09e04e95ab32c83142982b04f1cb5eb07ed
                        • Instruction ID: 434b10a17d45167e777e8ea6e726dd6ee4e01267e4a119798c8aa60e835c5cdc
                        • Opcode Fuzzy Hash: 2e10f5a1695edfae3743bbe69767f09e04e95ab32c83142982b04f1cb5eb07ed
                        • Instruction Fuzzy Hash: CA21D7756002147BD600BB29CC45EBFB39CEB85314F04492FF984A7291EABCEC0A4779
                        APIs
                          • Part of subcall function 004419ED: DeleteObject.GDI32(?), ref: 00441A53
                        • SendMessageW.USER32(75A923D0,00001001,00000000,00000000), ref: 00448E73
                        • SendMessageW.USER32(75A923D0,00001026,00000000,00000000), ref: 00448E7E
                          • Part of subcall function 00441A7A: CreateSolidBrush.GDI32 ref: 00441ACB
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: MessageSend$BrushCreateDeleteObjectSolid
                        • String ID:
                        • API String ID: 3771399671-0
                        • Opcode ID: 51f09a1d655476e15b4ab454a85655f186203ac899921849c361721d54d31972
                        • Instruction ID: ebbecaf0548398ae771b9aa28ebf0b72f134f9ffbbfb28b2279bd799396bd9e3
                        • Opcode Fuzzy Hash: 51f09a1d655476e15b4ab454a85655f186203ac899921849c361721d54d31972
                        • Instruction Fuzzy Hash: F4510930208300AFE2209F25DD85F6F77EAEB85B14F14091EF994E72D0CBB9E9458769
                        APIs
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: InitVariant$_malloc_wcscpy_wcslen
                        • String ID:
                        • API String ID: 3413494760-0
                        • Opcode ID: afb533e23b19910be0c027df8fa87fd227b592e7e5a0e6e969ae1a59b8da4157
                        • Instruction ID: 77b59fa0745152fd1b6386ccdd9ca850b9b7f4abb66e551d88b584249de3d357
                        • Opcode Fuzzy Hash: afb533e23b19910be0c027df8fa87fd227b592e7e5a0e6e969ae1a59b8da4157
                        • Instruction Fuzzy Hash: F83150B2600746AFC714DF7AC880996FBA8FF88310B44892EE64983641D735F554CBA5
                        APIs
                        • GetCurrentThreadId.KERNEL32 ref: 004377D7
                        • GetForegroundWindow.USER32(00000000,?,?,?,?,0045FDE0,?,?,00000001), ref: 004377EB
                        • GetWindowThreadProcessId.USER32(00000000), ref: 004377F8
                        • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,0045FDE0,?,?,00000001), ref: 00437809
                        • GetWindowThreadProcessId.USER32(?,00000001), ref: 00437819
                        • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,0045FDE0,?,?,00000001), ref: 0043782E
                        • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,0045FDE0,?,?,00000001), ref: 0043783D
                        • AttachThreadInput.USER32(00000000,00000000,00000000,?,?,?,0045FDE0,?,?,00000001), ref: 0043788D
                        • AttachThreadInput.USER32(00000000,00000000,00000000,?,?,?,0045FDE0,?,?,00000001), ref: 004378A1
                        • AttachThreadInput.USER32(00000000,00000000,00000000,?,?,?,0045FDE0,?,?,00000001), ref: 004378AC
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: Thread$AttachInput$Window$Process$CurrentForeground
                        • String ID:
                        • API String ID: 2156557900-0
                        • Opcode ID: f5203a8e23f024bead7fa0256802a4b49a7a8dce25e7908e04b44143f6d1477f
                        • Instruction ID: cf5237ead9178137421241ba4763476990ac919c12b5de4495d1c20f4e3090f4
                        • Opcode Fuzzy Hash: f5203a8e23f024bead7fa0256802a4b49a7a8dce25e7908e04b44143f6d1477f
                        • Instruction Fuzzy Hash: B0316FB1504341AFD768EF28DC88A7BB7A9EF9D310F14182EF44197250D7B89C44CB69
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: __wcsicoll
                        • String ID: 0%d$DOWN$OFF
                        • API String ID: 3832890014-468733193
                        • Opcode ID: b886d43e96c57de01ffb669c6ba173cdd7012b944398daffbb17888043fd80c7
                        • Instruction ID: 3901981f80fa7430cd77b89167089bc3925961a07aad88d0cc2f25a35af8916b
                        • Opcode Fuzzy Hash: b886d43e96c57de01ffb669c6ba173cdd7012b944398daffbb17888043fd80c7
                        • Instruction Fuzzy Hash: B7F1D8614083856DEB21EB21C845BAF7BE85F95309F08092FF98212193D7BCD68DC76B
                        APIs
                        • VariantInit.OLEAUT32(00000000), ref: 0045E959
                        • VariantCopy.OLEAUT32(00000000), ref: 0045E963
                        • VariantClear.OLEAUT32 ref: 0045E970
                        • VariantTimeToSystemTime.OLEAUT32 ref: 0045EAEB
                        • __swprintf.LIBCMT ref: 0045EB1F
                        • VarR8FromDec.OLEAUT32(?,?), ref: 0045EB61
                        • VariantInit.OLEAUT32(00000000), ref: 0045EBE7
                        Strings
                        • %4d%02d%02d%02d%02d%02d, xrefs: 0045EB19
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: Variant$InitTime$ClearCopyFromSystem__swprintf
                        • String ID: %4d%02d%02d%02d%02d%02d
                        • API String ID: 43541914-1568723262
                        • Opcode ID: 59f20d5c687eca5b8ac21bf224ed8e62dc0999386ac77495242af5446a13f09a
                        • Instruction ID: db8708ae94f177a13b26e6bf0e0b18ed2eb17208bc27bd00c320e315e6f9d40a
                        • Opcode Fuzzy Hash: 59f20d5c687eca5b8ac21bf224ed8e62dc0999386ac77495242af5446a13f09a
                        • Instruction Fuzzy Hash: ABC1F4BB1006019BC704AF06D480666F7A1FFD4322F14896FED984B341DB3AE95ED7A6
                        APIs
                        • InterlockedDecrement.KERNEL32(004A7CAC), ref: 0042FE66
                        • Sleep.KERNEL32(0000000A), ref: 0042FE6E
                        • InterlockedDecrement.KERNEL32(004A7CAC), ref: 0042FF5D
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: DecrementInterlocked$Sleep
                        • String ID: 0vH$0vH$4RH0vH$@COM_EVENTOBJ
                        • API String ID: 2250217261-3412429629
                        • Opcode ID: 7d20af892ce27232a3ff337619be48fed7d74e1bde2de334c7b49ab88d15dd8c
                        • Instruction ID: 990b5f35a06538e4ae7b6c94f393f4a5fafaaf51bfa382c75dcb300f2d234fa3
                        • Opcode Fuzzy Hash: 7d20af892ce27232a3ff337619be48fed7d74e1bde2de334c7b49ab88d15dd8c
                        • Instruction Fuzzy Hash: E0B1C0715083009FC714EF54C990A5FB3E4AF98304F508A2FF495972A2DB78ED4ACB9A
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID:
                        • String ID: CLASS$CLASSNN$INSTANCE$NAME$REGEXPCLASS$TEXT
                        • API String ID: 0-1603158881
                        • Opcode ID: b68d94a9d6a5d87f13f0fb5a725928f8f142c37ef967d8f11e3e615729381ce2
                        • Instruction ID: 1d39c91c6ba170ccd8bd44326015c92659356e06a413e753493f98454e3169a0
                        • Opcode Fuzzy Hash: b68d94a9d6a5d87f13f0fb5a725928f8f142c37ef967d8f11e3e615729381ce2
                        • Instruction Fuzzy Hash: 49A1D3B14043459BCB20EF50CC81BDE37A4AF94348F44891FF9896B182EF79A64DC76A
                        APIs
                        • _memset.LIBCMT ref: 00479D1F
                        • VariantInit.OLEAUT32(?), ref: 00479F06
                        • VariantClear.OLEAUT32(?), ref: 00479F11
                        • VariantInit.OLEAUT32(?), ref: 00479DF7
                          • Part of subcall function 00467626: VariantInit.OLEAUT32(00000000), ref: 00467666
                          • Part of subcall function 00467626: VariantCopy.OLEAUT32(00000000,00479BD3), ref: 00467670
                          • Part of subcall function 00467626: VariantClear.OLEAUT32 ref: 0046767D
                        • VariantClear.OLEAUT32(?), ref: 00479F9C
                          • Part of subcall function 004781AE: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00000001,00000000,NULL Pointer assignment,00000001), ref: 00478201
                          • Part of subcall function 004781AE: VariantCopy.OLEAUT32(?,?), ref: 00478259
                          • Part of subcall function 004781AE: VariantCopy.OLEAUT32(-00000058,?), ref: 00478270
                          • Part of subcall function 004781AE: VariantCopy.OLEAUT32(-00000078,?), ref: 00478287
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: Variant$Copy$ClearInit$ErrorLast_memset
                        • String ID: F$Incorrect Object type in FOR..IN loop$Null Object assignment in FOR..IN loop
                        • API String ID: 665237470-60002521
                        • Opcode ID: d48da594d57f6aadbcc7a695fec4cf75dc39f6aec1ddb07572db38b207896a5c
                        • Instruction ID: 799f1794578ead7d01377608c22e1fb401aa4fc5ffca8a64c02b8280356d09a3
                        • Opcode Fuzzy Hash: d48da594d57f6aadbcc7a695fec4cf75dc39f6aec1ddb07572db38b207896a5c
                        • Instruction Fuzzy Hash: 6091B272204341AFD720DF64D880EABB7E9EFC4314F50891EF28987291D7B9AD45C766
                        APIs
                          • Part of subcall function 00401B70: _wcslen.LIBCMT ref: 00401B71
                        • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0046A84D
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: ConnectRegistry_wcslen
                        • String ID: HH
                        • API String ID: 535477410-2761332787
                        • Opcode ID: 95544a26956fe54eb2a8636236a3b10fc217bfdb2bff17811b2f45cb9df4731a
                        • Instruction ID: 68d8ff7817732ac0dd8275009c421e29eb5870de2046e22f9b94a35ba54c9d9f
                        • Opcode Fuzzy Hash: 95544a26956fe54eb2a8636236a3b10fc217bfdb2bff17811b2f45cb9df4731a
                        • Instruction Fuzzy Hash: FE617FB56083009FD304EF65C981F6BB7E4AF88704F14891EF681A7291D678ED09CB97
                        APIs
                        • _memset.LIBCMT ref: 0045F317
                        • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 0045F367
                        • IsMenu.USER32(?), ref: 0045F380
                        • CreatePopupMenu.USER32 ref: 0045F3C5
                        • GetMenuItemCount.USER32(?), ref: 0045F42F
                        • InsertMenuItemW.USER32(?,?,00000001,?), ref: 0045F45B
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: Menu$Item$CountCreateInfoInsertPopup_memset
                        • String ID: 0$2
                        • API String ID: 3311875123-3793063076
                        • Opcode ID: fbdd9a11e44187a4bf70f7de18f8631e861f84fad9f8f26dcc1fb12baf34abbc
                        • Instruction ID: 6c7ab59355789d00cbd42ef361c1bd9312a1bc9220e92816940967e3bd29aecc
                        • Opcode Fuzzy Hash: fbdd9a11e44187a4bf70f7de18f8631e861f84fad9f8f26dcc1fb12baf34abbc
                        • Instruction Fuzzy Hash: E451CF702043409FD710CF69D888B6BBBE4AFA5319F104A3EFD9586292D378994DCB67
                        APIs
                        • GetModuleHandleW.KERNEL32(00000000,004A8E80,00000100,00000100,?,C:\Users\user\Desktop\Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exe), ref: 0043719E
                        • LoadStringW.USER32(00000000), ref: 004371A7
                        • GetModuleHandleW.KERNEL32(00000000,00001389,?,00000100), ref: 004371BD
                        • LoadStringW.USER32(00000000), ref: 004371C0
                        • _printf.LIBCMT ref: 004371EC
                        • MessageBoxW.USER32(00000000,?,?,00011010), ref: 00437208
                        Strings
                        • %s (%d) : ==> %s: %s %s, xrefs: 004371E7
                        • C:\Users\user\Desktop\Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exe, xrefs: 00437189
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: HandleLoadModuleString$Message_printf
                        • String ID: %s (%d) : ==> %s: %s %s$C:\Users\user\Desktop\Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exe
                        • API String ID: 220974073-739945149
                        • Opcode ID: 94d1ddb87e9fdddd1f0eb85761e890ae026325719f266e56d7856026e6b64315
                        • Instruction ID: cc9e6972dbc5209964c20f0f7d1f7455a13934f6c555fd98bc0bf92a0502fb90
                        • Opcode Fuzzy Hash: 94d1ddb87e9fdddd1f0eb85761e890ae026325719f266e56d7856026e6b64315
                        • Instruction Fuzzy Hash: F7014FB2A543447AE620EB549D06FFB365CABC4B01F444C1EB794A60C0AAF865548BBA
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: b00adbc1ea9d53563bb8a7982d93c3fa4b8356126e06b3aad1cc727703ca6f1a
                        • Instruction ID: 20732dcab93056f759d0b04a6df1a57780e33876730225f1fefd21ccf2a16f59
                        • Opcode Fuzzy Hash: b00adbc1ea9d53563bb8a7982d93c3fa4b8356126e06b3aad1cc727703ca6f1a
                        • Instruction Fuzzy Hash: 36519070200301ABD320DF29CC85F5BB7E8EB48715F540A1EF995E7292D7B4E949CB29
                        APIs
                          • Part of subcall function 0040FFB0: GetFullPathNameW.KERNEL32(00000000,00000104,C:\Users\user\Desktop\Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exe,?,C:\Users\user\Desktop\Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exe,004A8E80,C:\Users\user\Desktop\Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exe,0040F3D2), ref: 0040FFCA
                          • Part of subcall function 00436AC4: GetFileAttributesW.KERNEL32(?,0044BD82,?,?,?), ref: 00436AC9
                        • lstrcmpiW.KERNEL32(?,?), ref: 0045355E
                        • MoveFileW.KERNEL32(?,?), ref: 0045358E
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: File$AttributesFullMoveNamePathlstrcmpi
                        • String ID:
                        • API String ID: 978794511-0
                        • Opcode ID: 905b41a6b5f1f1e7811aa1c06e555ad1605d40905c9a381d53b63ac73f12040d
                        • Instruction ID: dcad70f49e32ae1adaf0c812d378eb0bba467e0a617048934f4a65f03e3a0b24
                        • Opcode Fuzzy Hash: 905b41a6b5f1f1e7811aa1c06e555ad1605d40905c9a381d53b63ac73f12040d
                        • Instruction Fuzzy Hash: 665162B25043406AC724EF61D885ADFB3E8AFC8305F44992EB94992151E73DD34DC767
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 2697ea5a26a9fc7488a3d070abad83f7d669ddccf749f4bfc66ff3ac1f4b4023
                        • Instruction ID: b1e2397247e50d0c7000acf5a2db8631a214b417b603bec0598d849dd48054e0
                        • Opcode Fuzzy Hash: 2697ea5a26a9fc7488a3d070abad83f7d669ddccf749f4bfc66ff3ac1f4b4023
                        • Instruction Fuzzy Hash: E54128332402806BE320A75DB8C4ABBFB98E7A2362F50443FF18196520D76678C5D339
                        APIs
                          • Part of subcall function 0044593E: GetWindowThreadProcessId.USER32(00000001,00000000), ref: 0044595D
                          • Part of subcall function 0044593E: GetCurrentThreadId.KERNEL32 ref: 00445964
                          • Part of subcall function 0044593E: AttachThreadInput.USER32(00000000,?,00000001,00478FA7), ref: 0044596B
                        • MapVirtualKeyW.USER32(00000025,00000000), ref: 00445D15
                        • PostMessageW.USER32(?,00000100,00000025,00000000), ref: 00445D35
                        • Sleep.KERNEL32(00000000,?,00000100,00000025,00000000), ref: 00445D3F
                        • MapVirtualKeyW.USER32(00000025,00000000), ref: 00445D45
                        • PostMessageW.USER32(00000000,00000100,00000027,00000000), ref: 00445D66
                        • Sleep.KERNEL32(00000000), ref: 00445D70
                        • MapVirtualKeyW.USER32(00000025,00000000), ref: 00445D76
                        • PostMessageW.USER32(?,00000101,00000027,00000000), ref: 00445D8B
                        • Sleep.KERNEL32(00000000,?,00000101,00000027,00000000), ref: 00445D8F
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: MessagePostSleepThreadVirtual$AttachCurrentInputProcessWindow
                        • String ID:
                        • API String ID: 2014098862-0
                        • Opcode ID: 621277f82d70151dd5f553487d646ea3797e8fa9e9e6e4ab5ab83039983e6254
                        • Instruction ID: b085f3065cf9cd100f04f322da00d4b037e108fc79bf5967fdabce1cd6d2e74b
                        • Opcode Fuzzy Hash: 621277f82d70151dd5f553487d646ea3797e8fa9e9e6e4ab5ab83039983e6254
                        • Instruction Fuzzy Hash: 7B116971790704B7F620AB958C8AF5A7399EF88B11F20080DF790AB1C1C9F5E4418B7C
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: AddressProc_malloc$_strcat_strlen
                        • String ID: AU3_FreeVar
                        • API String ID: 2184576858-771828931
                        • Opcode ID: 0c8ae277bfce4f6227ebe1b78a96747af57dc4a525e04d776edf31878272b6cd
                        • Instruction ID: c940ad03d776ce5ee908f8b881b33357b51647545ffc53e819ca791e1fdac2da
                        • Opcode Fuzzy Hash: 0c8ae277bfce4f6227ebe1b78a96747af57dc4a525e04d776edf31878272b6cd
                        • Instruction Fuzzy Hash: EDA18DB5604205DFC300DF59C480A2AB7E5FFC8319F1489AEE9554B362D739ED89CB8A
                        APIs
                        • mciSendStringW.WINMM(close all,00000000,00000000,00000000), ref: 00401D5A
                        • DestroyWindow.USER32(?), ref: 0042A751
                        • UnregisterHotKey.USER32(?), ref: 0042A778
                        • FreeLibrary.KERNEL32(?), ref: 0042A822
                        • VirtualFree.KERNEL32(?,00000000,00008000), ref: 0042A854
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: Free$DestroyLibrarySendStringUnregisterVirtualWindow
                        • String ID: close all
                        • API String ID: 4174999648-3243417748
                        • Opcode ID: 9f9deb73285226e6ba240568d142da5fec9cf520cd27fc9a3a2cacaca98377aa
                        • Instruction ID: e23b5dd52123a376b0379481fe8be5d2f02d07e70979f80a1c72d587d5a24a2c
                        • Opcode Fuzzy Hash: 9f9deb73285226e6ba240568d142da5fec9cf520cd27fc9a3a2cacaca98377aa
                        • Instruction Fuzzy Hash: FFA17075A102248FCB20EF55CC85B9AB3B8BF44304F5044EEE90967291D779AE85CF9D
                        APIs
                        • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 0044AA5A
                        • HttpOpenRequestW.WININET(00000000,00000000,?,00000000,00000000,00000000,?,00000000), ref: 0044AA8D
                        • InternetQueryOptionW.WININET(00000000,0000001F,?,?), ref: 0044AAF9
                        • InternetSetOptionW.WININET(00000000,0000001F,?,00000004), ref: 0044AB11
                        • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 0044AB20
                        • HttpQueryInfoW.WININET(00000000,00000005,?,00000000,00000000), ref: 0044AB61
                          • Part of subcall function 0044286A: GetLastError.KERNEL32(00000000,0044AA07,?,00000000,00000000,00000001,?,?), ref: 00442880
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: HttpInternet$OptionQueryRequest$ConnectErrorInfoLastOpenSend
                        • String ID:
                        • API String ID: 1291720006-3916222277
                        • Opcode ID: fd0d9a71f1b9f9aed2e07c44adb1cce69882d59a8a6dee97d1abd644e851efd9
                        • Instruction ID: 782b6278bf246bef60821ca34847c3ce69a0d92f774604c9678bedd135ce19ea
                        • Opcode Fuzzy Hash: fd0d9a71f1b9f9aed2e07c44adb1cce69882d59a8a6dee97d1abd644e851efd9
                        • Instruction Fuzzy Hash: 9C51E6B12803016BF320EB65CD85FBBB7A8FB89704F00091EF74196181D7B9A548C76A
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: ErrorLastselect
                        • String ID: HH
                        • API String ID: 215497628-2761332787
                        • Opcode ID: 0de0448ade90d459e176b7eabd0eb7793c39b194d41e4bdd7ff4fb8690f4e17f
                        • Instruction ID: a252b81ccbce03d1e7b1b0efababa2c0a0929072778302a7b1202b90a7697d70
                        • Opcode Fuzzy Hash: 0de0448ade90d459e176b7eabd0eb7793c39b194d41e4bdd7ff4fb8690f4e17f
                        • Instruction Fuzzy Hash: BF51E4726043005BD320EB65DC42F9BB399EB94324F044A2EF558E7281EB79E944C7AA
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: __snwprintf__wcsicoll_wcscpy
                        • String ID: , $$0vH$AUTOITCALLVARIABLE%d$CALLARGARRAY
                        • API String ID: 1729044348-3708979750
                        • Opcode ID: e5856c69d37335927e932bb259c431c810e65197c095b32473e915812f67d75c
                        • Instruction ID: 823d0c4529048d9f890bbf28e75db1a658c609af9319d28fcdda535ef0d13f31
                        • Opcode Fuzzy Hash: e5856c69d37335927e932bb259c431c810e65197c095b32473e915812f67d75c
                        • Instruction Fuzzy Hash: E651A571514300ABD610EF65C882ADFB3A4EFC4348F048D2FF54967291D779E949CBAA
                        APIs
                          • Part of subcall function 0040FFB0: GetFullPathNameW.KERNEL32(00000000,00000104,C:\Users\user\Desktop\Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exe,?,C:\Users\user\Desktop\Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exe,004A8E80,C:\Users\user\Desktop\Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exe,0040F3D2), ref: 0040FFCA
                        • lstrcmpiW.KERNEL32(?,?), ref: 0044BC04
                        • MoveFileW.KERNEL32(?,?), ref: 0044BC38
                        • _wcscat.LIBCMT ref: 0044BCAA
                        • _wcslen.LIBCMT ref: 0044BCB7
                        • _wcslen.LIBCMT ref: 0044BCCB
                        • SHFileOperationW.SHELL32 ref: 0044BD16
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: File_wcslen$FullMoveNameOperationPath_wcscatlstrcmpi
                        • String ID: \*.*
                        • API String ID: 2326526234-1173974218
                        • Opcode ID: 79917c867e5dc746cbfe3ebb0135d92afbab4952e7fca4f485a184e9ce72b521
                        • Instruction ID: 9e4979448571685848097db6772507fbfe8bfb8d1337cd0032b1ea927bdad9db
                        • Opcode Fuzzy Hash: 79917c867e5dc746cbfe3ebb0135d92afbab4952e7fca4f485a184e9ce72b521
                        • Instruction Fuzzy Hash: 4B3183B14083019AD724EF21C5D5ADFB3E4EFC8304F444D6EB98993251EB39E608D7AA
                        APIs
                          • Part of subcall function 00436328: _wcsncpy.LIBCMT ref: 0043633C
                        • _wcslen.LIBCMT ref: 004366DD
                        • GetFileAttributesW.KERNEL32(?), ref: 00436700
                        • GetLastError.KERNEL32 ref: 0043670F
                        • CreateDirectoryW.KERNEL32(00000000,00000000), ref: 00436727
                        • _wcsrchr.LIBCMT ref: 0043674C
                          • Part of subcall function 004366BE: CreateDirectoryW.KERNEL32(?,00000000,?,00000000,00000000), ref: 0043678F
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: CreateDirectory$AttributesErrorFileLast_wcslen_wcsncpy_wcsrchr
                        • String ID: \
                        • API String ID: 321622961-2967466578
                        • Opcode ID: 1eb455b432650c328f353f4bd1bc621d200bc06401c5471b489e88a9126e4646
                        • Instruction ID: 68cadaa88695c7c006562ade17844284f7fc34f8e7e15af3b97584e331f528d6
                        • Opcode Fuzzy Hash: 1eb455b432650c328f353f4bd1bc621d200bc06401c5471b489e88a9126e4646
                        • Instruction Fuzzy Hash: 3C2148765003017ADB20A724EC47AFF33989F95764F90993EFD14D6281E779950882AE
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: __wcsnicmp
                        • String ID: #OnAutoItStartRegister$#notrayicon$#requireadmin
                        • API String ID: 1038674560-2734436370
                        • Opcode ID: 8fabdde956d602f6b8b7368bcff20dfc7d0b0c72369e2d81c3549115c9808aba
                        • Instruction ID: f72ce1d64a5a3b865947b719243e4701f1ba8c8209579f194a7ae3ad15c73224
                        • Opcode Fuzzy Hash: 8fabdde956d602f6b8b7368bcff20dfc7d0b0c72369e2d81c3549115c9808aba
                        • Instruction Fuzzy Hash: 1B21F87261161067E730B659DCC2BDB63985F65305F04406BF800AA247D6ADA98A83AA
                        APIs
                        • DeleteObject.GDI32(?), ref: 0044157D
                        • GetDC.USER32(00000000), ref: 00441585
                        • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00441590
                        • ReleaseDC.USER32(00000000,00000000), ref: 0044159B
                        • CreateFontW.GDI32(?,00000000,00000000,00000000,?,000000FF,000000FF,000000FF,00000001,00000004,00000000,?,00000000,00000000), ref: 004415E9
                        • SendMessageW.USER32(?,00000030,00000000,00000001), ref: 00441601
                        • MoveWindow.USER32(?,?,?,?,?,00000000), ref: 00441639
                        • SendMessageW.USER32(?,00000142,00000000,00000000), ref: 00441659
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: MessageSend$CapsCreateDeleteDeviceFontMoveObjectReleaseWindow
                        • String ID:
                        • API String ID: 3864802216-0
                        • Opcode ID: ea0a3e179a2db4f205f3d0bf310cedd64f619745dcd59731a2847991c922bb1b
                        • Instruction ID: 4e191e68d33858d232da06d8f8bca50b2e2c885119a5133d865ec5329e905ca2
                        • Opcode Fuzzy Hash: ea0a3e179a2db4f205f3d0bf310cedd64f619745dcd59731a2847991c922bb1b
                        • Instruction Fuzzy Hash: 1531C172240344BBE7208B14CD49FAB77EDEB88B15F08450DFB44AA2D1DAB4ED808B64
                        APIs
                        • ___set_flsgetvalue.LIBCMT ref: 004140E1
                          • Part of subcall function 00416A84: TlsGetValue.KERNEL32(00411739,00416C10,?,00411739,00417F28,00413979,?,?,00411739,?,00401C0B), ref: 00416A8D
                          • Part of subcall function 00416A84: __decode_pointer.LIBCMT ref: 00416A9F
                          • Part of subcall function 00416A84: TlsSetValue.KERNEL32(00000000,00411739,00417F28,00413979,?,?,00411739,?,00401C0B), ref: 00416AAE
                        • ___fls_getvalue@4.LIBCMT ref: 004140EC
                          • Part of subcall function 00416A64: TlsGetValue.KERNEL32(?,?,004140F1,00000000), ref: 00416A72
                        • ___fls_setvalue@8.LIBCMT ref: 004140FF
                          • Part of subcall function 00416AB8: __decode_pointer.LIBCMT ref: 00416AC9
                        • GetLastError.KERNEL32(00000000,?,00000000), ref: 00414108
                        • ExitThread.KERNEL32 ref: 0041410F
                        • GetCurrentThreadId.KERNEL32 ref: 00414115
                        • __freefls@4.LIBCMT ref: 00414135
                        • __IsNonwritableInCurrentImage.LIBCMT ref: 00414148
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: Value$CurrentThread__decode_pointer$ErrorExitImageLastNonwritable___fls_getvalue@4___fls_setvalue@8___set_flsgetvalue__freefls@4
                        • String ID:
                        • API String ID: 1925773019-0
                        • Opcode ID: 78c5a7e04feddb60afef3bdf2204f5ea6d2fca564e255d6fa6df859771c1ea47
                        • Instruction ID: d0499dd1a11a7aa3f5f6b81cdb2be0183561266298d4129ec5ef95b8f2f1ff50
                        • Opcode Fuzzy Hash: 78c5a7e04feddb60afef3bdf2204f5ea6d2fca564e255d6fa6df859771c1ea47
                        • Instruction Fuzzy Hash: 12018430000200ABC704BFB2DD0D9DE7BA9AF95345722886EF90497212DA3CC9C28B5C
                        APIs
                        • VariantClear.OLEAUT32(00000038), ref: 004357C3
                        • VariantClear.OLEAUT32(00000058), ref: 004357C9
                        • VariantClear.OLEAUT32(00000068), ref: 004357CF
                        • VariantClear.OLEAUT32(00000078), ref: 004357D5
                        • VariantClear.OLEAUT32(00000088), ref: 004357DE
                        • VariantClear.OLEAUT32(00000048), ref: 004357E4
                        • VariantClear.OLEAUT32(00000098), ref: 004357ED
                        • VariantClear.OLEAUT32(000000A8), ref: 004357F6
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: ClearVariant
                        • String ID:
                        • API String ID: 1473721057-0
                        • Opcode ID: 108e33c2045b04221b4df3f02cd388125a51a7e0134505e60bdc817f2fb2f336
                        • Instruction ID: 4669651a97e20320d925a323ac357da1b1419afffb7c9eb93274aad60c959a81
                        • Opcode Fuzzy Hash: 108e33c2045b04221b4df3f02cd388125a51a7e0134505e60bdc817f2fb2f336
                        • Instruction Fuzzy Hash: BDF03CB6400B446AC235EB79DC40BD7B7E86F89200F018E1DE58783514DA78F588CB64
                        APIs
                        • WSAStartup.WSOCK32(00000101,?,?), ref: 00464ADE
                          • Part of subcall function 0045EFE7: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,?,?,0047D14B,?,?,?,?), ref: 0045F003
                        • inet_addr.WSOCK32(?,00000000,?,?,00000101,?,?), ref: 00464B1F
                        • gethostbyname.WSOCK32(?,?,00000000,?,?,00000101,?,?), ref: 00464B29
                        • _memset.LIBCMT ref: 00464B92
                        • GlobalAlloc.KERNEL32(00000040,00000040), ref: 00464B9E
                        • GlobalFree.KERNEL32(00000000), ref: 00464CDE
                        • WSACleanup.WSOCK32 ref: 00464CE4
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: Global$AllocByteCharCleanupFreeMultiStartupWide_memsetgethostbynameinet_addr
                        • String ID:
                        • API String ID: 3424476444-0
                        • Opcode ID: 3a9821fb802cba04523fcb9c1f83c74fd5b22343f7d4654d6e4056c4a41f6a01
                        • Instruction ID: 8d90feaebe95447676150adcea4a136074f650e12d33839f26a9dde16614cdb7
                        • Opcode Fuzzy Hash: 3a9821fb802cba04523fcb9c1f83c74fd5b22343f7d4654d6e4056c4a41f6a01
                        • Instruction Fuzzy Hash: A3A17EB1504300AFD710EF65C982F9BB7E8AFC8714F54491EF64497381E778E9058B9A
                        APIs
                        • GetSystemMetrics.USER32(0000000F), ref: 00440B7B
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: MetricsSystem
                        • String ID:
                        • API String ID: 4116985748-0
                        • Opcode ID: eff4c90f3403bcfb76001cffaab33834930133fcb34fa8184a7caea4de8066d9
                        • Instruction ID: 1e23dbab6d9439f1299be2c39bdf7de0481ead398f869a6d5eaf0ea33fa99bdf
                        • Opcode Fuzzy Hash: eff4c90f3403bcfb76001cffaab33834930133fcb34fa8184a7caea4de8066d9
                        • Instruction Fuzzy Hash: 8EA19C70608701DBE314CF68C984B6BBBE1FB88704F14491EFA8593251E778F965CB5A
                        APIs
                          • Part of subcall function 00401B70: _wcslen.LIBCMT ref: 00401B71
                        • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0046AC62
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: ConnectRegistry_wcslen
                        • String ID:
                        • API String ID: 535477410-0
                        • Opcode ID: 37987dacba266e2f7d681c7555595b89ca1c624194ad33880a6965c3691367fb
                        • Instruction ID: 71109d01e6e71572d3d886d5d9f1e4ab699fb1be984f768d753da2f0a00da466
                        • Opcode Fuzzy Hash: 37987dacba266e2f7d681c7555595b89ca1c624194ad33880a6965c3691367fb
                        • Instruction Fuzzy Hash: BBA18EB1204300AFC710EF65C885B1BB7E4BF85704F14896EF685AB292D779E905CB9B
                        APIs
                          • Part of subcall function 0040FFF0: _wcslen.LIBCMT ref: 0040FFF2
                          • Part of subcall function 0040FFF0: _wcscpy.LIBCMT ref: 00410012
                        • _memset.LIBCMT ref: 004538C4
                        • GetMenuItemInfoW.USER32(?,?), ref: 004538EF
                        • _wcslen.LIBCMT ref: 00453960
                        • SetMenuItemInfoW.USER32(00000011,?,00000000,?), ref: 004539C4
                        • SetMenuDefaultItem.USER32(?,000000FF,00000000,?,?), ref: 004539E0
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: ItemMenu$Info_wcslen$Default_memset_wcscpy
                        • String ID: 0
                        • API String ID: 3530711334-4108050209
                        • Opcode ID: c8c2b72c749714a23e45c10816ef9459d7fe91b5f095051f547869ed1843acb9
                        • Instruction ID: 97d09e0af2b4d046480d7fb626e7fa0667c22e7462995616ff61acde959b3bac
                        • Opcode Fuzzy Hash: c8c2b72c749714a23e45c10816ef9459d7fe91b5f095051f547869ed1843acb9
                        • Instruction Fuzzy Hash: 747118F15083015AD714DF65C881B6BB7E4EB98396F04491FFD8082292D7BCDA4CC7AA
                        APIs
                        • GetCurrentProcessId.KERNEL32(?), ref: 00473A00
                        • OpenProcess.KERNEL32(00000410,00000000,00000000), ref: 00473A0E
                        • GetProcessIoCounters.KERNEL32(00000000,?), ref: 00473A34
                        • CloseHandle.KERNEL32(00000000,00000000,?,00000028), ref: 00473C01
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: Process$CloseCountersCurrentHandleOpen
                        • String ID: HH
                        • API String ID: 3488606520-2761332787
                        • Opcode ID: 12402d889b8d2545f97f81e579d11a3e1d05628ef8a47b4e2ac7d1c45517ac81
                        • Instruction ID: 2161edc7e7eefe464b48455ffcea7dd3157e2cbe85e131cccd8837112284b0a3
                        • Opcode Fuzzy Hash: 12402d889b8d2545f97f81e579d11a3e1d05628ef8a47b4e2ac7d1c45517ac81
                        • Instruction Fuzzy Hash: 3581BF71A043019FD320EF69C882B5BF7E4AF84744F108C2EF598AB392D675E945CB96
                        APIs
                          • Part of subcall function 0044710F: DeleteObject.GDI32(00000000), ref: 00447151
                          • Part of subcall function 0044710F: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,00000000,?,?,?), ref: 00447195
                          • Part of subcall function 0044710F: SelectObject.GDI32(?,00000000), ref: 004471A2
                          • Part of subcall function 0044710F: BeginPath.GDI32(?), ref: 004471B7
                          • Part of subcall function 0044710F: SelectObject.GDI32(?,00000000), ref: 004471DC
                        • Ellipse.GDI32(?,?,?,00000000), ref: 00447463
                        • MoveToEx.GDI32(?,?,?,00000000), ref: 00447473
                        • AngleArc.GDI32(?,?,?,?,?,?), ref: 004474B6
                        • LineTo.GDI32(?,?), ref: 004474BF
                        • CloseFigure.GDI32(?), ref: 004474C6
                        • SetPixel.GDI32(?,?,?,?), ref: 004474D6
                        • Rectangle.GDI32(?,?), ref: 004474F3
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: Object$Select$AngleBeginCloseCreateDeleteEllipseFigureLineMovePathPixelRectangle
                        • String ID:
                        • API String ID: 4082120231-0
                        • Opcode ID: 3e823f4574af11f26be8c20bd8771cfecf2a7ea1363ae8038588c787c8c49515
                        • Instruction ID: e2e17d079c8faeb919f1a119f9aa9df975eabc7d00289576b12f70c1741c819b
                        • Opcode Fuzzy Hash: 3e823f4574af11f26be8c20bd8771cfecf2a7ea1363ae8038588c787c8c49515
                        • Instruction Fuzzy Hash: BC713AB11083419FD300DF15C884E6BBBE9EFC9708F148A1EF99497351D778A906CBAA
                        APIs
                          • Part of subcall function 0044710F: DeleteObject.GDI32(00000000), ref: 00447151
                          • Part of subcall function 0044710F: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,00000000,?,?,?), ref: 00447195
                          • Part of subcall function 0044710F: SelectObject.GDI32(?,00000000), ref: 004471A2
                          • Part of subcall function 0044710F: BeginPath.GDI32(?), ref: 004471B7
                          • Part of subcall function 0044710F: SelectObject.GDI32(?,00000000), ref: 004471DC
                        • Ellipse.GDI32(?,?,?,00000000), ref: 00447463
                        • MoveToEx.GDI32(?,?,?,00000000), ref: 00447473
                        • AngleArc.GDI32(?,?,?,?,?,?), ref: 004474B6
                        • LineTo.GDI32(?,?), ref: 004474BF
                        • CloseFigure.GDI32(?), ref: 004474C6
                        • SetPixel.GDI32(?,?,?,?), ref: 004474D6
                        • Rectangle.GDI32(?,?), ref: 004474F3
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: Object$Select$AngleBeginCloseCreateDeleteEllipseFigureLineMovePathPixelRectangle
                        • String ID:
                        • API String ID: 4082120231-0
                        • Opcode ID: bd92991fb0a59d5160a547c0af993f50d26037df712543aebae1afc8709768cb
                        • Instruction ID: 71053adf7dd607ae91079c2ca5de7ffea4483cc305881a9741cc2e8bc8d6f2cf
                        • Opcode Fuzzy Hash: bd92991fb0a59d5160a547c0af993f50d26037df712543aebae1afc8709768cb
                        • Instruction Fuzzy Hash: 55613BB51083419FD300DF55CC84E6BBBE9EBC9308F148A1EF99597351D738A906CB6A
                        APIs
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: AngleCloseEllipseFigureLineMovePixelRectangle
                        • String ID:
                        • API String ID: 288456094-0
                        • Opcode ID: d308d32173f93e4cd5527eec6d709d72f3e0fef6f2bd509874fda6c33d0c9603
                        • Instruction ID: d3db7697bfba14f4a3ad6627a8a5faa1010559558ae5e3f89cc6b0bd66950af4
                        • Opcode Fuzzy Hash: d308d32173f93e4cd5527eec6d709d72f3e0fef6f2bd509874fda6c33d0c9603
                        • Instruction Fuzzy Hash: 90514BB51082419FD300DF15CC84E6BBBE9EFC9308F14891EF99497351D734A906CB6A
                        APIs
                        • GetParent.USER32(?), ref: 004449B0
                        • GetKeyboardState.USER32(?), ref: 004449C3
                        • SetKeyboardState.USER32(?), ref: 00444A0F
                        • PostMessageW.USER32(?,00000101,00000010,?), ref: 00444A3F
                        • PostMessageW.USER32(?,00000101,00000011,?), ref: 00444A60
                        • PostMessageW.USER32(?,00000101,00000012,?), ref: 00444AAC
                        • PostMessageW.USER32(?,00000101,0000005B,?), ref: 00444AD1
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: MessagePost$KeyboardState$Parent
                        • String ID:
                        • API String ID: 87235514-0
                        • Opcode ID: d47ceab968b999e6d4944081d81f2373d9ea27f049f07d95c13b51a59d3cc885
                        • Instruction ID: 19c159416ad4887e81d4090d30fbb5c505c675cee05c330e2fd8e115592bd25d
                        • Opcode Fuzzy Hash: d47ceab968b999e6d4944081d81f2373d9ea27f049f07d95c13b51a59d3cc885
                        • Instruction Fuzzy Hash: B651C5A05487D139F7369234884ABA7BFD55F8A304F08CA4EF1E5156C3D2ECE984C769
                        APIs
                        • GetParent.USER32(?), ref: 00444BA9
                        • GetKeyboardState.USER32(?), ref: 00444BBC
                        • SetKeyboardState.USER32(?), ref: 00444C08
                        • PostMessageW.USER32(?,00000100,00000010,?), ref: 00444C35
                        • PostMessageW.USER32(?,00000100,00000011,?), ref: 00444C53
                        • PostMessageW.USER32(?,00000100,00000012,?), ref: 00444C9C
                        • PostMessageW.USER32(?,00000100,0000005B,?), ref: 00444CBE
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: MessagePost$KeyboardState$Parent
                        • String ID:
                        • API String ID: 87235514-0
                        • Opcode ID: de9aba9e896a2e755c79cba499ec14fd455f1b60db9a9f79a8626ad1a28ad6a0
                        • Instruction ID: 4493abccadab05ae7d00f733e1fa63583af0c494729619d74f1516a50adc8d80
                        • Opcode Fuzzy Hash: de9aba9e896a2e755c79cba499ec14fd455f1b60db9a9f79a8626ad1a28ad6a0
                        • Instruction Fuzzy Hash: A951E4F05097D139F7369364884ABA7BFE46F8A304F088A4EF1D5065C2D2ACE984C769
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 2552f041a71837ba3affbc4ec308d2b7aa0755a9e2dfe05148a880b05b5b76bf
                        • Instruction ID: b3b3da583a0ae8cfa3180eda0e634cae40a493ebdfd517dbec9d2fd4fbd82cb1
                        • Opcode Fuzzy Hash: 2552f041a71837ba3affbc4ec308d2b7aa0755a9e2dfe05148a880b05b5b76bf
                        • Instruction Fuzzy Hash: 1E513A315082909FE321CF14DC89FABBB64FB46320F18456FF895AB2D1D7649C06D7AA
                        APIs
                          • Part of subcall function 00401B70: _wcslen.LIBCMT ref: 00401B71
                        • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0046AA77
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: ConnectRegistry_wcslen
                        • String ID: HH
                        • API String ID: 535477410-2761332787
                        • Opcode ID: a31a44ff546351b1de52d8f34745bf25342c9426a619c9766caf2b0061db1f75
                        • Instruction ID: 7b41397762752e7dec08e47bcdb2cb2f58790b6f4670524580eb9da3090621e6
                        • Opcode Fuzzy Hash: a31a44ff546351b1de52d8f34745bf25342c9426a619c9766caf2b0061db1f75
                        • Instruction Fuzzy Hash: A2516D71208301AFD304EF65C981F5BB7A9BFC4704F40892EF685A7291D678E905CB6B
                        APIs
                        • _memset.LIBCMT ref: 00457C34
                        • _memset.LIBCMT ref: 00457CE8
                        • ShellExecuteExW.SHELL32(?), ref: 00457D34
                          • Part of subcall function 0040FFF0: _wcslen.LIBCMT ref: 0040FFF2
                          • Part of subcall function 0040FFF0: _wcscpy.LIBCMT ref: 00410012
                        • CloseHandle.KERNEL32(?), ref: 00457DDD
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: _memset$CloseExecuteHandleShell_wcscpy_wcslen
                        • String ID: <$@
                        • API String ID: 1325244542-1426351568
                        • Opcode ID: bce0cc86945754dfb230170ecd4c21a915d6526e7c9b1e7fd723952314da78dd
                        • Instruction ID: 09e461bdfc47c8bdd671eddb31188d347eda7c51057725e13e77015b5001baed
                        • Opcode Fuzzy Hash: bce0cc86945754dfb230170ecd4c21a915d6526e7c9b1e7fd723952314da78dd
                        • Instruction Fuzzy Hash: EA510FB55083009FC710EF61D985A5BB7E4AF84709F00492EFD44AB392DB39ED48CB9A
                        APIs
                        • CreateToolhelp32Snapshot.KERNEL32(?,?,?,?,?,?,?,?,?,00000002,00000000,00000014), ref: 0047379B
                        • Process32FirstW.KERNEL32(00000000,?), ref: 004737A8
                        • __wsplitpath.LIBCMT ref: 004737E1
                          • Part of subcall function 00413DB0: __wsplitpath_helper.LIBCMT ref: 00413DF2
                        • _wcscat.LIBCMT ref: 004737F6
                        • __wcsicoll.LIBCMT ref: 00473818
                        • Process32NextW.KERNEL32(00000000,?), ref: 00473844
                        • CloseHandle.KERNEL32(00000000,00000000,?,?), ref: 00473852
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32__wcsicoll__wsplitpath__wsplitpath_helper_wcscat
                        • String ID:
                        • API String ID: 2547909840-0
                        • Opcode ID: 1dcf289f501924a5df592eae16a0ec0030d5246948486ec38c60cdc62178aa5b
                        • Instruction ID: 8efa427203ffd7a45d167e3a64f6abf3f3640219bb0751621114887cb14f0fc1
                        • Opcode Fuzzy Hash: 1dcf289f501924a5df592eae16a0ec0030d5246948486ec38c60cdc62178aa5b
                        • Instruction Fuzzy Hash: 4751BB71544304A7D720EF61CC86FDBB3E8AF84748F00492EF58957182E775E645C7AA
                        APIs
                        • SendMessageW.USER32(?,00001308,?,00000000), ref: 004552B7
                        • ImageList_Remove.COMCTL32(?,?,?,?), ref: 004552EB
                        • SendMessageW.USER32(?,0000133D,?,00000002), ref: 004553D3
                        • DeleteObject.GDI32(?), ref: 0045564E
                        • DeleteObject.GDI32(?), ref: 0045565C
                        • DestroyIcon.USER32(?,?,?,?,?), ref: 0045566A
                        • DestroyWindow.USER32(?,?,?,?,?), ref: 00455678
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: DeleteDestroyMessageObjectSend$IconImageList_RemoveWindow
                        • String ID:
                        • API String ID: 2354583917-0
                        • Opcode ID: b44580b005306b3b7f9b1dbab51831616e075f248f5ed84087b7c105bb41b1f9
                        • Instruction ID: 19c5dc8500d05a42ca126c51664c70dafe1d1a8ca3b523478e8997b137d6e309
                        • Opcode Fuzzy Hash: b44580b005306b3b7f9b1dbab51831616e075f248f5ed84087b7c105bb41b1f9
                        • Instruction Fuzzy Hash: 77519D30204A419FC714DF24C4A4B7A77E5FB49301F4486AEFD9ACB392DB78A849CB54
                        APIs
                          • Part of subcall function 0046DD22: IsWindow.USER32(00000000), ref: 0046DD51
                        • GetMenu.USER32 ref: 004776AA
                        • GetMenuItemCount.USER32(00000000), ref: 004776CC
                        • GetMenuStringW.USER32(00000000,00000000,?,00007FFF,00000400), ref: 004776FB
                        • _wcslen.LIBCMT ref: 0047771A
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: Menu$CountItemStringWindow_wcslen
                        • String ID:
                        • API String ID: 1823500076-0
                        • Opcode ID: 3c1e0179b5075f45df12b398ec391808b8d2f1e7a16a5d1bec5683dd9427006f
                        • Instruction ID: 4b9e656becebfc5f52f27a1d7ad2c07a58398098864d75d3a5ce1c02cc274359
                        • Opcode Fuzzy Hash: 3c1e0179b5075f45df12b398ec391808b8d2f1e7a16a5d1bec5683dd9427006f
                        • Instruction Fuzzy Hash: 174117715083019FD320EF25CC45BABB3E8BF88314F10492EF55997252D7B8E9458BA9
                        APIs
                        • MoveWindow.USER32(?,?,?,?,?,00000000), ref: 0044890A
                        • SendMessageW.USER32(?,00000469,?,00000000), ref: 00448920
                        • EnableWindow.USER32(004A83D8,00000000), ref: 00448BAB
                        • EnableWindow.USER32(004A83D8,00000001), ref: 00448BC1
                        • ShowWindow.USER32(004A83D8,00000000,004A83D8,?,?), ref: 00448C37
                        • ShowWindow.USER32(004A83D8,00000004,004A83D8), ref: 00448C43
                        • EnableWindow.USER32(004A83D8,00000001), ref: 00448C58
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: Window$Enable$Show$MessageMoveSend
                        • String ID:
                        • API String ID: 896007046-0
                        • Opcode ID: 440e8810410bf42a4c8e03fd117b8fd843bde7e89b0e2674ab81ad81c9f8ea0f
                        • Instruction ID: 0809a8548e22334437b8974569d6adfa08582830463fbdb99c3481629354d751
                        • Opcode Fuzzy Hash: 440e8810410bf42a4c8e03fd117b8fd843bde7e89b0e2674ab81ad81c9f8ea0f
                        • Instruction Fuzzy Hash: 63419E746043419FF7248B24C884B6FB7A1FB99305F18886EF98197391DA78A845CB59
                        APIs
                        • SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 0044140E
                        • GetWindowLongW.USER32(?,000000F0), ref: 00441452
                        • GetWindowLongW.USER32(?,000000F0), ref: 00441493
                        • SendMessageW.USER32(009D1B70,000000F1,00000000,00000000), ref: 004414C6
                        • SendMessageW.USER32(009D1B70,000000F1,00000001,00000000), ref: 004414F1
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: MessageSend$LongWindow
                        • String ID:
                        • API String ID: 312131281-0
                        • Opcode ID: ed470013e842d905752aa6f8daaa5f1d8e955df317e7b96a507e5c494099af20
                        • Instruction ID: f6a862a32ccfd92e4f153a1965fa7dc80102ffdb8abe4b8a046001f82176c48d
                        • Opcode Fuzzy Hash: ed470013e842d905752aa6f8daaa5f1d8e955df317e7b96a507e5c494099af20
                        • Instruction Fuzzy Hash: 2F416A347442019FE720CF58DCC4F6A77A5FB8A754F24416AE5519B3B1CB75AC82CB48
                        APIs
                        • _memset.LIBCMT ref: 004484C4
                        • GetMenuItemInfoW.USER32(?,?,00000000,004A83D8), ref: 00448562
                        • IsMenu.USER32(?), ref: 0044857B
                        • InsertMenuItemW.USER32(?,?,00000001,004A83D8), ref: 004485D0
                        • DrawMenuBar.USER32 ref: 004485E4
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: Menu$Item$DrawInfoInsert_memset
                        • String ID: 0
                        • API String ID: 3866635326-4108050209
                        • Opcode ID: 42a201a1e731261e29c9ff9b40de176b55a78da0b06957c9f64dc5096dc7767a
                        • Instruction ID: c1b4c65bd9dbf201e14e83578cc8030a3c247867dd5f1e451e409e2153a24926
                        • Opcode Fuzzy Hash: 42a201a1e731261e29c9ff9b40de176b55a78da0b06957c9f64dc5096dc7767a
                        • Instruction Fuzzy Hash: 9F417F75604341AFE710CF45C984B6BB7E4FB89304F14881EFA554B391DBB4E849CB5A
                        APIs
                        • InterlockedIncrement.KERNEL32 ref: 0047247C
                        • InterlockedDecrement.KERNEL32(004A7CAC), ref: 00472491
                        • Sleep.KERNEL32(0000000A), ref: 00472499
                        • InterlockedIncrement.KERNEL32(004A7CAC), ref: 004724A4
                        • InterlockedDecrement.KERNEL32(004A7CAC), ref: 00472599
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: Interlocked$DecrementIncrement$Sleep
                        • String ID: 0vH
                        • API String ID: 327565842-3662162768
                        • Opcode ID: bfb173672284e31ba0a3017bb0c7d670cf276827bd066f711b3c3b49063f60eb
                        • Instruction ID: 7246262c18bb701d5349304b0e2d21290bf7c9637501dd5a114e6955e8e78370
                        • Opcode Fuzzy Hash: bfb173672284e31ba0a3017bb0c7d670cf276827bd066f711b3c3b49063f60eb
                        • Instruction Fuzzy Hash: 9631D2329082259BD710DF28DD41A8A77A5EB95324F05483EFD08FB251DB78EC498BED
                        APIs
                        • SendMessageW.USER32(?,00000401,?,00000000), ref: 00448B16
                        • GetFocus.USER32 ref: 00448B1C
                        • EnableWindow.USER32(004A83D8,00000000), ref: 00448BAB
                        • EnableWindow.USER32(004A83D8,00000001), ref: 00448BC1
                        • ShowWindow.USER32(004A83D8,00000000,004A83D8,?,?), ref: 00448C37
                        • ShowWindow.USER32(004A83D8,00000004,004A83D8), ref: 00448C43
                        • EnableWindow.USER32(004A83D8,00000001), ref: 00448C58
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: Window$Enable$Show$FocusMessageSend
                        • String ID:
                        • API String ID: 3429747543-0
                        • Opcode ID: f5aca3f6d68f8169105ace43209457086b036621b25274999c7621d4cb9b91fc
                        • Instruction ID: 96ed947056310062a3fa6d2350adc65d304252fdbf70c479ab88671ed4e09c2c
                        • Opcode Fuzzy Hash: f5aca3f6d68f8169105ace43209457086b036621b25274999c7621d4cb9b91fc
                        • Instruction Fuzzy Hash: FC31B4706443819BF7248E14C8C4BAFB7D0EB95745F04492EF981A6291DBA89845C719
                        APIs
                        • LoadStringW.USER32(?,00000065,?,0000007F), ref: 0042A9B0
                          • Part of subcall function 004021E0: _wcslen.LIBCMT ref: 004021F2
                        • _memset.LIBCMT ref: 00401C62
                        • _wcsncpy.LIBCMT ref: 00401CA1
                        • _wcscpy.LIBCMT ref: 00401CBD
                        • Shell_NotifyIconW.SHELL32(00000001,?), ref: 00401CCF
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: IconLoadNotifyShell_String_memset_wcscpy_wcslen_wcsncpy
                        • String ID: Line:
                        • API String ID: 1620655955-1585850449
                        • Opcode ID: b1e388f5f21e32c190c1b7412400e6ffb6374e41c1d48bdcdb7aece10813d053
                        • Instruction ID: a4e7cf3abc31881c2b93aaae0beefbbd48c64772eea77d32b53e92a0700a02c6
                        • Opcode Fuzzy Hash: b1e388f5f21e32c190c1b7412400e6ffb6374e41c1d48bdcdb7aece10813d053
                        • Instruction Fuzzy Hash: 7431D47151C301ABD324EB11DC41BDB77E8AF94314F04493FF989521A1DB78AA49C79B
                        APIs
                        • SetErrorMode.KERNEL32(00000001), ref: 0045D32F
                        • GetVolumeInformationW.KERNEL32(?,?,000000FF,?,?,?,?,000000FF,?), ref: 0045D3B3
                        • __swprintf.LIBCMT ref: 0045D3CC
                        • SetErrorMode.KERNEL32(?,00000001,00000000), ref: 0045D416
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: ErrorMode$InformationVolume__swprintf
                        • String ID: %lu$HH
                        • API String ID: 3164766367-3924996404
                        • Opcode ID: bd20e614eacc1ec6e7ce8a240dc663141bf9142d6fc10aee8c7bf862d4d2af0b
                        • Instruction ID: e4de0c6df68350460ad5232616e5185c9d799459bd1b640414cfcbd8d86849a8
                        • Opcode Fuzzy Hash: bd20e614eacc1ec6e7ce8a240dc663141bf9142d6fc10aee8c7bf862d4d2af0b
                        • Instruction Fuzzy Hash: 85314A716083019BC310EF55D941A5BB7E4FF88704F40892EFA4597292D774EA09CB9A
                        APIs
                        • SendMessageW.USER32(00000000,00002001,00000000,FF000000), ref: 00450E24
                        • SendMessageW.USER32(00000000,00000409,00000000,FF000000), ref: 00450E35
                        • SendMessageW.USER32(?,00000402,00000000,00000000), ref: 00450E43
                        • SendMessageW.USER32(?,00000401,00000000,00640000), ref: 00450E54
                        • SendMessageW.USER32(00000000,00000404,00000001,00000000), ref: 00450E62
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: MessageSend
                        • String ID: Msctls_Progress32
                        • API String ID: 3850602802-3636473452
                        • Opcode ID: 42656bfbb5a190feb894f1e63281698c22ff60bbec02a0e57f9bf8616b6fd2a5
                        • Instruction ID: b51c377fab27852337593a8f268aff884918310fa347e0537580fa9f3b853d23
                        • Opcode Fuzzy Hash: 42656bfbb5a190feb894f1e63281698c22ff60bbec02a0e57f9bf8616b6fd2a5
                        • Instruction Fuzzy Hash: 2C2121712543007AE7209A65DC42F5BB3E9AFD8B24F214A0EF754B72D1C6B4F8418B58
                        APIs
                        • ___set_flsgetvalue.LIBCMT ref: 00415737
                        • __calloc_crt.LIBCMT ref: 00415743
                        • __getptd.LIBCMT ref: 00415750
                        • CreateThread.KERNEL32(00000000,?,0041568B,00000000,00000004,00000000), ref: 00415776
                        • ResumeThread.KERNEL32(00000000,?,?,?,?,?,?,00000000), ref: 00415786
                        • GetLastError.KERNEL32(?,?,?,?,?,?,00000000), ref: 00415791
                        • __dosmaperr.LIBCMT ref: 004157A9
                          • Part of subcall function 00417F23: __getptd_noexit.LIBCMT ref: 00417F23
                          • Part of subcall function 00417EBB: __decode_pointer.LIBCMT ref: 00417EC6
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: Thread$CreateErrorLastResume___set_flsgetvalue__calloc_crt__decode_pointer__dosmaperr__getptd__getptd_noexit
                        • String ID:
                        • API String ID: 1269668773-0
                        • Opcode ID: 0d7b65c6ab38dbefdfd62d93c8bf275ac45e934a4136d591895be9c5171332a1
                        • Instruction ID: 083f1b3d72dc2b4e3073d7627409da2efaae6cca9fbdfa2eb2c15b7cb2a145f7
                        • Opcode Fuzzy Hash: 0d7b65c6ab38dbefdfd62d93c8bf275ac45e934a4136d591895be9c5171332a1
                        • Instruction Fuzzy Hash: 4511E672501604EFC720AF76DC868DF7BA4EF80334F21412FF525922D1DB788981966D
                        APIs
                          • Part of subcall function 00438FE4: GetProcessHeap.KERNEL32(00000008,0000000C,0043910A,00000000,00000000,00000000,0044646E,?,?,?), ref: 00438FE8
                          • Part of subcall function 00438FE4: HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00438FEF
                        • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,00000000,00000000,00000000,0044646E,?,?,?), ref: 00439119
                        • GetCurrentProcess.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00439123
                        • DuplicateHandle.KERNEL32(00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 0043912C
                        • GetCurrentProcess.KERNEL32(00000008,00000000,00000000,00000002,?,00000000,?,?,?,?,?,?,?,?,?,?), ref: 00439138
                        • GetCurrentProcess.KERNEL32(?,00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00439142
                        • DuplicateHandle.KERNEL32(00000000,?,00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 00439145
                        • CreateThread.KERNEL32(00000000,00000000,004390C2,00000000,00000000,00000000), ref: 0043915E
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: Process$Current$DuplicateHandleHeap$AllocCreateThread
                        • String ID:
                        • API String ID: 1957940570-0
                        • Opcode ID: ae016cd78919e3da0d3d218cc031d8d4f693afb8d34ff927aa47fd3b6f506194
                        • Instruction ID: b388a4287fabc35bf2088fa38ebc9459a42e34e8a642192e1b63b89709cb9be3
                        • Opcode Fuzzy Hash: ae016cd78919e3da0d3d218cc031d8d4f693afb8d34ff927aa47fd3b6f506194
                        • Instruction Fuzzy Hash: 3BF0CD753413007BD220EB65DC86F5BB7A8EBC9B10F118919F6049B1D1C6B4A800CB65
                        APIs
                        • ___set_flsgetvalue.LIBCMT ref: 00415690
                          • Part of subcall function 00416A84: TlsGetValue.KERNEL32(00411739,00416C10,?,00411739,00417F28,00413979,?,?,00411739,?,00401C0B), ref: 00416A8D
                          • Part of subcall function 00416A84: __decode_pointer.LIBCMT ref: 00416A9F
                          • Part of subcall function 00416A84: TlsSetValue.KERNEL32(00000000,00411739,00417F28,00413979,?,?,00411739,?,00401C0B), ref: 00416AAE
                        • ___fls_getvalue@4.LIBCMT ref: 0041569B
                          • Part of subcall function 00416A64: TlsGetValue.KERNEL32(?,?,004140F1,00000000), ref: 00416A72
                        • ___fls_setvalue@8.LIBCMT ref: 004156AD
                          • Part of subcall function 00416AB8: __decode_pointer.LIBCMT ref: 00416AC9
                        • GetLastError.KERNEL32(00000000,?,00000000), ref: 004156B6
                        • ExitThread.KERNEL32 ref: 004156BD
                        • __freefls@4.LIBCMT ref: 004156D9
                        • __IsNonwritableInCurrentImage.LIBCMT ref: 004156EC
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: Value$__decode_pointer$CurrentErrorExitImageLastNonwritableThread___fls_getvalue@4___fls_setvalue@8___set_flsgetvalue__freefls@4
                        • String ID:
                        • API String ID: 4166825349-0
                        • Opcode ID: 185d0aae8fe32bab84a079219336c355dd614541d1aff55515eff8c05f91681e
                        • Instruction ID: 1015f584654e325efa3cacb901eba7c9ae2b5aefa54885f90b4e6d99173acdac
                        • Opcode Fuzzy Hash: 185d0aae8fe32bab84a079219336c355dd614541d1aff55515eff8c05f91681e
                        • Instruction Fuzzy Hash: 14F049745007009BD704BF72DD159DE7B69AF85345761C85FB80897222DA3DC9C1CB9C
                        APIs
                        • LoadLibraryA.KERNEL32(advapi32.dll,p#D,0043415E,p#D,?,00442370,?), ref: 00434134
                        • GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 00434146
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: AddressLibraryLoadProc
                        • String ID: RegDeleteKeyExW$advapi32.dll$p#D$p#D
                        • API String ID: 2574300362-3261711971
                        • Opcode ID: 3da92f374f37a9fa7395fa6ef73d3af1d379715eec5b41da1672ebd70bf57acc
                        • Instruction ID: cb82693085896f9455b4638215a98dd7e3cb824177552166877179ce6000b7c2
                        • Opcode Fuzzy Hash: 3da92f374f37a9fa7395fa6ef73d3af1d379715eec5b41da1672ebd70bf57acc
                        • Instruction Fuzzy Hash: D8D05EB0400B039FCB105F24D8086AB76F4EB68700F208C2EF989A3750C7B8E8C0CB68
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: c82efa3070467c2623ec738b5b2be2cd760763614a3dd1863134219050ad48d5
                        • Instruction ID: be39947db1ffbcb7075193c31d102fc15fe4f6af8d23ce90efbce3d2b6a77a88
                        • Opcode Fuzzy Hash: c82efa3070467c2623ec738b5b2be2cd760763614a3dd1863134219050ad48d5
                        • Instruction Fuzzy Hash: 4BF16D71108740AFD210DB59C880EABB7F9EFCA744F10891EF69983261D735AC45CBAA
                        APIs
                        • GetClientRect.USER32(?,?), ref: 00433724
                        • GetWindowRect.USER32(00000000,?), ref: 00433757
                        • GetClientRect.USER32(0000001D,?), ref: 004337AC
                        • GetSystemMetrics.USER32(0000000F), ref: 00433800
                        • GetWindowRect.USER32(?,?), ref: 00433814
                        • ScreenToClient.USER32(?,?), ref: 00433842
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: Rect$Client$Window$MetricsScreenSystem
                        • String ID:
                        • API String ID: 3220332590-0
                        • Opcode ID: 3d0204db3781b081fd3de6a8efec2d06c6e501bf89adf1cf9fb69463b8de8f3e
                        • Instruction ID: 40e56d112be44df416332e5c874318f33691c6b0c201ea6c9f9086adb5117cf0
                        • Opcode Fuzzy Hash: 3d0204db3781b081fd3de6a8efec2d06c6e501bf89adf1cf9fb69463b8de8f3e
                        • Instruction Fuzzy Hash: E9A126B42147028AC324CF68C5847ABBBF1FF98715F04991EE9D983360E775E908CB5A
                        APIs
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: _malloc_wcslen$_strcat_wcscpy
                        • String ID:
                        • API String ID: 1612042205-0
                        • Opcode ID: b8a3413a850b3e9d022a14bc02158d0a95917de16b2476bc53e0af5cb97ab780
                        • Instruction ID: 39b6431fb86a1cae222df6ecce28f21653e085caad8de22f1e35678e4483a9b6
                        • Opcode Fuzzy Hash: b8a3413a850b3e9d022a14bc02158d0a95917de16b2476bc53e0af5cb97ab780
                        • Instruction Fuzzy Hash: CD613B70504202EFCB10EF29D58096AB3E5FF48305B50496EF8859B306D738EE59DB9A
                        APIs
                        • GetKeyboardState.USER32(?,?,00000001,00000001,?,00000000), ref: 0044C588
                        • SetKeyboardState.USER32(00000080), ref: 0044C59B
                        • PostMessageW.USER32(?,00000104,?,?), ref: 0044C5EC
                        • PostMessageW.USER32(?,00000100,?,?), ref: 0044C610
                        • PostMessageW.USER32(?,00000102,?,00000001), ref: 0044C637
                        • SendInput.USER32 ref: 0044C6E2
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: MessagePost$KeyboardState$InputSend
                        • String ID:
                        • API String ID: 2221674350-0
                        • Opcode ID: 061e63fcf1402e721e52ee56d2f22f81c2cbe03cfd8f861d8ff00d299370d474
                        • Instruction ID: 3a634557d1668dba9f4fbb3ffee1259adddcddb7f3fce46f2ce6721246940f3b
                        • Opcode Fuzzy Hash: 061e63fcf1402e721e52ee56d2f22f81c2cbe03cfd8f861d8ff00d299370d474
                        • Instruction Fuzzy Hash: A24148725053486AF760EF209C80BFFBB98EF95324F04151FFDC412281D66E984987BA
                        APIs
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: _wcscpy$_wcscat
                        • String ID:
                        • API String ID: 2037614760-0
                        • Opcode ID: 43efba16cd806b31402fe34b2becc3a5af32a5b4a383a164d4ea5773e04486ac
                        • Instruction ID: 871aa96d6b0d5f43eceffdadd72b032f7becd6ba50fbda5e2bca5dd503650597
                        • Opcode Fuzzy Hash: 43efba16cd806b31402fe34b2becc3a5af32a5b4a383a164d4ea5773e04486ac
                        • Instruction Fuzzy Hash: 7D41BD31901A256BDE317F55D880BBB7358DFA1314F84006FF98247313EA6E5892C6BE
                        APIs
                        • BeginPaint.USER32(00000000,?,004A83D8,?), ref: 00447B9D
                        • GetWindowRect.USER32(?,?), ref: 00447C1B
                        • ScreenToClient.USER32(?,?), ref: 00447C39
                        • SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 00447C4C
                        • Rectangle.GDI32(00000000,00000000,00000000,?,?), ref: 00447C93
                        • EndPaint.USER32(?,?), ref: 00447CD1
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: Paint$BeginClientRectRectangleScreenViewportWindow
                        • String ID:
                        • API String ID: 4189319755-0
                        • Opcode ID: 37bca05dc5f282a43c1c57c3b808f61ec058395b4d713bcb6da44fc2610780a1
                        • Instruction ID: de699fe3e67e71f806f86ee7feca1bcffcb0489daa19151882f3061068cc4b26
                        • Opcode Fuzzy Hash: 37bca05dc5f282a43c1c57c3b808f61ec058395b4d713bcb6da44fc2610780a1
                        • Instruction Fuzzy Hash: D14182705043019FE320DF15C8C8F7B7BA8EB89724F04466EF9548B391DB74A846CB69
                        APIs
                        • InterlockedExchange.KERNEL32(?,000001F5), ref: 0044B490
                          • Part of subcall function 0041171A: _malloc.LIBCMT ref: 00411734
                        • ReadFile.KERNEL32(?,?,0000FFFF,?,00000000), ref: 0044B4C2
                        • EnterCriticalSection.KERNEL32(00000000), ref: 0044B4E3
                        • LeaveCriticalSection.KERNEL32(00000000), ref: 0044B5A0
                        • ReadFile.KERNEL32(?,?,0000FFFF,?,00000000), ref: 0044B5BB
                          • Part of subcall function 0041171A: std::bad_alloc::bad_alloc.LIBCMT ref: 00411757
                          • Part of subcall function 0041171A: std::bad_exception::bad_exception.LIBCMT ref: 0041176B
                          • Part of subcall function 0041171A: __CxxThrowException@8.LIBCMT ref: 00411779
                        • InterlockedExchange.KERNEL32(?,000001F6), ref: 0044B5D1
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: CriticalExchangeFileInterlockedReadSection$EnterException@8LeaveThrow_mallocstd::bad_alloc::bad_allocstd::bad_exception::bad_exception
                        • String ID:
                        • API String ID: 1726766782-0
                        • Opcode ID: d1f4c8b32701f3515452156a35d83f93081eba70680028f938022ee8972e20b1
                        • Instruction ID: bf52b5dc2e344941501510e432fc863898df75637e45487ca8cd05157db66b41
                        • Opcode Fuzzy Hash: d1f4c8b32701f3515452156a35d83f93081eba70680028f938022ee8972e20b1
                        • Instruction Fuzzy Hash: 09415C75104701AFD320EF26D845EABB3F8EF88708F008E2DF59A92650D774E945CB6A
                        APIs
                        • ShowWindow.USER32(?,00000000,?,?,?,?,00448962,004A83D8,?,?), ref: 004410F9
                        • EnableWindow.USER32(?,00000000), ref: 0044111A
                        • ShowWindow.USER32(?,00000000,?,?,?,?,00448962,004A83D8,?,?), ref: 00441183
                        • ShowWindow.USER32(?,00000004,?,?,?,00448962,004A83D8,?,?), ref: 00441192
                        • EnableWindow.USER32(?,00000001), ref: 004411B3
                        • SendMessageW.USER32(?,0000130C,?,00000000), ref: 004411D5
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: Window$Show$Enable$MessageSend
                        • String ID:
                        • API String ID: 642888154-0
                        • Opcode ID: c853c7407bbaf9010c68549c691492fdcd401e5b0cb22aeb5446aebbed6f20c9
                        • Instruction ID: 824eeaafe1f931a994963cd163acc5b0ce47b26168a6fd4ee38d593e4569daee
                        • Opcode Fuzzy Hash: c853c7407bbaf9010c68549c691492fdcd401e5b0cb22aeb5446aebbed6f20c9
                        • Instruction Fuzzy Hash: 14417770604245DFE725CF14C984FA6B7E5BF89300F1886AEE6859B3B2CB74A881CB55
                        APIs
                        • SendMessageW.USER32(00000000,00001024,00000000,?), ref: 004490E3
                        • SendMessageW.USER32(00000000,00000409,00000000,?), ref: 004490F8
                        • SendMessageW.USER32(00000000,0000111E,00000000,?), ref: 0044910D
                        • InvalidateRect.USER32(?,00000000,00000001), ref: 00449124
                        • GetWindowLongW.USER32(00000000,000000F0), ref: 0044912F
                        • SetWindowLongW.USER32(00000000,000000F0,00000000), ref: 0044913C
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: MessageSend$LongWindow$InvalidateRect
                        • String ID:
                        • API String ID: 1976402638-0
                        • Opcode ID: 2b574cf222373ea94a5f8b1e2da5d15417ee742d7ff148607d59a4e94613559a
                        • Instruction ID: 8b80d2acd15126bdfc8b54909556444574c0e56a9806921f1e0b477f33817628
                        • Opcode Fuzzy Hash: 2b574cf222373ea94a5f8b1e2da5d15417ee742d7ff148607d59a4e94613559a
                        • Instruction Fuzzy Hash: F231B476244202AFF224DF04DC89FBBB7A9F785321F14492EF291973D0CA75AC469729
                        APIs
                        • GetForegroundWindow.USER32 ref: 00442597
                          • Part of subcall function 004344B7: GetWindowRect.USER32(?,?), ref: 004344D3
                        • GetDesktopWindow.USER32 ref: 004425BF
                        • GetWindowRect.USER32(00000000), ref: 004425C6
                        • mouse_event.USER32(00008001,?,?,?,?), ref: 004425F5
                          • Part of subcall function 00436272: Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,0044269D,0000000A), ref: 00436287
                        • GetCursorPos.USER32(?), ref: 00442624
                        • mouse_event.USER32(00008001,?,?,00000000,00000000), ref: 00442690
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: Window$Rectmouse_event$CursorDesktopForegroundSleep
                        • String ID:
                        • API String ID: 4137160315-0
                        • Opcode ID: 9bf1d5af4d3523281d87c855d40d0150606dc562a9e0308dc2a2f88b36285eae
                        • Instruction ID: 1581b522c3ee05a339ffa1fd07f9e8cd23967deed6539873686ea33d82c69dd2
                        • Opcode Fuzzy Hash: 9bf1d5af4d3523281d87c855d40d0150606dc562a9e0308dc2a2f88b36285eae
                        • Instruction Fuzzy Hash: 7C31C1B2104306ABD310DF54CD85E6BB7E9FB98304F004A2EF94597281E675E9058BA6
                        APIs
                        • SendMessageW.USER32(?,000000F1,?,00000000), ref: 0044886C
                        • EnableWindow.USER32(004A83D8,00000000), ref: 00448BAB
                        • EnableWindow.USER32(004A83D8,00000001), ref: 00448BC1
                        • ShowWindow.USER32(004A83D8,00000000,004A83D8,?,?), ref: 00448C37
                        • ShowWindow.USER32(004A83D8,00000004,004A83D8), ref: 00448C43
                        • EnableWindow.USER32(004A83D8,00000001), ref: 00448C58
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: Window$Enable$Show$MessageSend
                        • String ID:
                        • API String ID: 1871949834-0
                        • Opcode ID: 703f0702a5e3ae6889c0b2c4cbd553a5347372704319c0c884d711360b5070ea
                        • Instruction ID: fbfed122d4da650e42f877d7e8bff2bfe9b33138fa51555fe8345b8bcc16d821
                        • Opcode Fuzzy Hash: 703f0702a5e3ae6889c0b2c4cbd553a5347372704319c0c884d711360b5070ea
                        • Instruction Fuzzy Hash: A731F3B07443819BF7248E14C8C4BAFB7D0AB95345F08482EF981A63D1DBAC9846872A
                        APIs
                        • _memset.LIBCMT ref: 0044961A
                        • SendMessageW.USER32 ref: 0044964A
                          • Part of subcall function 00433A98: _wcspbrk.LIBCMT ref: 00433AAC
                        • SendMessageW.USER32(?,00001074,?,00000001), ref: 004496AC
                        • _wcslen.LIBCMT ref: 004496BA
                        • _wcslen.LIBCMT ref: 004496C7
                        • SendMessageW.USER32(?,00001074,?,?), ref: 004496FD
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: MessageSend$_wcslen$_memset_wcspbrk
                        • String ID:
                        • API String ID: 1624073603-0
                        • Opcode ID: 3158986b153f08837b9b71a8f77f3cc169978b1c24ba43a32ffefb24081b9654
                        • Instruction ID: 7e49a266cf7116299f7bc8659d1ce07b00adedb8b3f1b428e1954e4b11147a1e
                        • Opcode Fuzzy Hash: 3158986b153f08837b9b71a8f77f3cc169978b1c24ba43a32ffefb24081b9654
                        • Instruction Fuzzy Hash: B631CA71508300AAE720DF15DC81BEBB7D4EBD4720F504A1FFA54862D0EBBAD945C7A6
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 8dc28afdcb3e23db499faf1906c1cec9916ddd90de084288035f36419de8ba35
                        • Instruction ID: 0263b137e1f68684b0dae4bb7f633391a2f723f0f4072b7ce39308acd6c8c458
                        • Opcode Fuzzy Hash: 8dc28afdcb3e23db499faf1906c1cec9916ddd90de084288035f36419de8ba35
                        • Instruction Fuzzy Hash: 31219272245110ABE7108B68DCC4B6F7798EB96374F240A3AF512C61E1EA7998C1C769
                        APIs
                        • MoveWindow.USER32(?,?,?,?,?,00000000), ref: 004555AD
                        • DestroyWindow.USER32(?,?,?,?,?), ref: 00455640
                        • DeleteObject.GDI32(?), ref: 0045564E
                        • DeleteObject.GDI32(?), ref: 0045565C
                        • DestroyIcon.USER32(?,?,?,?,?), ref: 0045566A
                        • DestroyWindow.USER32(?,?,?,?,?), ref: 00455678
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: DestroyWindow$DeleteObject$IconMove
                        • String ID:
                        • API String ID: 1640429340-0
                        • Opcode ID: da39536b61dc90218e8938c0c8165bcff49a91d8f884d8405ba8ed69dafdd4fa
                        • Instruction ID: 2ee25f48dcb0ad8048bc4d9c922f6cac320a9d705fdb810e808868a6102f62dc
                        • Opcode Fuzzy Hash: da39536b61dc90218e8938c0c8165bcff49a91d8f884d8405ba8ed69dafdd4fa
                        • Instruction Fuzzy Hash: 05312770200A419FD724DF24C998B3A73F9FB44312F4485AAE945CB266E778EC49CB69
                        APIs
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: Destroy$DeleteMenuObject$IconWindow
                        • String ID:
                        • API String ID: 752480666-0
                        • Opcode ID: e2db828b4da75c1988a3618645d7ad87c2567147b1e4a2a373431826dce2281b
                        • Instruction ID: bf467a0aa8f060071afd9cdae546a2eb92d9c059e8a57ac1e588bb5f3fc3a395
                        • Opcode Fuzzy Hash: e2db828b4da75c1988a3618645d7ad87c2567147b1e4a2a373431826dce2281b
                        • Instruction Fuzzy Hash: 26215E30200A019FC724DF24D5E8B7AB7A9FB44312F50855EED498B392CB39EC89CB59
                        APIs
                        • DestroyWindow.USER32(00000000), ref: 0045527A
                        • ImageList_Destroy.COMCTL32(?), ref: 0045528C
                        • DeleteObject.GDI32(?), ref: 0045564E
                        • DeleteObject.GDI32(?), ref: 0045565C
                        • DestroyIcon.USER32(?,?,?,?,?), ref: 0045566A
                        • DestroyWindow.USER32(?,?,?,?,?), ref: 00455678
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: Destroy$DeleteObjectWindow$IconImageList_
                        • String ID:
                        • API String ID: 3275902921-0
                        • Opcode ID: 9ca718b8a23ef3076e20a4bf5a66fd8e296fb8dfd37af4e8726ba93a3cadf818
                        • Instruction ID: c357af2a313eda44c34a26cb015c973203dd8f66e4d80e74dc1abfaeb9ce60f9
                        • Opcode Fuzzy Hash: 9ca718b8a23ef3076e20a4bf5a66fd8e296fb8dfd37af4e8726ba93a3cadf818
                        • Instruction Fuzzy Hash: 2D217E70604A019BC714DF79D99466AB7A5BF44311F40856EF919CB342DB38E849CF68
                        APIs
                        • GetCurrentProcess.KERNEL32(0000000A,?,?,?,?,?,00446540,?,?,?,?,?,?,?,?,?), ref: 0043935D
                        • OpenProcessToken.ADVAPI32(00000000,?,00000000,00464227,00000000,?,?,?,?,?,?,?,?), ref: 00439364
                        • CreateEnvironmentBlock.USERENV(?,?,00000001,?,00000000,00464227,00000000,?,?,?,?,?,?,?,?), ref: 00439376
                        • CloseHandle.KERNEL32(?,?,00000000,00464227,00000000,?,?,?,?,?,?,?,?), ref: 00439383
                        • CreateProcessWithLogonW.ADVAPI32(?,?,?,00000000,00000000,?,?,?,?,?,?), ref: 004393C0
                        • DestroyEnvironmentBlock.USERENV(?,?,00000000,00464227,00000000,?,?,?,?,?,?,?,?), ref: 004393D4
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: Process$BlockCreateEnvironment$CloseCurrentDestroyHandleLogonOpenTokenWith
                        • String ID:
                        • API String ID: 1413079979-0
                        • Opcode ID: 1d720b0393062126ad9b64f1bf0a3b497d62ac8a089cd0237a290436ac7c4432
                        • Instruction ID: 8c652321442b38080740e7d333ba663a52d3460857ef2618669649d87ea194c0
                        • Opcode Fuzzy Hash: 1d720b0393062126ad9b64f1bf0a3b497d62ac8a089cd0237a290436ac7c4432
                        • Instruction Fuzzy Hash: 7B2150B2208300ABD314CB65D854EABB7EDEBCD754F084E1DF989A3250C7B4E901CB25
                        APIs
                        • ___set_flsgetvalue.LIBCMT ref: 0041418F
                        • __calloc_crt.LIBCMT ref: 0041419B
                        • __getptd.LIBCMT ref: 004141A8
                        • CreateThread.KERNEL32(?,?,004140DB,00000000,?,?), ref: 004141DF
                        • GetLastError.KERNEL32(?,?,?,?,?,?,00000000), ref: 004141E9
                        • __dosmaperr.LIBCMT ref: 00414201
                          • Part of subcall function 00417F23: __getptd_noexit.LIBCMT ref: 00417F23
                          • Part of subcall function 00417EBB: __decode_pointer.LIBCMT ref: 00417EC6
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: CreateErrorLastThread___set_flsgetvalue__calloc_crt__decode_pointer__dosmaperr__getptd__getptd_noexit
                        • String ID:
                        • API String ID: 1803633139-0
                        • Opcode ID: 375e199de8660ccece12c72eed21f404e356b520747db73c6127e63f80a42fd2
                        • Instruction ID: ec3febacf030228bba34671a5a373aa86179f0c9a00f1e1343e4adce14cbcb36
                        • Opcode Fuzzy Hash: 375e199de8660ccece12c72eed21f404e356b520747db73c6127e63f80a42fd2
                        • Instruction Fuzzy Hash: 1311DD72504209BFCB10AFA5DC828DF7BA8EF44368B20446EF50193151EB39C9C18A68
                        APIs
                        • ImageList_Destroy.COMCTL32(?), ref: 004555E8
                        • DestroyWindow.USER32(?,?,?,?,?), ref: 00455640
                        • DeleteObject.GDI32(?), ref: 0045564E
                        • DeleteObject.GDI32(?), ref: 0045565C
                        • DestroyIcon.USER32(?,?,?,?,?), ref: 0045566A
                        • DestroyWindow.USER32(?,?,?,?,?), ref: 00455678
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: Destroy$DeleteObjectWindow$IconImageList_
                        • String ID:
                        • API String ID: 3275902921-0
                        • Opcode ID: 9bb8e3ba902fb320eab333f0308ec6d2a7ed81620e332b79689394e938adb37d
                        • Instruction ID: 9e206caaed87a4944845468030bda76e3f946505fe2e652cce1cc100bc4c7c20
                        • Opcode Fuzzy Hash: 9bb8e3ba902fb320eab333f0308ec6d2a7ed81620e332b79689394e938adb37d
                        • Instruction Fuzzy Hash: BE2141702006409FCB25DF25C994A2B77A9FF44312F80856EED49CB352DB39EC4ACB59
                        APIs
                        • SendMessageW.USER32 ref: 004554DF
                        • SendMessageW.USER32(?,00001008,00000000,00000000), ref: 004554FA
                        • DeleteObject.GDI32(?), ref: 0045564E
                        • DeleteObject.GDI32(?), ref: 0045565C
                        • DestroyIcon.USER32(?,?,?,?,?), ref: 0045566A
                        • DestroyWindow.USER32(?,?,?,?,?), ref: 00455678
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: DeleteDestroyMessageObjectSend$IconWindow
                        • String ID:
                        • API String ID: 3691411573-0
                        • Opcode ID: 72621546fc85f43182a2d7aa0f69f9d8a5c0b98b4bf428e1f87a25fd8cd6fa89
                        • Instruction ID: 46bf5c356378f1810468ef4d8dfe2f1c399e91f4bdd480ef4a2643e810f8fbb4
                        • Opcode Fuzzy Hash: 72621546fc85f43182a2d7aa0f69f9d8a5c0b98b4bf428e1f87a25fd8cd6fa89
                        • Instruction Fuzzy Hash: 8B1108713047419BC710DF68DDC8B2A77A8BB14322F400A6AFD14DB2D2D778DC498769
                        APIs
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: _wcslen$_wcstok$ExtentPoint32Text
                        • String ID:
                        • API String ID: 1814673581-0
                        • Opcode ID: cf50433860b5c5ee623566781d9083cc0ce59c581d7d4fe1355e753f7016059c
                        • Instruction ID: 25d714350c6a951fb861184d208c8546153e966ae5ec0a2422e5c8358eb53325
                        • Opcode Fuzzy Hash: cf50433860b5c5ee623566781d9083cc0ce59c581d7d4fe1355e753f7016059c
                        • Instruction Fuzzy Hash: F60125B19053126BC6209F95DC42B5BB7E8EF45760F11842AFD04E3340D7F8E84483EA
                        APIs
                        • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,0044269D,0000000A), ref: 00436287
                        • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,0044269D,0000000A), ref: 004362A7
                        • QueryPerformanceFrequency.KERNEL32(?,?,?,?,?,?,?,?,?,0044269D,0000000A), ref: 004362B2
                        • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,0044269D,0000000A), ref: 004362BA
                        • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,0044269D,0000000A), ref: 004362C5
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: PerformanceQuery$CounterSleep$Frequency
                        • String ID:
                        • API String ID: 2833360925-0
                        • Opcode ID: ce9720f61a9ee9538873cf1403cb39b7711a51cb3deac7b7aa4b9b4cf2db8b86
                        • Instruction ID: c21ea81f2c38402705b15ef58ab4919efdb6e4f3ef0ac894e378511a69de5cf2
                        • Opcode Fuzzy Hash: ce9720f61a9ee9538873cf1403cb39b7711a51cb3deac7b7aa4b9b4cf2db8b86
                        • Instruction Fuzzy Hash: C411D031909306ABC700EF19DA8499FB7E4FFCCB11F828D2DF98592210D734C9498B96
                        APIs
                          • Part of subcall function 0044710F: DeleteObject.GDI32(00000000), ref: 00447151
                          • Part of subcall function 0044710F: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,00000000,?,?,?), ref: 00447195
                          • Part of subcall function 0044710F: SelectObject.GDI32(?,00000000), ref: 004471A2
                          • Part of subcall function 0044710F: BeginPath.GDI32(?), ref: 004471B7
                          • Part of subcall function 0044710F: SelectObject.GDI32(?,00000000), ref: 004471DC
                        • MoveToEx.GDI32(?,?,?,00000000), ref: 0044721F
                        • LineTo.GDI32(?,?,?), ref: 00447227
                        • MoveToEx.GDI32(?,?,?,00000000), ref: 00447235
                        • LineTo.GDI32(?,?,?), ref: 0044723D
                        • EndPath.GDI32(?), ref: 0044724E
                        • StrokePath.GDI32(?), ref: 0044725C
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: ObjectPath$LineMoveSelect$BeginCreateDeleteStroke
                        • String ID:
                        • API String ID: 372113273-0
                        • Opcode ID: 902a14e142be2de25a3bb197ce65ea465fb84dbb313772e519df98722d37df37
                        • Instruction ID: cf4011081099dc8586e946db52605055ec0608de7db987eb6b7af15cf0be2a5d
                        • Opcode Fuzzy Hash: 902a14e142be2de25a3bb197ce65ea465fb84dbb313772e519df98722d37df37
                        • Instruction Fuzzy Hash: B7018F36105264BBE2119750EC4AF9FBBACEF8A710F14451DF70156191C7F42A0587BD
                        APIs
                        • MapVirtualKeyW.USER32(0000005B,00000000), ref: 0041098F
                        • MapVirtualKeyW.USER32(00000010,00000000), ref: 00410997
                        • MapVirtualKeyW.USER32(000000A0,00000000), ref: 004109A2
                        • MapVirtualKeyW.USER32(000000A1,00000000), ref: 004109AD
                        • MapVirtualKeyW.USER32(00000011,00000000), ref: 004109B5
                        • MapVirtualKeyW.USER32(00000012,00000000), ref: 004109BD
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: Virtual
                        • String ID:
                        • API String ID: 4278518827-0
                        • Opcode ID: 067efc0be0420d5e011611900d1cbcbd564411b72165316cb005851f0732894c
                        • Instruction ID: 14dd698fb88c41d3cb2937c08abaa7ad6cdafd80764dd657d9f2199fb51feb0a
                        • Opcode Fuzzy Hash: 067efc0be0420d5e011611900d1cbcbd564411b72165316cb005851f0732894c
                        • Instruction Fuzzy Hash: 52112A6118ABC4ADD3329F694854A87FFE45FB6304F484A8ED1D607A43C195A60CCBBA
                        APIs
                        • GetDC.USER32(00000000), ref: 0044CBEF
                        • GetDeviceCaps.GDI32(00000000,00000058), ref: 0044CC00
                        • GetDeviceCaps.GDI32(00000000,0000005A), ref: 0044CC09
                        • ReleaseDC.USER32(00000000,00000000), ref: 0044CC10
                        • MulDiv.KERNEL32(000009EC,?,?), ref: 0044CC29
                        • MulDiv.KERNEL32(000009EC,?,00000000), ref: 0044CC37
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: CapsDevice$Release
                        • String ID:
                        • API String ID: 1035833867-0
                        • Opcode ID: ae25b50e6df40ac1760f249dbc4ceec79d7598f555d49c24eefaf783d5b8ff63
                        • Instruction ID: 50bf861fd692b93b916a63282857a41227f0dfa19545bc4f0a59f576ae553c11
                        • Opcode Fuzzy Hash: ae25b50e6df40ac1760f249dbc4ceec79d7598f555d49c24eefaf783d5b8ff63
                        • Instruction Fuzzy Hash: 560184B1641314BFF6009BA1DC4AF1BBB9CEF55755F01842EFF44A7241D6B098008BA9
                        APIs
                        • InterlockedExchange.KERNEL32(0042A369,057401F8), ref: 0044B66E
                        • EnterCriticalSection.KERNEL32(0042A321), ref: 0044B67B
                        • TerminateThread.KERNEL32(?,000001F6), ref: 0044B689
                        • WaitForSingleObject.KERNEL32(?,000003E8,?,000001F6), ref: 0044B697
                          • Part of subcall function 004356CD: CloseHandle.KERNEL32(00000000,0042A365,0044B6A3,0042A365,?,000003E8,?,000001F6), ref: 004356D9
                        • InterlockedExchange.KERNEL32(0042A369,000001F6), ref: 0044B6AC
                        • LeaveCriticalSection.KERNEL32(0042A321), ref: 0044B6AF
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: CriticalExchangeInterlockedSection$CloseEnterHandleLeaveObjectSingleTerminateThreadWait
                        • String ID:
                        • API String ID: 3495660284-0
                        • Opcode ID: 7ab0c325316775d38e8d9aa2ca09049d0c02a968ddf60f226b23d446a35990e5
                        • Instruction ID: 3e278a896620ffa5fdfd5bcc44ba61fc9bc9ab212b345b13b81bb6ec37c91fca
                        • Opcode Fuzzy Hash: 7ab0c325316775d38e8d9aa2ca09049d0c02a968ddf60f226b23d446a35990e5
                        • Instruction Fuzzy Hash: E3F0F672141206BBD210AB24EE89DBFB37CFF44315F41096AF60142550CB75F811CBBA
                        APIs
                        • PostMessageW.USER32(?,00000010,00000000,00000000), ref: 00437127
                        • SendMessageTimeoutW.USER32(?,00000010,00000000,00000000,00000002,000001F4,?), ref: 00437140
                        • GetWindowThreadProcessId.USER32(?,?), ref: 00437150
                        • OpenProcess.KERNEL32(001F0FFF,00000000,?), ref: 00437162
                        • TerminateProcess.KERNEL32(00000000,00000000), ref: 0043716D
                        • CloseHandle.KERNEL32(00000000), ref: 00437174
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: Process$Message$CloseHandleOpenPostSendTerminateThreadTimeoutWindow
                        • String ID:
                        • API String ID: 839392675-0
                        • Opcode ID: 9671eea5464782d863345c1ba519a7d6af1158a8c6613e6f42f5b6706bbe0782
                        • Instruction ID: 38550948ec006cf47bed7574f40cc63f5aae242ba43c895826076912260f23cd
                        • Opcode Fuzzy Hash: 9671eea5464782d863345c1ba519a7d6af1158a8c6613e6f42f5b6706bbe0782
                        • Instruction Fuzzy Hash: 37F054352813117BE6215B109E4EFEF37A8AF49F02F104828FB41B51D0E7E469458BAE
                        APIs
                        • OpenSCManagerW.ADVAPI32(00000000,00000000,00000008,004A8E80,BC000000,00431B28,C:\Users\user\Desktop\Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exe,00000004), ref: 00436055
                        • LockServiceDatabase.ADVAPI32(00000000), ref: 00436062
                        • UnlockServiceDatabase.ADVAPI32(00000000), ref: 0043606D
                        • CloseServiceHandle.ADVAPI32(00000000), ref: 00436076
                        • GetLastError.KERNEL32 ref: 00436081
                        • CloseServiceHandle.ADVAPI32(00000000), ref: 00436091
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: Service$CloseDatabaseHandle$ErrorLastLockManagerOpenUnlock
                        • String ID:
                        • API String ID: 1690418490-0
                        • Opcode ID: 49e5e78db470eb3b31ed20f2670ed0ea18d225c835d46e40371f5509899a8be7
                        • Instruction ID: 156e5f382d75df54ba3c5c30185d6bb62b1a9e6e0194ec4ef6b9e4a62dbea0b3
                        • Opcode Fuzzy Hash: 49e5e78db470eb3b31ed20f2670ed0ea18d225c835d46e40371f5509899a8be7
                        • Instruction Fuzzy Hash: 9BE0E5319821216BC6231B30AE4DBCF3B99DB1F311F041827F701D2250CB998404DBA8
                        APIs
                          • Part of subcall function 00442C52: _wcslen.LIBCMT ref: 00442C82
                        • CoInitialize.OLE32(00000000), ref: 00475B71
                        • CoCreateInstance.OLE32(00482A50,00000000,00000001,004828B0,?), ref: 00475B8A
                        • CoUninitialize.OLE32 ref: 00475D71
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: CreateInitializeInstanceUninitialize_wcslen
                        • String ID: .lnk$HH
                        • API String ID: 886957087-3121654589
                        • Opcode ID: 75a96ccae25093af7e6917375c938c281093df7f6cda4de25b1c017a61ab28fd
                        • Instruction ID: f4d7caca580305710a2a5ca379fd8543151c5613ecc12b631d1ff665410dc3a0
                        • Opcode Fuzzy Hash: 75a96ccae25093af7e6917375c938c281093df7f6cda4de25b1c017a61ab28fd
                        • Instruction Fuzzy Hash: B0819D75604300AFD310EF65CC82F5AB3A9EF88704F50892DF658AF2D2D6B5E905CB99
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: Menu$Delete$InfoItem_memset
                        • String ID: 0
                        • API String ID: 1173514356-4108050209
                        • Opcode ID: e31d5a25326cfad936127cde49464cb56a2d17833d4ec3f4ad79405d5b41ed43
                        • Instruction ID: b3a4179b3c174fb1a3aa0d908437eb3f68f1f523a6631853a4ee88e897a1c7ed
                        • Opcode Fuzzy Hash: e31d5a25326cfad936127cde49464cb56a2d17833d4ec3f4ad79405d5b41ed43
                        • Instruction Fuzzy Hash: 31418CB55043019BD710CF19C884B5BBBE5AFC5324F148A6EFCA49B282C375E809CBA6
                        APIs
                          • Part of subcall function 00401B70: _wcslen.LIBCMT ref: 00401B71
                        • SendMessageW.USER32(?,00000188,00000000,00000000), ref: 00469368
                        • SendMessageW.USER32(00000000,0000018A,00000000,00000000), ref: 00469379
                        • SendMessageW.USER32(?,?,00000000,00000000), ref: 004693AB
                          • Part of subcall function 004021E0: _wcslen.LIBCMT ref: 004021F2
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: MessageSend$_wcslen
                        • String ID: ComboBox$ListBox
                        • API String ID: 763830540-1403004172
                        • Opcode ID: 7f2c4204b424c93c7ac22b89fbd31dfb367e10b18f94ca1fc21d6a87b04bc3c1
                        • Instruction ID: 8c71ebf423f389569590ff88e643f185c263fd61562863516bde62979c95be4e
                        • Opcode Fuzzy Hash: 7f2c4204b424c93c7ac22b89fbd31dfb367e10b18f94ca1fc21d6a87b04bc3c1
                        • Instruction Fuzzy Hash: E0210C7160020067C210BB3A9C46FAF77989B85364F09052FF959AB3D1EA7CE94A436E
                        APIs
                        • GetStdHandle.KERNEL32(?), ref: 004439B4
                          • Part of subcall function 0043569D: GetCurrentProcess.KERNEL32(0000002C,00000000,00000000,00000002,75922EE0,00000000,004437E2,?,0000002C,00000000,?,?,?), ref: 004356BD
                          • Part of subcall function 0043569D: GetCurrentProcess.KERNEL32(?,00000000,?,?,?), ref: 004356C1
                          • Part of subcall function 0043569D: DuplicateHandle.KERNEL32(00000000,?,?,?), ref: 004356C4
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: CurrentHandleProcess$Duplicate
                        • String ID: nul
                        • API String ID: 2124370227-2873401336
                        • Opcode ID: 1f0ba76bcec97c73efa3faab39b1dec00fe260a428cb25b20c1b65e4e3d5eb1c
                        • Instruction ID: e5202fea31d744cc2812a948a395a4146b23d8233fafbd02014e3d546f800e0b
                        • Opcode Fuzzy Hash: 1f0ba76bcec97c73efa3faab39b1dec00fe260a428cb25b20c1b65e4e3d5eb1c
                        • Instruction Fuzzy Hash: 8921A070104301ABE320DF28D886B9B77E4AF94B24F504E1EF9D4972D1E3B5DA54CBA6
                        APIs
                        • GetStdHandle.KERNEL32(000000F6), ref: 004438B7
                          • Part of subcall function 0043569D: GetCurrentProcess.KERNEL32(0000002C,00000000,00000000,00000002,75922EE0,00000000,004437E2,?,0000002C,00000000,?,?,?), ref: 004356BD
                          • Part of subcall function 0043569D: GetCurrentProcess.KERNEL32(?,00000000,?,?,?), ref: 004356C1
                          • Part of subcall function 0043569D: DuplicateHandle.KERNEL32(00000000,?,?,?), ref: 004356C4
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: CurrentHandleProcess$Duplicate
                        • String ID: nul
                        • API String ID: 2124370227-2873401336
                        • Opcode ID: 1c1504a6ed80816e8cc684f5e798812a6452e5ed6eae5ac994518d836d8835bd
                        • Instruction ID: 183321404fa0000a7fb955016a75d3ae5bd0bbc3c7f5d4043dd6f74a8503dfc6
                        • Opcode Fuzzy Hash: 1c1504a6ed80816e8cc684f5e798812a6452e5ed6eae5ac994518d836d8835bd
                        • Instruction Fuzzy Hash: 4E2182701002019BE210DF28DC45F9BB7E4AF54B34F204A1EF9E4962D0E7759654CB56
                        APIs
                        • SendMessageW.USER32(00000000,00000467,00000000,?), ref: 00441333
                        • LoadLibraryW.KERNEL32(?,?,?,?,0047B4D0,?,?,?,?,?,?,?,?,?,00000000), ref: 0044133A
                        • SendMessageW.USER32(?,00000467,00000000,?), ref: 00441352
                        • DestroyWindow.USER32(00000000,?,00000467,00000000,?,?,?,?,0047B4D0,?,?,?,?,?,?), ref: 0044135B
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: MessageSend$DestroyLibraryLoadWindow
                        • String ID: SysAnimate32
                        • API String ID: 3529120543-1011021900
                        • Opcode ID: 7eb070968e116bc4f0d30e0eba70c7f8d943bdaa5f5f9b6b4db71aa758301bcd
                        • Instruction ID: 28effd0bdeb99d0e0a50349a2d6ccdc4655b9339127a2247ff1827a793b197f6
                        • Opcode Fuzzy Hash: 7eb070968e116bc4f0d30e0eba70c7f8d943bdaa5f5f9b6b4db71aa758301bcd
                        • Instruction Fuzzy Hash: D0216271204301ABF7209AA5DC84F6B73ECEBD9724F104A1EF651D72E0D6B4DC818729
                        APIs
                        • PeekMessageW.USER32(00000000,00000000,00000000,00000000,00000001), ref: 0044304E
                        • TranslateMessage.USER32(?), ref: 0044308B
                        • DispatchMessageW.USER32(?), ref: 00443096
                        • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 004430AD
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: Message$Peek$DispatchTranslate
                        • String ID: *.*
                        • API String ID: 1795658109-438819550
                        • Opcode ID: a5394e60fa5dc12563cec3cf09e66162f870e5be06c650d2d1f2ad27f88770fd
                        • Instruction ID: a39ada88e739a490af96418dc0f35d82e94fc94c1e76e22fe960a83301852fb1
                        • Opcode Fuzzy Hash: a5394e60fa5dc12563cec3cf09e66162f870e5be06c650d2d1f2ad27f88770fd
                        • Instruction Fuzzy Hash: 9F2138715183419EF720DF289C80FA3B7949B60B05F008ABFF66492191E6B99608C76E
                        APIs
                          • Part of subcall function 004021E0: _wcslen.LIBCMT ref: 004021F2
                          • Part of subcall function 004389A1: SendMessageTimeoutW.USER32(00000001,00000000,00000000,00000000,00000002,00001388,004848E8), ref: 004389C0
                          • Part of subcall function 004389A1: GetWindowThreadProcessId.USER32(00000001,00000000), ref: 004389D3
                          • Part of subcall function 004389A1: GetCurrentThreadId.KERNEL32 ref: 004389DA
                          • Part of subcall function 004389A1: AttachThreadInput.USER32(00000000), ref: 004389E1
                        • GetFocus.USER32 ref: 004609EF
                          • Part of subcall function 004389EB: GetParent.USER32(?), ref: 004389F7
                          • Part of subcall function 004389EB: GetParent.USER32(?), ref: 00438A04
                        • GetClassNameW.USER32(?,?,00000100), ref: 00460A37
                        • EnumChildWindows.USER32(?,00445A31,?), ref: 00460A60
                        • __swprintf.LIBCMT ref: 00460A7A
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: Thread$Parent$AttachChildClassCurrentEnumFocusInputMessageNameProcessSendTimeoutWindowWindows__swprintf_wcslen
                        • String ID: %s%d
                        • API String ID: 991886796-1110647743
                        • Opcode ID: 4a64ff5b06e5e341b473abb9bc2bdd7182ed8da111ba9effa567358a3114916c
                        • Instruction ID: 20a4aa43144560c0524e92d1094e5dcb4402c89d1d481f65a72662ac57dae138
                        • Opcode Fuzzy Hash: 4a64ff5b06e5e341b473abb9bc2bdd7182ed8da111ba9effa567358a3114916c
                        • Instruction Fuzzy Hash: 7521A4712403046BD610FB65DC8AFEFB7ACAF98704F00481FF559A7181EAB8A509877A
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: _memset$_sprintf
                        • String ID: %02X
                        • API String ID: 891462717-436463671
                        • Opcode ID: 3d61b25fa3990800e5a694d7793c27d494b4b6e65897825e99c1223689708875
                        • Instruction ID: c3235ccac5cd273424cb9b73a8b9e0f10e05fa8943de770f4571b5c3e9b76774
                        • Opcode Fuzzy Hash: 3d61b25fa3990800e5a694d7793c27d494b4b6e65897825e99c1223689708875
                        • Instruction Fuzzy Hash: 5B11E97225021167D314FA698C93BEE724CAB45704F50453FF541A75C1EF6CB558839E
                        APIs
                        • _memset.LIBCMT ref: 0042CD00
                        • GetOpenFileNameW.COMDLG32 ref: 0042CD51
                          • Part of subcall function 0040FFB0: GetFullPathNameW.KERNEL32(00000000,00000104,C:\Users\user\Desktop\Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exe,?,C:\Users\user\Desktop\Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exe,004A8E80,C:\Users\user\Desktop\Aviso de cuenta vencida de DHL - 1606622076_865764325678976645423546567678967564423567890008765.exe,0040F3D2), ref: 0040FFCA
                          • Part of subcall function 00410130: SHGetMalloc.SHELL32(00000000), ref: 0041013A
                          • Part of subcall function 00410130: SHGetDesktopFolder.SHELL32(?,004A8E80), ref: 00410150
                          • Part of subcall function 00410130: _wcscpy.LIBCMT ref: 00410160
                          • Part of subcall function 00410130: SHGetPathFromIDListW.SHELL32(?,?), ref: 00410197
                          • Part of subcall function 00410130: _wcscpy.LIBCMT ref: 004101AC
                          • Part of subcall function 00410020: GetFullPathNameW.KERNEL32(?,00000104,?,?,?), ref: 00410037
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: NamePath$Full_wcscpy$DesktopFileFolderFromListMallocOpen_memset
                        • String ID: $OH$@OH$X
                        • API String ID: 3491138722-1394974532
                        • Opcode ID: b307b7495d9e484b77ad3edce91dc90ef7c994e26f1a80758083a935cdf7c966
                        • Instruction ID: e3e81f3fa603e1d093c5df9e9287f390c0398a0e5563e0e16fb911f44c5f658a
                        • Opcode Fuzzy Hash: b307b7495d9e484b77ad3edce91dc90ef7c994e26f1a80758083a935cdf7c966
                        • Instruction Fuzzy Hash: 2111C2B02043405BC311EF19984175FBBE9AFD5308F14882EF68497292D7FD854DCB9A
                        APIs
                        • LoadLibraryW.KERNEL32(00000000), ref: 00463DD1
                        • GetProcAddress.KERNEL32(?,?), ref: 00463E68
                        • GetProcAddress.KERNEL32(?,00000000), ref: 00463E84
                        • GetProcAddress.KERNEL32(?,?), ref: 00463ECE
                        • FreeLibrary.KERNEL32(?,?,?,00000000,?), ref: 00463EF0
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: AddressProc$Library$FreeLoad
                        • String ID:
                        • API String ID: 2449869053-0
                        • Opcode ID: fa0419033c450d646a7a4ef883371915f5dff59722895d189eba4af2447b2958
                        • Instruction ID: 5a5949aabc30296464acd143044f95cbdcafad8a77d2d24e7d672d776762960f
                        • Opcode Fuzzy Hash: fa0419033c450d646a7a4ef883371915f5dff59722895d189eba4af2447b2958
                        • Instruction Fuzzy Hash: 9051C1752043409FC300EF25C881A5BB7A4FF89305F00456EF945A73A2DB79EE45CBAA
                        APIs
                        • GetKeyboardState.USER32(?,?,00000001,00000001,?,00000000), ref: 0044C3DA
                        • SetKeyboardState.USER32(00000080), ref: 0044C3ED
                        • PostMessageW.USER32(00000000,00000105,?,?), ref: 0044C441
                        • PostMessageW.USER32(00000000,00000101,?,?), ref: 0044C465
                        • SendInput.USER32 ref: 0044C509
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: KeyboardMessagePostState$InputSend
                        • String ID:
                        • API String ID: 3031425849-0
                        • Opcode ID: b49b686b41cf8e4dc8898cf8a112ca1a8544ab09a95107e5a7613c5accf95fc9
                        • Instruction ID: f46f63d78903415e516a46676784f6fcea1caa301ceb581e17347d916cd8316d
                        • Opcode Fuzzy Hash: b49b686b41cf8e4dc8898cf8a112ca1a8544ab09a95107e5a7613c5accf95fc9
                        • Instruction Fuzzy Hash: DB413B715462446FF760AB24D944BBFBB94AF99324F04061FF9D4122C2D37D9908C77A
                        APIs
                        • RegEnumKeyExW.ADVAPI32 ref: 004422F0
                        • RegOpenKeyExW.ADVAPI32(?,00000000,00000000,?,?), ref: 0044232B
                        • RegCloseKey.ADVAPI32(00000000), ref: 0044234E
                        • RegDeleteKeyW.ADVAPI32(?,?), ref: 00442390
                        • RegEnumKeyExW.ADVAPI32(?,00000000), ref: 004423C0
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: Enum$CloseDeleteOpen
                        • String ID:
                        • API String ID: 2095303065-0
                        • Opcode ID: 367b6e42355be36f427f5e4c5f923650598af64a8eac08207e4f2af605b886a1
                        • Instruction ID: 24d8057b763805d248a02a33893b377b1579bd56aab3fff97e90bb3d062a49ad
                        • Opcode Fuzzy Hash: 367b6e42355be36f427f5e4c5f923650598af64a8eac08207e4f2af605b886a1
                        • Instruction Fuzzy Hash: 0C3150721043056EE210DF94DD84FBF73ECEBC9314F44492EBA9596141D7B8E9098B6A
                        APIs
                        • GetPrivateProfileSectionW.KERNEL32(00000000,?,?,00007FFF), ref: 0045C2F4
                        • GetPrivateProfileSectionW.KERNEL32(00000000,00000003,?,00000003), ref: 0045C31B
                        • WritePrivateProfileSectionW.KERNEL32(00000000,00000003,?), ref: 0045C363
                        • WritePrivateProfileStringW.KERNEL32(00000000,?,00000000,00000000), ref: 0045C385
                        • WritePrivateProfileStringW.KERNEL32(00000000,00000000,00000000,?), ref: 0045C392
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: PrivateProfile$SectionWrite$String
                        • String ID:
                        • API String ID: 2832842796-0
                        • Opcode ID: c76cc1094b5fb1fc43fcb7877a7661b5ae667b5fa7796de5023eb6f45200691f
                        • Instruction ID: eb365ed5c03c4bb3a44f9ddbc5128f2f56e5f8affd5b6ace934fe40af23b551f
                        • Opcode Fuzzy Hash: c76cc1094b5fb1fc43fcb7877a7661b5ae667b5fa7796de5023eb6f45200691f
                        • Instruction Fuzzy Hash: 00318675240305ABD610DFA1DC85F9BB3A8AF84705F00891DF94497292D7B9E889CB94
                        APIs
                        • GetClientRect.USER32(?,?), ref: 00447997
                        • GetCursorPos.USER32(?), ref: 004479A2
                        • ScreenToClient.USER32(?,?), ref: 004479BE
                        • WindowFromPoint.USER32(?,?), ref: 004479FF
                        • DefDlgProcW.USER32(?,00000020,?,?), ref: 00447A78
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: Client$CursorFromPointProcRectScreenWindow
                        • String ID:
                        • API String ID: 1822080540-0
                        • Opcode ID: c356f0f93048ebf3c0a873f2be17aa192b5fb9472fb724aa4a6a449873fe30ba
                        • Instruction ID: e9c1e18ea4fcc9a2ad4b32cd349e8b57ec7287094a91df3c43d19f1875151664
                        • Opcode Fuzzy Hash: c356f0f93048ebf3c0a873f2be17aa192b5fb9472fb724aa4a6a449873fe30ba
                        • Instruction Fuzzy Hash: DE3188742082029BD710CF19D88596FB7A9EBC8714F144A1EF88097291D778EA57CBAA
                        APIs
                        • GetWindowRect.USER32(?,?), ref: 00447C1B
                        • ScreenToClient.USER32(?,?), ref: 00447C39
                        • SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 00447C4C
                        • Rectangle.GDI32(00000000,00000000,00000000,?,?), ref: 00447C93
                        • EndPaint.USER32(?,?), ref: 00447CD1
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: ClientPaintRectRectangleScreenViewportWindow
                        • String ID:
                        • API String ID: 659298297-0
                        • Opcode ID: a6d698a2242c6caf7091173c4181dadfabb51550506680b35635a03376f271bc
                        • Instruction ID: 653bb342b0117225c29b14224c0e663a7b864e912777eddc33bb147bcfad3e12
                        • Opcode Fuzzy Hash: a6d698a2242c6caf7091173c4181dadfabb51550506680b35635a03376f271bc
                        • Instruction Fuzzy Hash: 8A3150706043019FE320CF15D9C8F7B7BE8EB89724F044A6EF994873A1D774A8468B69
                        APIs
                        • GetCursorPos.USER32(?), ref: 004478A7
                        • TrackPopupMenuEx.USER32(00000000,00000000,?,?,?,00000000), ref: 004478C3
                        • DefDlgProcW.USER32(?,0000007B,?,?,004A83D8,?,004A83D8,?), ref: 004478E7
                        • GetCursorPos.USER32(?), ref: 00447935
                        • TrackPopupMenuEx.USER32(00000000,00000000,?,?,?,00000000), ref: 0044795B
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: CursorMenuPopupTrack$Proc
                        • String ID:
                        • API String ID: 1300944170-0
                        • Opcode ID: 00aabaf84d80e4f8c92fc7d2a6c816b999107077810d41e1d32a7af9c3da8c6b
                        • Instruction ID: 600148c7f6f0e64f7aba5c2d0a58757112576a5c49d56a392ea253be37485a5b
                        • Opcode Fuzzy Hash: 00aabaf84d80e4f8c92fc7d2a6c816b999107077810d41e1d32a7af9c3da8c6b
                        • Instruction Fuzzy Hash: 2B31E475244204ABE214DB48DC48FABB7A5FBC9711F14491EF64483390D7B96C4BC779
                        APIs
                        • EnableWindow.USER32(004A83D8,00000000), ref: 00448BAB
                        • EnableWindow.USER32(004A83D8,00000001), ref: 00448BC1
                        • ShowWindow.USER32(004A83D8,00000000,004A83D8,?,?), ref: 00448C37
                        • ShowWindow.USER32(004A83D8,00000004,004A83D8), ref: 00448C43
                        • EnableWindow.USER32(004A83D8,00000001), ref: 00448C58
                          • Part of subcall function 004413F0: SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 0044140E
                          • Part of subcall function 004413F0: GetWindowLongW.USER32(?,000000F0), ref: 00441452
                          • Part of subcall function 004413F0: GetWindowLongW.USER32(?,000000F0), ref: 00441493
                          • Part of subcall function 004413F0: SendMessageW.USER32(009D1B70,000000F1,00000000,00000000), ref: 004414C6
                          • Part of subcall function 004413F0: SendMessageW.USER32(009D1B70,000000F1,00000001,00000000), ref: 004414F1
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: Window$EnableMessageSend$LongShow
                        • String ID:
                        • API String ID: 142311417-0
                        • Opcode ID: 63a7105258867651d9446b65671e60b54e1f680e017c4d0f27b0fbeeb6060130
                        • Instruction ID: 53ead31d82dc60d0a1ec6489c26700cf05fac79e8a5bf65a12bf69c5108a1aee
                        • Opcode Fuzzy Hash: 63a7105258867651d9446b65671e60b54e1f680e017c4d0f27b0fbeeb6060130
                        • Instruction Fuzzy Hash: 942105B07053809BF7148E28C8C47AFB7D0FB95345F08482EF981A6391DBAC9845C72E
                        APIs
                        • _memset.LIBCMT ref: 0044955A
                          • Part of subcall function 00433A98: _wcspbrk.LIBCMT ref: 00433AAC
                        • SendMessageW.USER32(?,00001060,00000000,00000004), ref: 004495B3
                        • _wcslen.LIBCMT ref: 004495C1
                        • _wcslen.LIBCMT ref: 004495CE
                        • SendMessageW.USER32(?,00001060,00000000,?), ref: 004495FF
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: MessageSend_wcslen$_memset_wcspbrk
                        • String ID:
                        • API String ID: 1843234404-0
                        • Opcode ID: b21334e59b332bdcefcacb45badc01962a29afe58654cc2f886ab9dc01dd4065
                        • Instruction ID: 2eba0e6ca7bf2f01d6f4dc0284c8cedbdf4c7ea0b5caad0642d64795040b3bc6
                        • Opcode Fuzzy Hash: b21334e59b332bdcefcacb45badc01962a29afe58654cc2f886ab9dc01dd4065
                        • Instruction Fuzzy Hash: 1821F87260430556E630EB15AC81BFBB3D8EBD0761F10483FEE4081280E67E9959D3AA
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID:
                        • String ID:
                        • API String ID:
                        • Opcode ID: 43986f9d4d7e017d9aea9f4dce7e52c9963f71054abe4abd36fa420e2ae722de
                        • Instruction ID: 4734ce3ce40af5b77ad59fd8baedf6a3e56741e39cc50bb30d89ac3ca2d3bd52
                        • Opcode Fuzzy Hash: 43986f9d4d7e017d9aea9f4dce7e52c9963f71054abe4abd36fa420e2ae722de
                        • Instruction Fuzzy Hash: 1321E0712006409BCB10EF29D994D6B73A8EF45321B40466EFE5597382DB34EC08CBA9
                        APIs
                        • IsWindowVisible.USER32(?), ref: 00445721
                        • SendMessageW.USER32(?,0000000E,00000000,00000000), ref: 0044573C
                        • SendMessageW.USER32(?,0000000D,00000001,00000000), ref: 00445773
                        • _wcslen.LIBCMT ref: 004457A3
                        • CharUpperBuffW.USER32(00000000,00000000), ref: 004457AD
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: MessageSend$BuffCharUpperVisibleWindow_wcslen
                        • String ID:
                        • API String ID: 3087257052-0
                        • Opcode ID: 707967777abbcb615846d4014dd15678eb91240126a64b2d293a4799175c36b7
                        • Instruction ID: 00e09c3d40749c53521e9302b0eb92bb7bfe2d7d521d01ead8474e6f611d5aec
                        • Opcode Fuzzy Hash: 707967777abbcb615846d4014dd15678eb91240126a64b2d293a4799175c36b7
                        • Instruction Fuzzy Hash: FA11E972601741BBF7105B35DC46F5B77CDAF65320F04443AF40AE6281FB69E84583AA
                        APIs
                        • IsWindow.USER32(00000000), ref: 00459DEF
                        • GetForegroundWindow.USER32 ref: 00459E07
                        • GetDC.USER32(00000000), ref: 00459E44
                        • GetPixel.GDI32(00000000,?,00000000), ref: 00459E4F
                        • ReleaseDC.USER32(00000000,00000000), ref: 00459E8B
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: Window$ForegroundPixelRelease
                        • String ID:
                        • API String ID: 4156661090-0
                        • Opcode ID: c25ec76bf159445cc401153d518622b926736981535c7bd42fe0b2b106eefd61
                        • Instruction ID: f25aa70a507d7fb142791e963b89e5313ab4350e7ab13503248c443e15a863bf
                        • Opcode Fuzzy Hash: c25ec76bf159445cc401153d518622b926736981535c7bd42fe0b2b106eefd61
                        • Instruction Fuzzy Hash: 76219D76600202ABD700EFA5CD49A5AB7E9FF84315F19483DF90597642DB78FC04CBA9
                        APIs
                          • Part of subcall function 004647A2: inet_addr.WSOCK32(?), ref: 004647C7
                        • socket.WSOCK32(00000002,00000001,00000006,00000000), ref: 00464985
                        • WSAGetLastError.WSOCK32(00000000,00000002,00000001,00000006,00000000), ref: 00464993
                        • connect.WSOCK32(00000000,00000000,00000010,00000002,00000001,00000006,00000000), ref: 004649CD
                        • WSAGetLastError.WSOCK32(00000000,00000000,00000000,00000010,00000002,00000001,00000006,00000000), ref: 004649F4
                        • closesocket.WSOCK32(00000000,00000000,00000000,00000000,00000000,00000010,00000002,00000001,00000006,00000000), ref: 00464A07
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: ErrorLast$closesocketconnectinet_addrsocket
                        • String ID:
                        • API String ID: 245547762-0
                        • Opcode ID: aaa03f654d2c2080970664bbc2635e6406c59b0d093f7dcd590a1c65d79e0220
                        • Instruction ID: b27d5ee258410aac5bd3077dd9c53ce90635b59006b610d0ec7ee295a05cd03d
                        • Opcode Fuzzy Hash: aaa03f654d2c2080970664bbc2635e6406c59b0d093f7dcd590a1c65d79e0220
                        • Instruction Fuzzy Hash: 3211DA712002109BD310FB2AC842F9BB3D8AF85728F04895FF594A72D2D7B9A885875A
                        APIs
                        • DeleteObject.GDI32(00000000), ref: 00447151
                        • ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,00000000,?,?,?), ref: 00447195
                        • SelectObject.GDI32(?,00000000), ref: 004471A2
                        • BeginPath.GDI32(?), ref: 004471B7
                        • SelectObject.GDI32(?,00000000), ref: 004471DC
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: Object$Select$BeginCreateDeletePath
                        • String ID:
                        • API String ID: 2338827641-0
                        • Opcode ID: f19e52de08adcd67550c2e9faff4417be3cdd69e9125f029607893bae639c511
                        • Instruction ID: ab30216038401830d00444c504d41f25dcbf82a6e2307e0a418987ed8484b610
                        • Opcode Fuzzy Hash: f19e52de08adcd67550c2e9faff4417be3cdd69e9125f029607893bae639c511
                        • Instruction Fuzzy Hash: 7E2171B18083019FD320CF29AD44A1B7FACF74A724F14052FF654933A1EB789849CB69
                        APIs
                        • Sleep.KERNEL32(00000000,00000000,?,?,?,?,004448B6,0000000F,?), ref: 0043771E
                        • QueryPerformanceCounter.KERNEL32(?,?,00000000,?,?,?,?,004448B6,0000000F,?), ref: 0043773C
                        • Sleep.KERNEL32(00000000,?,?,?,?,004448B6,0000000F,?), ref: 0043775C
                        • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,004448B6,0000000F,?), ref: 00437767
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: CounterPerformanceQuerySleep
                        • String ID:
                        • API String ID: 2875609808-0
                        • Opcode ID: 901ea73111326f2a8af3d8a1217edfde6b6dff748f8bb26d3b0ac17b2ce0a9c5
                        • Instruction ID: fd8a8a83491f03de43ea78fbc63302b75a2fa5438857304713168bbc83ca9150
                        • Opcode Fuzzy Hash: 901ea73111326f2a8af3d8a1217edfde6b6dff748f8bb26d3b0ac17b2ce0a9c5
                        • Instruction Fuzzy Hash: EA11A3B64093119BC210EF1ADA88A8FB7F4FFD8765F004D2EF9C462250DB34D5598B9A
                        APIs
                        • SendMessageW.USER32 ref: 0046FD00
                        • SendMessageW.USER32(?,0000104C,00000000,?), ref: 0046FD2E
                        • SendMessageW.USER32(?,00001015,?,?), ref: 0046FD4B
                        • DestroyIcon.USER32(?), ref: 0046FD58
                        • DestroyIcon.USER32(?), ref: 0046FD5F
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: MessageSend$DestroyIcon
                        • String ID:
                        • API String ID: 3419509030-0
                        • Opcode ID: a24bc400bf7eaff3d1708451a80103ed5292b50ec6011cebb58ec712c1110a53
                        • Instruction ID: ba7c1cc62690e465ab1dcb48fa3e0f79152c3dc78d34179caeeeb49ed344ab69
                        • Opcode Fuzzy Hash: a24bc400bf7eaff3d1708451a80103ed5292b50ec6011cebb58ec712c1110a53
                        • Instruction Fuzzy Hash: 5F1182B15043449BE730DF14DC46BABB7E8FBC5714F00492EE6C857291D6B8A84A8B67
                        APIs
                        • __getptd.LIBCMT ref: 004175AE
                          • Part of subcall function 00416C72: __getptd_noexit.LIBCMT ref: 00416C75
                          • Part of subcall function 00416C72: __amsg_exit.LIBCMT ref: 00416C82
                        • __amsg_exit.LIBCMT ref: 004175CE
                        • __lock.LIBCMT ref: 004175DE
                        • InterlockedDecrement.KERNEL32(?), ref: 004175FB
                        • InterlockedIncrement.KERNEL32(009D2DA8), ref: 00417626
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock
                        • String ID:
                        • API String ID: 4271482742-0
                        • Opcode ID: cef6af0c730a10c674891530ba4a9f92a8997b3b581fa775581189220e01fce3
                        • Instruction ID: de548182bd5f57d4f8c9f8a4c79293bfa6802d75d0085d2526eaa3c6a777046b
                        • Opcode Fuzzy Hash: cef6af0c730a10c674891530ba4a9f92a8997b3b581fa775581189220e01fce3
                        • Instruction Fuzzy Hash: 9401AD31944A11AFC710ABA998497CE7BB0BB11724F0540ABE80063791CB3CA9C1CFEE
                        APIs
                        • DestroyWindow.USER32(?,?,?,?,?), ref: 00455640
                        • DeleteObject.GDI32(?), ref: 0045564E
                        • DeleteObject.GDI32(?), ref: 0045565C
                        • DestroyIcon.USER32(?,?,?,?,?), ref: 0045566A
                        • DestroyWindow.USER32(?,?,?,?,?), ref: 00455678
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: Destroy$DeleteObjectWindow$Icon
                        • String ID:
                        • API String ID: 4023252218-0
                        • Opcode ID: 187bd120907745c88baacffad0920a9106e1cca1ea6db424662e0a83cd01c53e
                        • Instruction ID: d1816f9fa450f538fb043821254e2bd2cfb9ade9207d957631f6d0e9d50691b6
                        • Opcode Fuzzy Hash: 187bd120907745c88baacffad0920a9106e1cca1ea6db424662e0a83cd01c53e
                        • Instruction Fuzzy Hash: 05015E70300605ABCB20DF65D9D4B2B77A8BF14712B50452AFD04D7346EB38EC48CB69
                        APIs
                        • GetDlgItem.USER32(?,000003E9), ref: 00460342
                        • GetWindowTextW.USER32(00000000,00000100,00000100), ref: 00460357
                        • MessageBeep.USER32(00000000), ref: 0046036D
                        • KillTimer.USER32(?,0000040A), ref: 00460392
                        • EndDialog.USER32(?,00000001), ref: 004603AB
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: BeepDialogItemKillMessageTextTimerWindow
                        • String ID:
                        • API String ID: 3741023627-0
                        • Opcode ID: 5e0545b8da8baa7cb8324f4116d33f6edaa60507eab9176a587cebaf75a8c25b
                        • Instruction ID: 48c257e0c270193328064fa19c5b46d6a870d8092b70dfec968bdaebd9a60f08
                        • Opcode Fuzzy Hash: 5e0545b8da8baa7cb8324f4116d33f6edaa60507eab9176a587cebaf75a8c25b
                        • Instruction Fuzzy Hash: BE018831500300A7E7209B54DE5DBDB77A8BF44B05F00492EB681A25D0E7F8A584CB55
                        APIs
                        • SendMessageW.USER32(?,00001101,00000000,?), ref: 00455514
                        • DeleteObject.GDI32(?), ref: 0045564E
                        • DeleteObject.GDI32(?), ref: 0045565C
                        • DestroyIcon.USER32(?,?,?,?,?), ref: 0045566A
                        • DestroyWindow.USER32(?,?,?,?,?), ref: 00455678
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: DeleteDestroyObject$IconMessageSendWindow
                        • String ID:
                        • API String ID: 1489400265-0
                        • Opcode ID: fb8346e1cf28bbdc4ad062342734fe1bacbf25b41774fd01ae6266dc65fad9d1
                        • Instruction ID: 68d82c845863845e83b9d92669df32d5d1b96a6c2c0272d07869f65424c05900
                        • Opcode Fuzzy Hash: fb8346e1cf28bbdc4ad062342734fe1bacbf25b41774fd01ae6266dc65fad9d1
                        • Instruction Fuzzy Hash: D9014F703006419BDB10EF65DED8A2A73A9FB44712B40455AFE05DB286DB78EC49CB68
                        APIs
                          • Part of subcall function 0043343D: InvalidateRect.USER32(?,00000000,00000001), ref: 004334BE
                        • DestroyWindow.USER32(?,?,?,?,?), ref: 00455640
                        • DeleteObject.GDI32(?), ref: 0045564E
                        • DeleteObject.GDI32(?), ref: 0045565C
                        • DestroyIcon.USER32(?,?,?,?,?), ref: 0045566A
                        • DestroyWindow.USER32(?,?,?,?,?), ref: 00455678
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: Destroy$DeleteObjectWindow$IconInvalidateRect
                        • String ID:
                        • API String ID: 1042038666-0
                        • Opcode ID: 920ee65d6839c6288c76afce6441748d32e1b72318fe83d584ccefe2da360159
                        • Instruction ID: 707d1f3050e1f0ff98422ce5efa9f9a4d3559fdafbc0a23101ed238e91bf2869
                        • Opcode Fuzzy Hash: 920ee65d6839c6288c76afce6441748d32e1b72318fe83d584ccefe2da360159
                        • Instruction Fuzzy Hash: B2014B702006419BCB10AF65D9C8A2A33ACAF19322780456AFD05D7242DB28EC498B79
                        APIs
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: Path$ObjectStroke$DeleteFillSelect
                        • String ID:
                        • API String ID: 2625713937-0
                        • Opcode ID: a89ec47609df172868659220a46891f09f78d761c189f4b7bb4a315096e7830c
                        • Instruction ID: 1b0d13c7bbaa275692c81ef4a4760df4fcf6218f807946f7e03cce85d1463269
                        • Opcode Fuzzy Hash: a89ec47609df172868659220a46891f09f78d761c189f4b7bb4a315096e7830c
                        • Instruction Fuzzy Hash: F7F0A4751052019BD7508F18EC0C70E7FA8FB4F325F04462EEA19932E0DB781546CBAD
                        APIs
                          • Part of subcall function 00411A35: _doexit.LIBCMT ref: 00411A41
                        • ___set_flsgetvalue.LIBCMT ref: 004140E1
                          • Part of subcall function 00416A84: TlsGetValue.KERNEL32(00411739,00416C10,?,00411739,00417F28,00413979,?,?,00411739,?,00401C0B), ref: 00416A8D
                          • Part of subcall function 00416A84: __decode_pointer.LIBCMT ref: 00416A9F
                          • Part of subcall function 00416A84: TlsSetValue.KERNEL32(00000000,00411739,00417F28,00413979,?,?,00411739,?,00401C0B), ref: 00416AAE
                        • ___fls_getvalue@4.LIBCMT ref: 004140EC
                          • Part of subcall function 00416A64: TlsGetValue.KERNEL32(?,?,004140F1,00000000), ref: 00416A72
                        • ___fls_setvalue@8.LIBCMT ref: 004140FF
                          • Part of subcall function 00416AB8: __decode_pointer.LIBCMT ref: 00416AC9
                        • GetLastError.KERNEL32(00000000,?,00000000), ref: 00414108
                        • ExitThread.KERNEL32 ref: 0041410F
                        • GetCurrentThreadId.KERNEL32 ref: 00414115
                        • __freefls@4.LIBCMT ref: 00414135
                        • __IsNonwritableInCurrentImage.LIBCMT ref: 00414148
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: Value$CurrentThread__decode_pointer$ErrorExitImageLastNonwritable___fls_getvalue@4___fls_setvalue@8___set_flsgetvalue__freefls@4_doexit
                        • String ID:
                        • API String ID: 132634196-0
                        • Opcode ID: dbe0df41a3d89f03eebcd77cedb8c7fbd95cde8327ee68e759feca9a6a87dff2
                        • Instruction ID: c6f54ac6c47f72d6c6be617d0ab0d95393642b3a08ca47198428750b18cc63fb
                        • Opcode Fuzzy Hash: dbe0df41a3d89f03eebcd77cedb8c7fbd95cde8327ee68e759feca9a6a87dff2
                        • Instruction Fuzzy Hash: EFE0B6318012096B8F0177F28E2A8DF3A2DAD56799B12842EBF10A3112DA6DD9D147AD
                        APIs
                        • __IsNonwritableInCurrentImage.LIBCMT ref: 00415610
                          • Part of subcall function 00418540: __FindPESection.LIBCMT ref: 0041859B
                        • __getptd_noexit.LIBCMT ref: 00415620
                        • CloseHandle.KERNEL32(?,?,0041566B), ref: 00415634
                        • __freeptd.LIBCMT ref: 0041563B
                        • ExitThread.KERNEL32 ref: 00415643
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: CloseCurrentExitFindHandleImageNonwritableSectionThread__freeptd__getptd_noexit
                        • String ID:
                        • API String ID: 3798957060-0
                        • Opcode ID: d3b08fe511e09ca6ea2d918a54b62a74066439bca0a0e456eaad9824bd7e2a02
                        • Instruction ID: 5ad9b57b40d8b41da6f03c32f2a15b2799e0bbfe2e5ad1689210a27a588f1b2a
                        • Opcode Fuzzy Hash: d3b08fe511e09ca6ea2d918a54b62a74066439bca0a0e456eaad9824bd7e2a02
                        • Instruction Fuzzy Hash: 29E01A31501A1197C2212BB9AC097DE3255AF01F36F944A6EF81A952A0DB6CD98147AD
                        APIs
                          • Part of subcall function 00411A35: _doexit.LIBCMT ref: 00411A41
                        • ___set_flsgetvalue.LIBCMT ref: 00415690
                          • Part of subcall function 00416A84: TlsGetValue.KERNEL32(00411739,00416C10,?,00411739,00417F28,00413979,?,?,00411739,?,00401C0B), ref: 00416A8D
                          • Part of subcall function 00416A84: __decode_pointer.LIBCMT ref: 00416A9F
                          • Part of subcall function 00416A84: TlsSetValue.KERNEL32(00000000,00411739,00417F28,00413979,?,?,00411739,?,00401C0B), ref: 00416AAE
                        • ___fls_getvalue@4.LIBCMT ref: 0041569B
                          • Part of subcall function 00416A64: TlsGetValue.KERNEL32(?,?,004140F1,00000000), ref: 00416A72
                        • ___fls_setvalue@8.LIBCMT ref: 004156AD
                          • Part of subcall function 00416AB8: __decode_pointer.LIBCMT ref: 00416AC9
                        • GetLastError.KERNEL32(00000000,?,00000000), ref: 004156B6
                        • ExitThread.KERNEL32 ref: 004156BD
                        • __freefls@4.LIBCMT ref: 004156D9
                        • __IsNonwritableInCurrentImage.LIBCMT ref: 004156EC
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: Value$__decode_pointer$CurrentErrorExitImageLastNonwritableThread___fls_getvalue@4___fls_setvalue@8___set_flsgetvalue__freefls@4_doexit
                        • String ID:
                        • API String ID: 1537469427-0
                        • Opcode ID: 99715b5f8e2ff19c7b8f3a2e2e0a417857e73ed83bc070766e6b29f9400adc7a
                        • Instruction ID: 6f4b581ce684dac4bce1a6396b1ab204a3b2196504341234b7a244e47b3a25b0
                        • Opcode Fuzzy Hash: 99715b5f8e2ff19c7b8f3a2e2e0a417857e73ed83bc070766e6b29f9400adc7a
                        • Instruction Fuzzy Hash: 83E0E6308003096BCF0037F29E1A9DF392DAD41389B52841E7E14B2122DE6DD9D1466D
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: _malloc
                        • String ID: Default$|k
                        • API String ID: 1579825452-2254895183
                        • Opcode ID: 3487a4ebd3b6326aef9d7885c20b94cf9b3333ebd549fd878091b2165ba8d13b
                        • Instruction ID: 39a525bc613f0e7e9485e4ea944b13d532e73913c0a35fc25f8fa2b96209a7b9
                        • Opcode Fuzzy Hash: 3487a4ebd3b6326aef9d7885c20b94cf9b3333ebd549fd878091b2165ba8d13b
                        • Instruction Fuzzy Hash: 51F19F706083018BD714DF25C484A6BB7E5AF85314F64886FF885AB392D738EC55CB9B
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: _memcmp
                        • String ID: '$[$h
                        • API String ID: 2931989736-1224472061
                        • Opcode ID: b65a2ba19e68ffe8a11284d2d069350b2f2ae6a9059e42b54d6f98484e49560c
                        • Instruction ID: c2eec353cbd26a418970a1643da97c958d9efd09d44d369c5aec2a2e92b02032
                        • Opcode Fuzzy Hash: b65a2ba19e68ffe8a11284d2d069350b2f2ae6a9059e42b54d6f98484e49560c
                        • Instruction Fuzzy Hash: EBE1B3756083858FE725CF28C8807ABBBE1FFC9304F18896EE89587341D7799849CB56
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: _strncmp
                        • String ID: >$R$U
                        • API String ID: 909875538-1924298640
                        • Opcode ID: f9ebc198af2ab7ab0819517e001d9756788144751dce64bc403378e3fae079f3
                        • Instruction ID: f6794502b7c89560a677b30a08de70cb8bc1b17d125f16f135907c58c8460d8d
                        • Opcode Fuzzy Hash: f9ebc198af2ab7ab0819517e001d9756788144751dce64bc403378e3fae079f3
                        • Instruction Fuzzy Hash: 46E19C745083818FEB25CF29C49076BBBE1EFD9304F28496EE89587381D378E849CB56
                        APIs
                          • Part of subcall function 00442C52: _wcslen.LIBCMT ref: 00442C82
                        • CoInitialize.OLE32(00000000), ref: 0046CE18
                        • CoCreateInstance.OLE32(00482A50,00000000,00000001,004828B0,?), ref: 0046CE31
                        • CoUninitialize.OLE32 ref: 0046CE50
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: CreateInitializeInstanceUninitialize_wcslen
                        • String ID: .lnk
                        • API String ID: 886957087-24824748
                        • Opcode ID: cf95cfa125c39178dc1728bd48ca6ee468afe444b27fb378bb5b47a8cf5920ff
                        • Instruction ID: 09ec1e36491b9dee8eccbfa157b0fc1a83632a56aae6c10d58f94140378ad3aa
                        • Opcode Fuzzy Hash: cf95cfa125c39178dc1728bd48ca6ee468afe444b27fb378bb5b47a8cf5920ff
                        • Instruction Fuzzy Hash: D3A1ABB5A042019FC704EF64C980E6BB7E9EF88714F14895EF8849B392D735EC45CBA6
                        Strings
                        • \\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs], xrefs: 00469C37
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: _wcslen
                        • String ID: \\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs]
                        • API String ID: 176396367-557222456
                        • Opcode ID: 6ed3ee7040cf52f7c8cf58c24b37417f7719ae2cfab6dfb5b0d2deafceea8a2b
                        • Instruction ID: 5ec49088f7a0f5eff408c40ec761cfb1cab3d77d8e9f1d748350f88cc39ab646
                        • Opcode Fuzzy Hash: 6ed3ee7040cf52f7c8cf58c24b37417f7719ae2cfab6dfb5b0d2deafceea8a2b
                        • Instruction Fuzzy Hash: 2C818F715183009FC310EF65C88186BB7E8AF85714F408A2FF5959B2A2E778ED45CB9B
                        APIs
                          • Part of subcall function 0041171A: _malloc.LIBCMT ref: 00411734
                        • VariantInit.OLEAUT32(00000000), ref: 0042D2E0
                        • VariantCopy.OLEAUT32(?,?), ref: 0042D2EE
                        • VariantClear.OLEAUT32(00000000), ref: 0042D2FF
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: Variant$ClearCopyInit_malloc
                        • String ID: 4RH
                        • API String ID: 2981388473-749298218
                        • Opcode ID: 886d72268d4c4b31cd7e9b97dec5c8ab100e14167db6bca7b584ef53709687b2
                        • Instruction ID: 2430bd0654d197d786bc988f6f01769df72c779a088326c60667d263ff95ce9f
                        • Opcode Fuzzy Hash: 886d72268d4c4b31cd7e9b97dec5c8ab100e14167db6bca7b584ef53709687b2
                        • Instruction Fuzzy Hash: CC913874A083519FC720CF29D480A1AB7E1FF89304F64892EE999DB351D774EC85CB96
                        APIs
                          • Part of subcall function 0040FFF0: _wcslen.LIBCMT ref: 0040FFF2
                          • Part of subcall function 0040FFF0: _wcscpy.LIBCMT ref: 00410012
                        • __wcsnicmp.LIBCMT ref: 0046681A
                        • WNetUseConnectionW.MPR(00000000,?,00000000,?,00000000,?,00000000,?), ref: 004668B9
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: Connection__wcsnicmp_wcscpy_wcslen
                        • String ID: LPT$HH
                        • API String ID: 3035604524-2728063697
                        • Opcode ID: 2945cb5b31277d8c8021d55f3d7ec86f9f5d8a101f6134c00f702d091f19bef7
                        • Instruction ID: 32c7950bcbaa764ae6d62266904c1b9f72d26d84b6ae022b5f72856ccecd4d84
                        • Opcode Fuzzy Hash: 2945cb5b31277d8c8021d55f3d7ec86f9f5d8a101f6134c00f702d091f19bef7
                        • Instruction Fuzzy Hash: 2151D5B16043009FC720EF65C881B1BB7E5AF85704F11491EFA859B382E779ED49C79A
                        APIs
                          • Part of subcall function 004374AF: WriteProcessMemory.KERNEL32(?,?,00000000,00000000,00000000,?,00461142,?), ref: 004374E2
                        • SendMessageW.USER32(?,00001104,00000000,00000000), ref: 00438AB8
                          • Part of subcall function 00437472: ReadProcessMemory.KERNEL32(?,00000000,00000000,?,00000000,00000000,00460C33,?,00000000,?,00000202), ref: 004374A5
                        • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 00438B2F
                        • SendMessageW.USER32(00000000,00001111,00000000,00000000), ref: 00438BAF
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: MessageSend$MemoryProcess$ReadWrite
                        • String ID: @
                        • API String ID: 4055202900-2766056989
                        • Opcode ID: 95f302c56ad406a71ba46a757bfca5032ac46bd5be6e99a0861c43b96ce9d769
                        • Instruction ID: 682097a2b5231093ce935cfc9f6f49684b756042c0be5430c67da702d62f7190
                        • Opcode Fuzzy Hash: 95f302c56ad406a71ba46a757bfca5032ac46bd5be6e99a0861c43b96ce9d769
                        • Instruction Fuzzy Hash: E6518FB2208304ABD310DB64CC81FEFB7A9EFC9714F04591EFA8597181D678F9498B66
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: CrackInternet_memset_wcslen
                        • String ID: |
                        • API String ID: 915713708-2343686810
                        • Opcode ID: 49a329c21d3e2b60aa9c34259f3774bde857317d5b4f329263fe64f76368b085
                        • Instruction ID: 59fb16093b155e5aebf0565036b17e76eaaa1a90c891d08183ce313382d628e9
                        • Opcode Fuzzy Hash: 49a329c21d3e2b60aa9c34259f3774bde857317d5b4f329263fe64f76368b085
                        • Instruction Fuzzy Hash: AE417EB2754301ABD204EF69DC81B9BF7E8FB88714F00052EF64593290DB75E909CBA6
                        APIs
                        • InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 0044A7FE
                        • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 0044A851
                        • HttpQueryInfoW.WININET ref: 0044A892
                          • Part of subcall function 0044286A: GetLastError.KERNEL32(00000000,0044AA07,?,00000000,00000000,00000001,?,?), ref: 00442880
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: Http$ErrorInfoInternetLastOpenQueryRequestSend
                        • String ID:
                        • API String ID: 3705125965-3916222277
                        • Opcode ID: 978b0a3adb57e12b693652f0a59e9f67067917ae502be6042813f4078819ed5c
                        • Instruction ID: e2ea4e726a01332d61d4ddbc0b4be6fd5f15ca60b5c099a75bcf819f780d651a
                        • Opcode Fuzzy Hash: 978b0a3adb57e12b693652f0a59e9f67067917ae502be6042813f4078819ed5c
                        • Instruction Fuzzy Hash: F431C6B56813416BE320EB16DC42F9FB7E8EFD9714F00091FF65057281D7A8A50D876A
                        APIs
                        • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000013), ref: 00450A84
                        • GetWindowLongW.USER32(?,000000F0), ref: 00450AA2
                        • SetWindowLongW.USER32(00000000,000000F0,00000000), ref: 00450AB3
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: Window$Long
                        • String ID: SysTreeView32
                        • API String ID: 847901565-1698111956
                        • Opcode ID: 8beaa76caf08e9d8622144d4cb1fe8de975b1c4a0fa94bb7914df260c0b4a9df
                        • Instruction ID: 1ec52148e0427fd314aa46f8515fbaae5756f8dde681787cc4d1a4a364837cef
                        • Opcode Fuzzy Hash: 8beaa76caf08e9d8622144d4cb1fe8de975b1c4a0fa94bb7914df260c0b4a9df
                        • Instruction Fuzzy Hash: 9831E670244301AFE710DB64CC84B6BB3E8EF98325F104A1EF9A5932D1D7B8AD85CB25
                        APIs
                        • LoadLibraryA.KERNEL32(?), ref: 00437CB2
                        • GetProcAddress.KERNEL32(?,AU3_GetPluginDetails), ref: 00437D26
                        • FreeLibrary.KERNEL32(?,?,AU3_GetPluginDetails), ref: 00437D3D
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: Library$AddressFreeLoadProc
                        • String ID: AU3_GetPluginDetails
                        • API String ID: 145871493-4132174516
                        • Opcode ID: 86e4c61e32d2ed878dfd7fe720ec64e92d9a8cb9aafa3c38a6749b64446316ec
                        • Instruction ID: 909018a8305b4cb0ce841e730e5bf8c258fddf5044228ae68d4d210ccee2088c
                        • Opcode Fuzzy Hash: 86e4c61e32d2ed878dfd7fe720ec64e92d9a8cb9aafa3c38a6749b64446316ec
                        • Instruction Fuzzy Hash: 054147B96042019FC314DF68D8C4D5AF3E5FF8D304B20866EE9568B751DB35E802CB96
                        APIs
                        • DestroyWindow.USER32(00000000,004A83D8,00000000,?,?), ref: 00450C60
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: DestroyWindow
                        • String ID: msctls_updown32
                        • API String ID: 3375834691-2298589950
                        • Opcode ID: 2a2b7300f3f0896f723b2acc27284ae87319393b418436251cb0663837fc8f9c
                        • Instruction ID: 6a1e1189e42626fde14bc74b9d87f1f450c181bb0fe7a510af516aef360d3f61
                        • Opcode Fuzzy Hash: 2a2b7300f3f0896f723b2acc27284ae87319393b418436251cb0663837fc8f9c
                        • Instruction Fuzzy Hash: CE31A279300201AFD624DF54DC81F5B73A9EB9A714F20451EF640AB382C7B4AC4ACB6A
                        APIs
                        • SendMessageW.USER32(00000000,00000180,00000000,?), ref: 0045122A
                        • SendMessageW.USER32(00000000,00000186,00000000,00000000), ref: 00451238
                        • MoveWindow.USER32(?,?,00000000,?,?,00000000,?,?,Listbox,00000000,00000000,?,?,?,?,?), ref: 0045125D
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: MessageSend$MoveWindow
                        • String ID: Listbox
                        • API String ID: 3315199576-2633736733
                        • Opcode ID: ec94c338bdc408a6213732be15a93177a4dce0f95fa1299e59073e0341a0244e
                        • Instruction ID: bfe1e9b3800f224edd0053b2d0d87a77da448e7bf5b17050dc61905274d7532a
                        • Opcode Fuzzy Hash: ec94c338bdc408a6213732be15a93177a4dce0f95fa1299e59073e0341a0244e
                        • Instruction Fuzzy Hash: E421D3712043047BE6209A65DC81F6BB3E8EBCD735F104B1EFA60A72D1C675EC458729
                        APIs
                        • SetErrorMode.KERNEL32(00000001), ref: 0045D243
                        • GetVolumeInformationW.KERNEL32(?,?,000000FF,?,?,?,?,000000FF,?), ref: 0045D2C7
                        • SetErrorMode.KERNEL32(?,00000001,00000000), ref: 0045D30C
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: ErrorMode$InformationVolume
                        • String ID: HH
                        • API String ID: 2507767853-2761332787
                        • Opcode ID: 10a78899cac0a24ca5bd241ff5c46140465ea67f957306f93882c0fc43b3d187
                        • Instruction ID: 4a708fd112bc3492f79fb502a293ca5b83a6a9b53d4ab80d782c21126568c1ab
                        • Opcode Fuzzy Hash: 10a78899cac0a24ca5bd241ff5c46140465ea67f957306f93882c0fc43b3d187
                        • Instruction Fuzzy Hash: 622148756083019FC310EF55D944A6BB7E4FF88704F40882EFA45972A2D774E909CB5A
                        APIs
                        • SetErrorMode.KERNEL32(00000001), ref: 0045D44A
                        • GetVolumeInformationW.KERNEL32(?,?,000000FF,?,?,?,?,000000FF,?), ref: 0045D4CE
                        • SetErrorMode.KERNEL32(?,00000001,00000000), ref: 0045D502
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: ErrorMode$InformationVolume
                        • String ID: HH
                        • API String ID: 2507767853-2761332787
                        • Opcode ID: a403ffe69dae12f4374470e721856d745e9457d8bcd1b2c0f65575075c8e6c3b
                        • Instruction ID: 8e4373afe1f51974a95c06a3ae407364d3098df30383bdf5f9e51316f0e0b5c8
                        • Opcode Fuzzy Hash: a403ffe69dae12f4374470e721856d745e9457d8bcd1b2c0f65575075c8e6c3b
                        • Instruction Fuzzy Hash: 902137756083019FC314EF55D944A5AB7E8FF88710F40882EFA49972A2D778E909CB9A
                        APIs
                        • SendMessageW.USER32(00000000,00000405,00000000,00000000), ref: 00450D74
                        • SendMessageW.USER32(00000000,00000406,00000000,00640000), ref: 00450D8A
                        • SendMessageW.USER32(?,00000414,0000000A,00000000), ref: 00450D98
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: MessageSend
                        • String ID: msctls_trackbar32
                        • API String ID: 3850602802-1010561917
                        • Opcode ID: e14717e3cb06623c4553287ca90ea840a6fcf4d017620d4062bb11778db8dfcd
                        • Instruction ID: c83169f0c5ec68c29a3e9aa847b4a28030a04f73c00385235601d1c9d4ce90e2
                        • Opcode Fuzzy Hash: e14717e3cb06623c4553287ca90ea840a6fcf4d017620d4062bb11778db8dfcd
                        • Instruction Fuzzy Hash: 4F1193717403117BE610CAA8DC81F5B73E8AB98B25F204A1AFA50A72C1D2B4FC458B68
                        APIs
                          • Part of subcall function 0045EFE7: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,?,?,0047D14B,?,?,?,?), ref: 0045F003
                        • gethostbyname.WSOCK32(?,00000000,?,?), ref: 0046BD78
                        • WSAGetLastError.WSOCK32(00000000,?,?,00000000,?,?), ref: 0046BD83
                        • inet_ntoa.WSOCK32(00000000,?), ref: 0046BDCD
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: ByteCharErrorLastMultiWidegethostbynameinet_ntoa
                        • String ID: HH
                        • API String ID: 1515696956-2761332787
                        • Opcode ID: 9fa1cc3982deb19834a74a1ffc0ee15940528313d09b960f7f62ca7fb5990435
                        • Instruction ID: 2fad99cf3c45da3a785a9a513efbde0c8943f1fdc9598a344110207fd9df59bd
                        • Opcode Fuzzy Hash: 9fa1cc3982deb19834a74a1ffc0ee15940528313d09b960f7f62ca7fb5990435
                        • Instruction Fuzzy Hash: E21142765043006BC744FB66D885D9FB3A8AFC4318F448C2EF945A7242DA39E949876A
                        APIs
                          • Part of subcall function 0041171A: _malloc.LIBCMT ref: 00411734
                        • GetMenuItemInfoW.USER32 ref: 004497EA
                        • SetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00449817
                        • DrawMenuBar.USER32 ref: 00449828
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: Menu$InfoItem$Draw_malloc
                        • String ID: 0
                        • API String ID: 772068139-4108050209
                        • Opcode ID: aba2b2f37e8aede0e07af882035f7c7ba327ed0a8d43e4983355c33413849c0f
                        • Instruction ID: 895394c4ac3d8cdb9511dba433443d5742fa96e32f07ab63668b9f5a94eb31d1
                        • Opcode Fuzzy Hash: aba2b2f37e8aede0e07af882035f7c7ba327ed0a8d43e4983355c33413849c0f
                        • Instruction Fuzzy Hash: 941182B16042009BF730EB55EC96FABB7A8FB91714F00452EE648CA281DB7A9445CB76
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: AllocTask_wcslen
                        • String ID: hkG
                        • API String ID: 2651040394-3610518997
                        • Opcode ID: 13332cee77e5ed885d7d4fc6bfcacd5b22b96a16ce8d99b05f9432ebd764b12e
                        • Instruction ID: 372044899b15e8c53ead78f1c779643819f92c4817f04f111663958edd7e2adf
                        • Opcode Fuzzy Hash: 13332cee77e5ed885d7d4fc6bfcacd5b22b96a16ce8d99b05f9432ebd764b12e
                        • Instruction Fuzzy Hash: DCE065736442225B97506A79AC045CBA7D8AFB0370B15482BF880E7310E278E89643E5
                        APIs
                        • LoadLibraryA.KERNEL32(kernel32.dll), ref: 0043417A
                        • GetProcAddress.KERNEL32(00000000,GetSystemWow64DirectoryW), ref: 0043418C
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: AddressLibraryLoadProc
                        • String ID: GetSystemWow64DirectoryW$kernel32.dll
                        • API String ID: 2574300362-1816364905
                        • Opcode ID: 58df7aafb5ba6d6c6a2aff3317d08040102bec91f6a73b36e13bbbd5fede489a
                        • Instruction ID: 1a9860a365f0c849ce8c10f1c40c5c80f9dda93506fd3415c38c98a37cde1a5a
                        • Opcode Fuzzy Hash: 58df7aafb5ba6d6c6a2aff3317d08040102bec91f6a73b36e13bbbd5fede489a
                        • Instruction Fuzzy Hash: F9D05EB1440B039FCB109FA0D80C64BB6E4AB64301F148C2EF885B2654D7B8E8C0CBA8
                        APIs
                        • LoadLibraryA.KERNEL32(ICMP.DLL,?,00434466,?,?,00464B68,?,?,?,?,?,00000000,?,?,00000101,?), ref: 004343DE
                        • GetProcAddress.KERNEL32(00000000,IcmpSendEcho), ref: 004343F0
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: AddressLibraryLoadProc
                        • String ID: ICMP.DLL$IcmpSendEcho
                        • API String ID: 2574300362-58917771
                        • Opcode ID: 4b46215cfc07257f28131f0af9bcf44c57d27cd5d24dcd7dc697cbf0f45d51b4
                        • Instruction ID: bde82dd314f67bb94adb8237e566b22d9cd50c1f3059090bebd97951f1ce1dc3
                        • Opcode Fuzzy Hash: 4b46215cfc07257f28131f0af9bcf44c57d27cd5d24dcd7dc697cbf0f45d51b4
                        • Instruction Fuzzy Hash: C9D017B45043039BD7105B21D80874A76E4AF58310F118C2FF881E2250CBBCE8808B79
                        APIs
                        • LoadLibraryA.KERNEL32(ICMP.DLL,?,0043447D,?,?,00464B56,?,?,?,?,00000000,?,?,00000101,?,?), ref: 0043440D
                        • GetProcAddress.KERNEL32(00000000,IcmpCloseHandle), ref: 0043441F
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: AddressLibraryLoadProc
                        • String ID: ICMP.DLL$IcmpCloseHandle
                        • API String ID: 2574300362-3530519716
                        • Opcode ID: 42f9b5773da98e9266fb1162e4ae0909fe6bfc7ac22b46aa183d999fe3c035a4
                        • Instruction ID: 815a2f2ef77883dfca24b23846b24e776c3b140ddfaf16f0983d17b56328066b
                        • Opcode Fuzzy Hash: 42f9b5773da98e9266fb1162e4ae0909fe6bfc7ac22b46aa183d999fe3c035a4
                        • Instruction Fuzzy Hash: 9FD017B04443129AD7106B64D80874A76E4AB68302F129C3FF881A2660C7BCA8808B39
                        APIs
                        • LoadLibraryA.KERNEL32(ICMP.DLL,?,00434494,?,?,00464A94,?), ref: 0043443C
                        • GetProcAddress.KERNEL32(00000000,IcmpCreateFile), ref: 0043444E
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: AddressLibraryLoadProc
                        • String ID: ICMP.DLL$IcmpCreateFile
                        • API String ID: 2574300362-275556492
                        • Opcode ID: aa837af65d1bad252c0530eb36f48db089182c3e5c3795977f5f1506c5c05052
                        • Instruction ID: c247b13c068300da1972229949477068df6ba5342f41feac8fae2a533bc96115
                        • Opcode Fuzzy Hash: aa837af65d1bad252c0530eb36f48db089182c3e5c3795977f5f1506c5c05052
                        • Instruction Fuzzy Hash: 97D017B04043029ADB105B60D90875A77E4AB68300F118C7FF9A1A2250C7BCA8808B29
                        APIs
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: ClearVariant
                        • String ID:
                        • API String ID: 1473721057-0
                        • Opcode ID: c8a8680659340ce3ae7b61d15611f915275d61821cdaab737acf418eefb31e18
                        • Instruction ID: 4e1e522645e86f73b8885f2d86dba7d443b77ce6b8f7ad4508257b27d10f8221
                        • Opcode Fuzzy Hash: c8a8680659340ce3ae7b61d15611f915275d61821cdaab737acf418eefb31e18
                        • Instruction Fuzzy Hash: 3DD18D746003018FD724DF25D484A26B7E1EF49704F64887EE9899B3A1D739EC92CB9A
                        APIs
                        • __flush.LIBCMT ref: 00414630
                        • __fileno.LIBCMT ref: 00414650
                        • __locking.LIBCMT ref: 00414657
                        • __flsbuf.LIBCMT ref: 00414682
                          • Part of subcall function 00417F23: __getptd_noexit.LIBCMT ref: 00417F23
                          • Part of subcall function 00417EBB: __decode_pointer.LIBCMT ref: 00417EC6
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: __decode_pointer__fileno__flsbuf__flush__getptd_noexit__locking
                        • String ID:
                        • API String ID: 3240763771-0
                        • Opcode ID: da881668a639e25d03d88a6d97948a76b4f19f87a827f6f9fc91a47de182ffa5
                        • Instruction ID: ec1a4dff6c5341ad57a53ba98b0f539b864df2cc4a0ba96fecd891c5d8a4160d
                        • Opcode Fuzzy Hash: da881668a639e25d03d88a6d97948a76b4f19f87a827f6f9fc91a47de182ffa5
                        • Instruction Fuzzy Hash: 4841A571A00605ABDB249FA5C9445DFB7B6EFC1328F28852FE41997280D77CDEC18B48
                        APIs
                        • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00000001,00000000,NULL Pointer assignment,00000001), ref: 00478201
                        • VariantCopy.OLEAUT32(?,?), ref: 00478259
                        • VariantCopy.OLEAUT32(-00000058,?), ref: 00478270
                        • VariantCopy.OLEAUT32(-00000078,?), ref: 00478287
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: CopyVariant$ErrorLast
                        • String ID:
                        • API String ID: 2286883814-0
                        • Opcode ID: 5518b7b53ef3ca50261af568c513a59c65815d8cf0fffae25230fe941ba47538
                        • Instruction ID: 2d87100fc18953c9afe9b7e879878e48daa4ef19e0256d9a4550ae3fa38499cf
                        • Opcode Fuzzy Hash: 5518b7b53ef3ca50261af568c513a59c65815d8cf0fffae25230fe941ba47538
                        • Instruction Fuzzy Hash: 5F517C751543409FC310DF69C880A9BBBE4FF88314F448A6EF9499B352DB39E909CB99
                        APIs
                        • socket.WSOCK32(00000002,00000002,00000011), ref: 00474068
                        • WSAGetLastError.WSOCK32(00000000,00000002,00000002,00000011), ref: 00474076
                        • #21.WSOCK32 ref: 004740E0
                        • WSAGetLastError.WSOCK32(00000000), ref: 004740EB
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: ErrorLast$socket
                        • String ID:
                        • API String ID: 1881357543-0
                        • Opcode ID: 49e735c62c31738b54d4bbc911449ab864d290153f15be7477df25c465b7d9f8
                        • Instruction ID: ff1742a21ceaee7448286ece46cbaad1fa76dded649dcd1b12ff87c083dae87e
                        • Opcode Fuzzy Hash: 49e735c62c31738b54d4bbc911449ab864d290153f15be7477df25c465b7d9f8
                        • Instruction Fuzzy Hash: 7641D9717403006AE720BF6ADC47F5672C89B54B18F14496EF648BF2C3D6FAA881869C
                        APIs
                        • ClientToScreen.USER32(00000000,?), ref: 00441CDE
                        • GetWindowRect.USER32(?,?), ref: 00441D5A
                        • PtInRect.USER32(?,?,?), ref: 00441D6F
                        • MessageBeep.USER32(00000000), ref: 00441DF2
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: Rect$BeepClientMessageScreenWindow
                        • String ID:
                        • API String ID: 1352109105-0
                        • Opcode ID: f335056d542ece3fcaf1afd85692f97af485635a3f9ffa8235448c3f06d12885
                        • Instruction ID: 11ad13a84751b34e4f8a983c71a6a29643224e7bbeba0240db3aabd8edeb2108
                        • Opcode Fuzzy Hash: f335056d542ece3fcaf1afd85692f97af485635a3f9ffa8235448c3f06d12885
                        • Instruction Fuzzy Hash: E64192B5A042418FE710DF18D884AABB7E5FFC9311F18866FE8518B360D734AC85CBA5
                        APIs
                        • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 0042387E
                        • __isleadbyte_l.LIBCMT ref: 004238B2
                        • MultiByteToWideChar.KERNEL32(?,00000009,00000002,?,00000000,00000000,?,?,?,00000000,00000002,00000000), ref: 004238E3
                        • MultiByteToWideChar.KERNEL32(?,00000009,00000002,00000001,00000000,00000000,?,?,?,00000000,00000002,00000000), ref: 00423951
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                        • String ID:
                        • API String ID: 3058430110-0
                        • Opcode ID: f131ee11c0d220cb2dc6b3da44158834730645c68ebbd2a61d5b0c3ed448205f
                        • Instruction ID: 550681b3841f0f34ee613cb5364b25607849a03987ccfca5eaaec14299199b49
                        • Opcode Fuzzy Hash: f131ee11c0d220cb2dc6b3da44158834730645c68ebbd2a61d5b0c3ed448205f
                        • Instruction Fuzzy Hash: A931C270B00265EFDB20EF64D8849AA7BF5EF01312B9445AAF0A09F291D338CE81CB55
                        APIs
                        • CreateHardLinkW.KERNEL32(00000000,?,00000000,?,00000000), ref: 0045D10A
                        • GetLastError.KERNEL32(?,00000000), ref: 0045D12B
                        • DeleteFileW.KERNEL32(00000000,?), ref: 0045D14C
                        • CreateHardLinkW.KERNEL32(00000000,?,00000000,00000000,00000000), ref: 0045D16A
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: CreateHardLink$DeleteErrorFileLast
                        • String ID:
                        • API String ID: 3321077145-0
                        • Opcode ID: 7cd5f2a63614e36a101d3a24e32b13d83311d412b7f68151a30e37c1c693f1dc
                        • Instruction ID: 240381fd0e223f31e6bb83dc4f900fe278965bce5f9bbaa9f824fb1079ab41c9
                        • Opcode Fuzzy Hash: 7cd5f2a63614e36a101d3a24e32b13d83311d412b7f68151a30e37c1c693f1dc
                        • Instruction Fuzzy Hash: 393180B5900301ABCB10AF71C985A1BF7E8AF84755F10891EF85497392C739FC45CB68
                        APIs
                        • GetParent.USER32(?), ref: 004505BF
                        • DefDlgProcW.USER32(?,00000138,?,?,004A83D8,?,004A83D8,?), ref: 00450610
                        • DefDlgProcW.USER32(?,00000133,?,?,004A83D8,?,004A83D8,?), ref: 0045065A
                        • DefDlgProcW.USER32(?,00000134,?,?,004A83D8,?,004A83D8,?), ref: 00450688
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: Proc$Parent
                        • String ID:
                        • API String ID: 2351499541-0
                        • Opcode ID: 93bb19dea30658450b5dada9832e261aba4ffbe4fc891123e7e77a8d6405a749
                        • Instruction ID: e3e31f905615dd8bfbe674c7a91f48f64006a8638b4dc9b760805e547d05c650
                        • Opcode Fuzzy Hash: 93bb19dea30658450b5dada9832e261aba4ffbe4fc891123e7e77a8d6405a749
                        • Instruction Fuzzy Hash: 8C3128362411006BC2209B299C58DBB7B58EBC7336F14465BFA54832D3CB769826C768
                        APIs
                          • Part of subcall function 00438C85: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00438C95
                          • Part of subcall function 004021E0: _wcslen.LIBCMT ref: 004021F2
                        • SendMessageW.USER32(00000000,0000102C,00000000,00000002), ref: 00461420
                        • SendMessageW.USER32(00000000,0000102C,00000000,00000002), ref: 0046144F
                        • __itow.LIBCMT ref: 00461461
                        • __itow.LIBCMT ref: 004614AB
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: MessageSend$__itow$_wcslen
                        • String ID:
                        • API String ID: 2875217250-0
                        • Opcode ID: 347b44770508ca88cf5981266e998b528a2978f718c0dd2978777487f2c1d3f7
                        • Instruction ID: b65c482f8247f617b799fd724a7506577ebf884cdb52d0d4602b18db992df379
                        • Opcode Fuzzy Hash: 347b44770508ca88cf5981266e998b528a2978f718c0dd2978777487f2c1d3f7
                        • Instruction Fuzzy Hash: 3A213D7670031067D210BA169C86FAFB794EB94714F08443FFF44AB241EE69E94687EB
                        APIs
                        • _memset.LIBCMT ref: 0040E202
                        • Shell_NotifyIconW.SHELL32(00000000,?), ref: 0040E2C7
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: IconNotifyShell__memset
                        • String ID:
                        • API String ID: 928536360-0
                        • Opcode ID: a8f79553875ba5cd412c6e6f6aef719f94b94a7ff7df26053db2d04cf48d3506
                        • Instruction ID: 9c6d99eda8392314e00a4319cd3b9f491a6d528882fc0aac3328a2d60ab56ec1
                        • Opcode Fuzzy Hash: a8f79553875ba5cd412c6e6f6aef719f94b94a7ff7df26053db2d04cf48d3506
                        • Instruction Fuzzy Hash: FC318170608701DFD320DF25D845B97BBF8BB45304F00486EE99A93380E778A958CF5A
                        APIs
                        • GetForegroundWindow.USER32 ref: 00472806
                          • Part of subcall function 00443EEF: GetWindowThreadProcessId.USER32(00000001,00000000), ref: 00443F11
                          • Part of subcall function 00443EEF: GetCurrentThreadId.KERNEL32 ref: 00443F18
                          • Part of subcall function 00443EEF: AttachThreadInput.USER32(00000000), ref: 00443F1F
                        • GetCaretPos.USER32(?), ref: 0047281A
                        • ClientToScreen.USER32(00000000,?), ref: 00472856
                        • GetForegroundWindow.USER32 ref: 0047285C
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: ThreadWindow$Foreground$AttachCaretClientCurrentInputProcessScreen
                        • String ID:
                        • API String ID: 2759813231-0
                        • Opcode ID: f08c9821fa495b0e17bd1c697e1e5286648ea95901ecf1a9ceb1535147bec3ee
                        • Instruction ID: 38f02bd9b1f6bed34cfa7ce2d7f69328ba3456287a0ba45db7850a86b8391dd2
                        • Opcode Fuzzy Hash: f08c9821fa495b0e17bd1c697e1e5286648ea95901ecf1a9ceb1535147bec3ee
                        • Instruction Fuzzy Hash: FF2195716403056FE310EF65CC42F5BB7E8AF84708F144D2EF544AB282D6FAB9858795
                        APIs
                          • Part of subcall function 0046DD22: IsWindow.USER32(00000000), ref: 0046DD51
                        • GetWindowLongW.USER32(?,000000EC), ref: 0047728E
                        • SetWindowLongW.USER32(?,000000EC,00000000), ref: 004772A9
                        • SetWindowLongW.USER32(?,000000EC,00000000), ref: 004772C0
                        • SetLayeredWindowAttributes.USER32(?,00000000,?,00000002,?,000000EC,00000000,?,000000EC,?,00000001,?,?), ref: 004772D0
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: Window$Long$AttributesLayered
                        • String ID:
                        • API String ID: 2169480361-0
                        • Opcode ID: cf64f2ba38e7b8586118add57273b6dbf74680437e58013ae8f64db123384f26
                        • Instruction ID: faea1ea985e506ac999786301d765d91882fdca708237d94abe4bce3661c65f1
                        • Opcode Fuzzy Hash: cf64f2ba38e7b8586118add57273b6dbf74680437e58013ae8f64db123384f26
                        • Instruction Fuzzy Hash: 5F11B431205510ABD310FB29DD45F9BB798FF91720F10862EF455E72E2C7A8AC45C7A8
                        APIs
                        • SendMessageW.USER32 ref: 00448CB8
                        • GetWindowLongW.USER32(?,000000EC), ref: 00448CE0
                        • SendMessageW.USER32(?,0000104C,00000000,?), ref: 00448D19
                        • SendMessageW.USER32(?,0000102B,00000000,?), ref: 00448D62
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: MessageSend$LongWindow
                        • String ID:
                        • API String ID: 312131281-0
                        • Opcode ID: 75ae646de43e531ea10203f5aba75cb55710deee3f48b72b110124c921b55059
                        • Instruction ID: 9d6bf2a2f0cb0d5184a29e15ea511504db1ac53b4253ca88fa0f688086887250
                        • Opcode Fuzzy Hash: 75ae646de43e531ea10203f5aba75cb55710deee3f48b72b110124c921b55059
                        • Instruction Fuzzy Hash: B12174715053019BF3208F18D98879FB7E4FBD5325F140B2EF594962D0DBB58449C796
                        APIs
                        • select.WSOCK32 ref: 0045890A
                        • __WSAFDIsSet.WSOCK32(00000000,00000000), ref: 00458919
                        • accept.WSOCK32(00000000,00000000,00000000,00000000,00000000), ref: 00458927
                        • WSAGetLastError.WSOCK32(00000000), ref: 00458952
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: ErrorLastacceptselect
                        • String ID:
                        • API String ID: 385091864-0
                        • Opcode ID: abc1db9f2e63247cad6e2e0496bedee0f0acb9a353b4738024f17ecaf3b799d2
                        • Instruction ID: 93f38c3b8a65fd8a68e5265ae944391143789c71a4918893f245a539b4228a7d
                        • Opcode Fuzzy Hash: abc1db9f2e63247cad6e2e0496bedee0f0acb9a353b4738024f17ecaf3b799d2
                        • Instruction Fuzzy Hash: 1F2166712043019BD314EF29C842BABB7E5AFC4714F144A2EF994DB2C1DBB4A985CB99
                        APIs
                        • SendMessageW.USER32(?,000000B0,?,?), ref: 00438D6F
                        • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00438D82
                        • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00438D9A
                        • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00438DB4
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: MessageSend
                        • String ID:
                        • API String ID: 3850602802-0
                        • Opcode ID: 265964968b448329a9940c71d90cafee1d95b27ec759889be900fe0a368f8aeb
                        • Instruction ID: 707762f1bc06eebb59e9357f9c77b20c0e090dcf7cedc03b298b4f863176c0ea
                        • Opcode Fuzzy Hash: 265964968b448329a9940c71d90cafee1d95b27ec759889be900fe0a368f8aeb
                        • Instruction Fuzzy Hash: 77113AB6204305AFD210EF58DC84F6BF7E8EBE8750F20491EF580D7290D6B1A8468BA1
                        APIs
                        • CreateWindowExW.USER32(?,?,?,FFFFFFFF,?,?,?,?,?,?,00400000,00000000), ref: 0043367E
                        • GetStockObject.GDI32(00000011), ref: 00433695
                        • SendMessageW.USER32(00000000,00000030,00000000), ref: 0043369F
                        • ShowWindow.USER32(00000000,00000000), ref: 004336BA
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: Window$CreateMessageObjectSendShowStock
                        • String ID:
                        • API String ID: 1358664141-0
                        • Opcode ID: a78582cd8c915fd270119012ff4eddf0033f410814d91724adacf9cac7d73a6b
                        • Instruction ID: 5bb77caae3378c1c36de35f78993aeb7f53e4fc0e9047450929301c31466c70f
                        • Opcode Fuzzy Hash: a78582cd8c915fd270119012ff4eddf0033f410814d91724adacf9cac7d73a6b
                        • Instruction Fuzzy Hash: 60114F72204A00BFD254DF55CC49F5BB3F9AFCCB01F20950DB254922A0D7B4E9418BA9
                        APIs
                        • GetCurrentThreadId.KERNEL32 ref: 004441B8
                        • MessageBoxW.USER32(?,?,?,?), ref: 004441F6
                        • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 0044420C
                        • CloseHandle.KERNEL32(00000000), ref: 00444213
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: CloseCurrentHandleMessageObjectSingleThreadWait
                        • String ID:
                        • API String ID: 2880819207-0
                        • Opcode ID: 146d2f4ba151d14deb3aa3acfdd6de045567f86e28c98b22242e1e1489ea4094
                        • Instruction ID: a177bb78e812b0c83f085b16f259857c8a511f23e32e5024349264f8b0df3d09
                        • Opcode Fuzzy Hash: 146d2f4ba151d14deb3aa3acfdd6de045567f86e28c98b22242e1e1489ea4094
                        • Instruction Fuzzy Hash: C401E5364183105BD300DB28ED08A9BBBD8BFD9721F18067EF89893351E6B48948C7B6
                        APIs
                        • GetWindowRect.USER32(?,?), ref: 00434037
                        • ScreenToClient.USER32(?,?), ref: 0043405B
                        • ScreenToClient.USER32(?,?), ref: 00434085
                        • InvalidateRect.USER32(?,?,?), ref: 004340A4
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: ClientRectScreen$InvalidateWindow
                        • String ID:
                        • API String ID: 357397906-0
                        • Opcode ID: 751e48bbdad3fa965b56aea51b9fa4e55de6b4169d4940aca7a3583b508516de
                        • Instruction ID: 02545dd0d615a745195cb6f618e51c1f9c2552a202a2369b8695847d2ce6fb2f
                        • Opcode Fuzzy Hash: 751e48bbdad3fa965b56aea51b9fa4e55de6b4169d4940aca7a3583b508516de
                        • Instruction Fuzzy Hash: 24117EB9608302AFC304DF18D98095BBBE9FFD8650F10891EF88993350D770E9498BA2
                        APIs
                        • __wsplitpath.LIBCMT ref: 00436A45
                          • Part of subcall function 00413DB0: __wsplitpath_helper.LIBCMT ref: 00413DF2
                        • __wsplitpath.LIBCMT ref: 00436A6C
                        • __wcsicoll.LIBCMT ref: 00436A93
                        • __wcsicoll.LIBCMT ref: 00436AB0
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: __wcsicoll__wsplitpath$__wsplitpath_helper
                        • String ID:
                        • API String ID: 1187119602-0
                        • Opcode ID: 5b78189461bd351535feab14c2aa3b28919a840a222a6c91b90152b853837e7b
                        • Instruction ID: cc447ddabc085245cf6c6bda96777749177fc915bba42f20b5b260b799017f3a
                        • Opcode Fuzzy Hash: 5b78189461bd351535feab14c2aa3b28919a840a222a6c91b90152b853837e7b
                        • Instruction Fuzzy Hash: 690165B64043416BD724EB50D881EEBB3ED7BD8304F04C91EB5C982041FB38D24C87A6
                        APIs
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: _wcslen$_malloc_wcscat_wcscpy
                        • String ID:
                        • API String ID: 1597257046-0
                        • Opcode ID: ef4c8eb1668fb764ac9879486c39433899b48e1b70f0ed706df85b8b39ec7f0c
                        • Instruction ID: 9df5ee2dcc5f1a759a9cde70f7b42babd8a8bdcc369222b22224423102f690bd
                        • Opcode Fuzzy Hash: ef4c8eb1668fb764ac9879486c39433899b48e1b70f0ed706df85b8b39ec7f0c
                        • Instruction Fuzzy Hash: BFF06D32200200AFC314EB66C885E6BB3EAEBC5324F04852EF556C7791DB39F841C764
                        APIs
                        • DeleteObject.GDI32(?), ref: 0045564E
                        • DeleteObject.GDI32(?), ref: 0045565C
                        • DestroyIcon.USER32(?,?,?,?,?), ref: 0045566A
                        • DestroyWindow.USER32(?,?,?,?,?), ref: 00455678
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: DeleteDestroyObject$IconWindow
                        • String ID:
                        • API String ID: 3349847261-0
                        • Opcode ID: 3ca9d014447a04aedc0dfd8276f5a6e9fbff97cfd7386ed498fa31ba53dce0fe
                        • Instruction ID: 3a9029eb8e47786e7dec82746d504bb216afab776d143f23dce7b1a7602128e4
                        • Opcode Fuzzy Hash: 3ca9d014447a04aedc0dfd8276f5a6e9fbff97cfd7386ed498fa31ba53dce0fe
                        • Instruction Fuzzy Hash: 06F03C702006419BDB20AF65DDD8A2B77ACEF45322740456AFD04D7242DB28DC498B7D
                        APIs
                        • EnterCriticalSection.KERNEL32(?), ref: 0044B60B
                        • InterlockedExchange.KERNEL32(?,?), ref: 0044B619
                        • LeaveCriticalSection.KERNEL32(?), ref: 0044B630
                        • LeaveCriticalSection.KERNEL32(?), ref: 0044B641
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: CriticalSection$Leave$EnterExchangeInterlocked
                        • String ID:
                        • API String ID: 2223660684-0
                        • Opcode ID: ff66e887f7cbb15f4500d5b6eb7e85b0bae77af45fe5867796c74117f3ed7197
                        • Instruction ID: 8f2921e390180aa9c6083979f061463a0462abb68b72a76a452ff5fd2bc04521
                        • Opcode Fuzzy Hash: ff66e887f7cbb15f4500d5b6eb7e85b0bae77af45fe5867796c74117f3ed7197
                        • Instruction Fuzzy Hash: 35F08C362422019F82249B59EA488DBB3FDEBE97213009C2FE142C32108BB5F806CB75
                        APIs
                          • Part of subcall function 0044710F: DeleteObject.GDI32(00000000), ref: 00447151
                          • Part of subcall function 0044710F: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,00000000,?,?,?), ref: 00447195
                          • Part of subcall function 0044710F: SelectObject.GDI32(?,00000000), ref: 004471A2
                          • Part of subcall function 0044710F: BeginPath.GDI32(?), ref: 004471B7
                          • Part of subcall function 0044710F: SelectObject.GDI32(?,00000000), ref: 004471DC
                        • MoveToEx.GDI32(?,?,00000000,00000000), ref: 0044728F
                        • LineTo.GDI32(?,00000000,00000002), ref: 004472A0
                        • EndPath.GDI32(?), ref: 004472B0
                        • StrokePath.GDI32(?), ref: 004472BE
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: ObjectPath$Select$BeginCreateDeleteLineMoveStroke
                        • String ID:
                        • API String ID: 2783949968-0
                        • Opcode ID: 09270453bc364e96d12f6c3f9be453f1264e71f62e0889bc66601f12e66ee767
                        • Instruction ID: 15f667079dd022c0076d5117e5ffb33549464faf874781034dcdd6a9c0a79bb3
                        • Opcode Fuzzy Hash: 09270453bc364e96d12f6c3f9be453f1264e71f62e0889bc66601f12e66ee767
                        • Instruction Fuzzy Hash: 46F09030109361BFE211DB10DC0AF9F3B98AB46310F10490CF641622D2C7B46845C7BA
                        APIs
                        • __getptd.LIBCMT ref: 00417D1A
                          • Part of subcall function 00416C72: __getptd_noexit.LIBCMT ref: 00416C75
                          • Part of subcall function 00416C72: __amsg_exit.LIBCMT ref: 00416C82
                        • __getptd.LIBCMT ref: 00417D31
                        • __amsg_exit.LIBCMT ref: 00417D3F
                        • __lock.LIBCMT ref: 00417D4F
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: __amsg_exit__getptd$__getptd_noexit__lock
                        • String ID:
                        • API String ID: 3521780317-0
                        • Opcode ID: 6e88b35b2b81098ca19d257f076875e832caf49443e3c23eeee739354b537ff9
                        • Instruction ID: 784cd6646040312d8c3929352b57c791f513dbd9ce30c249d09a92555f0e5bc7
                        • Opcode Fuzzy Hash: 6e88b35b2b81098ca19d257f076875e832caf49443e3c23eeee739354b537ff9
                        • Instruction Fuzzy Hash: D4F06D319447089AD720FB66E4067EA32B0AF01728F11856FA4415B7D2DB3C99C08B9E
                        APIs
                        • GetDesktopWindow.USER32 ref: 00471144
                        • GetDC.USER32(00000000), ref: 0047114D
                        • GetDeviceCaps.GDI32(00000000,00000074), ref: 0047115A
                        • ReleaseDC.USER32(00000000,?), ref: 0047117B
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: CapsDesktopDeviceReleaseWindow
                        • String ID:
                        • API String ID: 2889604237-0
                        • Opcode ID: 949280357db84fa49407f8095e759b2e277f1c53a9819964645a6bf04a6d26c7
                        • Instruction ID: a1da8b046b56c0024f4e51319ca7c868ce9b42ab557c4db2e47d6af70bf9fcef
                        • Opcode Fuzzy Hash: 949280357db84fa49407f8095e759b2e277f1c53a9819964645a6bf04a6d26c7
                        • Instruction Fuzzy Hash: 75F05E759042009FC310DF65DC4856EBBA4FB94351F108C3EFD05D2251DB7889059B99
                        APIs
                        • GetDesktopWindow.USER32 ref: 00471102
                        • GetDC.USER32(00000000), ref: 0047110B
                        • GetDeviceCaps.GDI32(00000000,0000000C), ref: 00471118
                        • ReleaseDC.USER32(00000000,?), ref: 00471139
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: CapsDesktopDeviceReleaseWindow
                        • String ID:
                        • API String ID: 2889604237-0
                        • Opcode ID: 179ddf2500a9669b2282ba4880ad99879b6dd87bde84ab61e923a9eee80713d7
                        • Instruction ID: 5204c471e266b2ed5cdb435334cd6f206910ee07043e0bb223494c3f632f6575
                        • Opcode Fuzzy Hash: 179ddf2500a9669b2282ba4880ad99879b6dd87bde84ab61e923a9eee80713d7
                        • Instruction Fuzzy Hash: 78F05E759042009FD310EF65DC5896EBBA4FB94351F104C3EFC05D2251DB7489059B99
                        APIs
                        • SendMessageTimeoutW.USER32(00000001,00000000,00000000,00000000,00000002,00001388,004848E8), ref: 004389C0
                        • GetWindowThreadProcessId.USER32(00000001,00000000), ref: 004389D3
                        • GetCurrentThreadId.KERNEL32 ref: 004389DA
                        • AttachThreadInput.USER32(00000000), ref: 004389E1
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: Thread$AttachCurrentInputMessageProcessSendTimeoutWindow
                        • String ID:
                        • API String ID: 2710830443-0
                        • Opcode ID: fc668e8f88677791c9032932ff1b39d21009c78d2dca35edbf1b20bb29ea35ff
                        • Instruction ID: 438da6915ae72ab6a15f098678a9856147cbf2dc0a85cf0a700465948addd5b0
                        • Opcode Fuzzy Hash: fc668e8f88677791c9032932ff1b39d21009c78d2dca35edbf1b20bb29ea35ff
                        • Instruction Fuzzy Hash: 14E012712853107BE72157509D0EFAF7B98AF18B11F14481EB241B50D0DAF8A941876E
                        APIs
                        • WaitForSingleObject.KERNEL32(?,000000FF), ref: 004390CD
                        • UnloadUserProfile.USERENV(?,?,?,000000FF), ref: 004390DB
                        • CloseHandle.KERNEL32(?,?,000000FF), ref: 004390EB
                        • CloseHandle.KERNEL32(?,?,000000FF), ref: 004390F0
                          • Part of subcall function 00438FB6: GetProcessHeap.KERNEL32(00000000,?,00439504,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00438FC1
                          • Part of subcall function 00438FB6: HeapFree.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 00438FC8
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: CloseHandleHeap$FreeObjectProcessProfileSingleUnloadUserWait
                        • String ID:
                        • API String ID: 146765662-0
                        • Opcode ID: 7cdfdd2e005e28f5438e9d3b399fcd684928161159dd652c77b09849c549b5d2
                        • Instruction ID: e19b07cb6d87eea3d85dfea562759309df1919ba68b29a0146d7a5ec0ea3c710
                        • Opcode Fuzzy Hash: 7cdfdd2e005e28f5438e9d3b399fcd684928161159dd652c77b09849c549b5d2
                        • Instruction Fuzzy Hash: 5DE0C976504311ABC620EB65DC48C4BB7E9EF883303114E1DF89693260CA74E881CB65
                        APIs
                        • __IsNonwritableInCurrentImage.LIBCMT ref: 00414070
                          • Part of subcall function 00418540: __FindPESection.LIBCMT ref: 0041859B
                        • __getptd_noexit.LIBCMT ref: 00414080
                        • __freeptd.LIBCMT ref: 0041408A
                        • ExitThread.KERNEL32 ref: 00414093
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: CurrentExitFindImageNonwritableSectionThread__freeptd__getptd_noexit
                        • String ID:
                        • API String ID: 3182216644-0
                        • Opcode ID: 18f79961a183a005566c851b5a75566c8a37b9a59448809cc1b4ea10e33ea091
                        • Instruction ID: 8c1b811a677bc0208766d104aadce1409d27245c16b3af4a320e27a455eae914
                        • Opcode Fuzzy Hash: 18f79961a183a005566c851b5a75566c8a37b9a59448809cc1b4ea10e33ea091
                        • Instruction Fuzzy Hash: F8D0EC7051024256D6207BA7ED097AA3A589B44B26B15446EA905801B1DF68D9C1862D
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: BuffCharLower
                        • String ID: $8'I
                        • API String ID: 2358735015-3608026889
                        • Opcode ID: e3039598ad07eb1683e22d1e13845cc1c6bfaba1fe80df618d976ecbdfba683b
                        • Instruction ID: 1bf34105e022c250dd7240f1ea7ec4803edb57b208c13e69c3fb06210d7c4844
                        • Opcode Fuzzy Hash: e3039598ad07eb1683e22d1e13845cc1c6bfaba1fe80df618d976ecbdfba683b
                        • Instruction Fuzzy Hash: 9FE1AE745043018BCB24EF16D88166BB7E4BF94348F40482FF88597292EB79DD89CB9B
                        APIs
                        • OleSetContainedObject.OLE32(00000000,00000001), ref: 0047857A
                          • Part of subcall function 0041171A: _malloc.LIBCMT ref: 00411734
                          • Part of subcall function 00445513: OleSetContainedObject.OLE32(?,00000000), ref: 00445593
                          • Part of subcall function 004781AE: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00000001,00000000,NULL Pointer assignment,00000001), ref: 00478201
                          • Part of subcall function 004781AE: VariantCopy.OLEAUT32(?,?), ref: 00478259
                          • Part of subcall function 004781AE: VariantCopy.OLEAUT32(-00000058,?), ref: 00478270
                          • Part of subcall function 004781AE: VariantCopy.OLEAUT32(-00000078,?), ref: 00478287
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: CopyVariant$ContainedObject$ErrorLast_malloc
                        • String ID: AutoIt3GUI$Container
                        • API String ID: 3380330463-3941886329
                        • Opcode ID: a9ff7069b9b8d6ccd49eba872ad7efd2467de888f1098c4430e935d21ee713db
                        • Instruction ID: 8a51a4197b359b89da059ec4b883cd23719ad159cb4f439b8c2c8f5fea4c1b32
                        • Opcode Fuzzy Hash: a9ff7069b9b8d6ccd49eba872ad7efd2467de888f1098c4430e935d21ee713db
                        • Instruction Fuzzy Hash: FEA16A71240601AFC760EF69C880A6BB7E9FB88304F10892EF649CB361EB75E945CB55
                        APIs
                        • _wcslen.LIBCMT ref: 00409A61
                          • Part of subcall function 0041171A: _malloc.LIBCMT ref: 00411734
                          • Part of subcall function 0041171A: std::bad_alloc::bad_alloc.LIBCMT ref: 00411757
                          • Part of subcall function 0041171A: std::bad_exception::bad_exception.LIBCMT ref: 0041176B
                          • Part of subcall function 0041171A: __CxxThrowException@8.LIBCMT ref: 00411779
                        • CharUpperBuffW.USER32(?,?), ref: 00409AF5
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: BuffCharException@8ThrowUpper_malloc_wcslenstd::bad_alloc::bad_allocstd::bad_exception::bad_exception
                        • String ID: 0vH
                        • API String ID: 1143807570-3662162768
                        • Opcode ID: 06636c051a656e0db8e48e9a81f0f7daa77b956eb8708b24b717754a54bb628e
                        • Instruction ID: 5e67718e4417cbef977f4cc7974cb0b4b39b480e5382bb1977b3cac956c07efc
                        • Opcode Fuzzy Hash: 06636c051a656e0db8e48e9a81f0f7daa77b956eb8708b24b717754a54bb628e
                        • Instruction Fuzzy Hash: 53515BB1A083009FC718CF18C48065BB7E1FF88314F54856EF9999B391D779E942CB96
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID:
                        • String ID: HH$HH
                        • API String ID: 0-1787419579
                        • Opcode ID: 7546cf6663fec2d41e0be28018c51c43d88dc93244b488606bcda1ed75612bc1
                        • Instruction ID: b2aab3850ea6996be17d3b26b1a0d96f4757dd5de2ef7d298d9c2790e2b3b10f
                        • Opcode Fuzzy Hash: 7546cf6663fec2d41e0be28018c51c43d88dc93244b488606bcda1ed75612bc1
                        • Instruction Fuzzy Hash: 1241BF367042009FC310EF69E881F5AF3A1EF99314F548A6EFA589B381D776E811CB95
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: InfoItemMenu_memset
                        • String ID: 0
                        • API String ID: 2223754486-4108050209
                        • Opcode ID: 38f09aa922346eb88559bb972c0ed36bedb4057ad35cf6b519ccfeef0a85981d
                        • Instruction ID: 143d79469fb3e570aa9bb1e7a79db7ad77638f8ab3c2e89d41e08a42c99b444e
                        • Opcode Fuzzy Hash: 38f09aa922346eb88559bb972c0ed36bedb4057ad35cf6b519ccfeef0a85981d
                        • Instruction Fuzzy Hash: CB3101721043009BF3249F18DC85BABBBE4EBC6310F14081FFA90C62A0E379D949C75A
                        APIs
                        • SendMessageW.USER32(?,00001132,00000000,?), ref: 0044846C
                        • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 0044847E
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: MessageSend
                        • String ID: '
                        • API String ID: 3850602802-1997036262
                        • Opcode ID: 40c115dbe3bb232f42185e8835a3c48b8da925c0788aed463fb6e16a301179a8
                        • Instruction ID: cecdca06d5aa7ecc7109d5e1ff25192cbd540bafe2d1ef24ff7c1b98f096cb5f
                        • Opcode Fuzzy Hash: 40c115dbe3bb232f42185e8835a3c48b8da925c0788aed463fb6e16a301179a8
                        • Instruction Fuzzy Hash: 984179706083459FE710CF18C880BABB7E1FB89700F54882EF9888B351DB75A841CF5A
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID:
                        • String ID: 0
                        • API String ID: 0-4108050209
                        • Opcode ID: b6c602b1dd263d2c99a5ec9127bd928e029cd45f71d746a48c0c49a5726287e2
                        • Instruction ID: 268d240ecd79f719a1425e83c09d650ed443e1bf0ac8ef4f8d51517adc50c1d2
                        • Opcode Fuzzy Hash: b6c602b1dd263d2c99a5ec9127bd928e029cd45f71d746a48c0c49a5726287e2
                        • Instruction Fuzzy Hash: B6210D765042206BEB15DF08D844B97B7A4FBDA310F44492BEE9897250D379E848C7AA
                        APIs
                        • SendMessageW.USER32(00000000,00000143,00000000,?), ref: 00451305
                        • SendMessageW.USER32(00000000,0000014E,00000000,00000000), ref: 00451313
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: MessageSend
                        • String ID: Combobox
                        • API String ID: 3850602802-2096851135
                        • Opcode ID: 0499e5d8541f4f9e55005c4c3969ca7e279e19a534152943b96dd4c6f47caa3c
                        • Instruction ID: f266216a818347eeb58d59163185d0479ace604409515c443b0f4894c7ad90f2
                        • Opcode Fuzzy Hash: 0499e5d8541f4f9e55005c4c3969ca7e279e19a534152943b96dd4c6f47caa3c
                        • Instruction Fuzzy Hash: D9110A72A0430067E6109AA4DC80F5BB3D8EB99735F10071BFA24E72E1D774FC448768
                        APIs
                        • GetWindowTextLengthW.USER32(00000000), ref: 004515DA
                        • SendMessageW.USER32(?,000000B1,00000000,00000000), ref: 004515EA
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: LengthMessageSendTextWindow
                        • String ID: edit
                        • API String ID: 2978978980-2167791130
                        • Opcode ID: 255065f22875c24af3de74cb0bd99753dbe1335258aa39c92c973eb9156a9169
                        • Instruction ID: b80de1f22085cd2d24dcce0fe83431d10f7d2aff66e66183492c5b70af3c9e13
                        • Opcode Fuzzy Hash: 255065f22875c24af3de74cb0bd99753dbe1335258aa39c92c973eb9156a9169
                        • Instruction Fuzzy Hash: 2011E4716003006BD6109A64D884F6BB3DCEBD8335F104B1EFA61D32E1D779EC458729
                        APIs
                        • Sleep.KERNEL32(00000000), ref: 00474833
                        • GlobalMemoryStatusEx.KERNEL32 ref: 00474846
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: GlobalMemorySleepStatus
                        • String ID: @
                        • API String ID: 2783356886-2766056989
                        • Opcode ID: 6b539aa5d60aaa410447b6e5f9627e9a7b549f395ce9a021d490b3e8c5b2361e
                        • Instruction ID: 41c327e25453105c4ca6c880754d33c67e761007402a238c65fd2e715fefe222
                        • Opcode Fuzzy Hash: 6b539aa5d60aaa410447b6e5f9627e9a7b549f395ce9a021d490b3e8c5b2361e
                        • Instruction Fuzzy Hash: 4421C230929A14B7C2107F6ABD4BB5E7BB8AF44716F008C5DF5C562094DF785268836F
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: htonsinet_addr
                        • String ID: 255.255.255.255
                        • API String ID: 3832099526-2422070025
                        • Opcode ID: 8f81358a7508e033a1ccca041802c5cf6ea433113977ffec7d790c03bda6a3ba
                        • Instruction ID: e3b5e028fda38c0aed97ec3d425ece65e45bc088e5f3683a6f0e3ee8de0e9224
                        • Opcode Fuzzy Hash: 8f81358a7508e033a1ccca041802c5cf6ea433113977ffec7d790c03bda6a3ba
                        • Instruction Fuzzy Hash: 6F11253620030057DA10EB69C882F9BB394EFC4728F00896BFA105B283D679F45A832E
                        APIs
                          • Part of subcall function 00401B70: _wcslen.LIBCMT ref: 00401B71
                        • SendMessageW.USER32(00000000,000001A2,000000FF,00000000), ref: 00469547
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: MessageSend_wcslen
                        • String ID: ComboBox$ListBox
                        • API String ID: 455545452-1403004172
                        • Opcode ID: 19b239a33d6ccea3c1be09f9a3ff48f3ef4fb117e78275193105084191351ab7
                        • Instruction ID: d7878a024921556205560296ec06e6abf53b779169672b4943ab7ad66f70e2c7
                        • Opcode Fuzzy Hash: 19b239a33d6ccea3c1be09f9a3ff48f3ef4fb117e78275193105084191351ab7
                        • Instruction Fuzzy Hash: 2601D6327011106B8600BB299C019AFB39DDBC2370F544A2FF965573D1EA39AC0E476A
                        APIs
                        • InternetOpenW.WININET(?,00000000,00000000,00000000,00000000), ref: 00442B8C
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: InternetOpen
                        • String ID: <local>
                        • API String ID: 2038078732-4266983199
                        • Opcode ID: 6ab628e9b643b7f337e7eb9a1eb164a667740d16f62f34970bb7649561c47b18
                        • Instruction ID: 525aca290fb55aeb65c4bf55ca0deee88c9418ef2a1db54778758d1eb2e06c8a
                        • Opcode Fuzzy Hash: 6ab628e9b643b7f337e7eb9a1eb164a667740d16f62f34970bb7649561c47b18
                        • Instruction Fuzzy Hash: 9011A934144751AAF621DF108D86FB77794FB50B01F50480FF9866B2C0D6F4B848C766
                        APIs
                          • Part of subcall function 00401B70: _wcslen.LIBCMT ref: 00401B71
                        • SendMessageW.USER32(00000000,00000180,00000000,00000000), ref: 00469660
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: MessageSend_wcslen
                        • String ID: ComboBox$ListBox
                        • API String ID: 455545452-1403004172
                        • Opcode ID: 9c387d355752c609e3ec3b71bdfa1ce54c6356e755a59a855018ee08606d8eab
                        • Instruction ID: 486d2595d5a7427da4a9c048e684990a8dc9cac685a8154682435d05c4426571
                        • Opcode Fuzzy Hash: 9c387d355752c609e3ec3b71bdfa1ce54c6356e755a59a855018ee08606d8eab
                        • Instruction Fuzzy Hash: A101D87274121027C600BA259C01AEBB39CEB96354F04443BF94597291EA6DED0E43AA
                        APIs
                          • Part of subcall function 00401B70: _wcslen.LIBCMT ref: 00401B71
                        • SendMessageW.USER32(00000182,00000182,?,00000000), ref: 004695D6
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: MessageSend_wcslen
                        • String ID: ComboBox$ListBox
                        • API String ID: 455545452-1403004172
                        • Opcode ID: ebc0188a5584a95c85a0cdadc4297c14a5cc600b4744d97cee4f9a5f6612b8f9
                        • Instruction ID: 72d13aeac174e9c1a3a177398698555a642000804846b33da1492f44d6438514
                        • Opcode Fuzzy Hash: ebc0188a5584a95c85a0cdadc4297c14a5cc600b4744d97cee4f9a5f6612b8f9
                        • Instruction Fuzzy Hash: 4D01A77374111067C610BA6A9C01AEB739CABD2364F44443BF94597292EA7DED0E43AA
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: _strncmp
                        • String ID: ,$UTF8)
                        • API String ID: 909875538-2632631837
                        • Opcode ID: 727c7c5760fb27673dbb24875b26f121239a8201232c39922ad2fa80f7f85d54
                        • Instruction ID: 35c0b5e4e6bd282640ba12729024cfd3588da47ca1ed1c49f01331a057b7ec9b
                        • Opcode Fuzzy Hash: 727c7c5760fb27673dbb24875b26f121239a8201232c39922ad2fa80f7f85d54
                        • Instruction Fuzzy Hash: 7601B575A083805BE720DE20CC85BA773A1AB81319F58492ED8D5872A1F73DD449C75B
                        APIs
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: _strncmp
                        • String ID: ,$UTF8)
                        • API String ID: 909875538-2632631837
                        • Opcode ID: abd9c85c193eb76a615b38e8260140970f327620044c052ec7ea970ca86f7e2a
                        • Instruction ID: b3c6803870d1b21283bf32431af321d4190ac902c568a1d8b2e557ddf245ca97
                        • Opcode Fuzzy Hash: abd9c85c193eb76a615b38e8260140970f327620044c052ec7ea970ca86f7e2a
                        • Instruction Fuzzy Hash: 1E01D875A043805BE720DE20CC85B6773A19B4131AF68492FD8D6872A1F73DD449C75B
                        APIs
                        • SendMessageW.USER32(?,00001001,00000000,?), ref: 004560BA
                          • Part of subcall function 0041171A: _malloc.LIBCMT ref: 00411734
                        • wsprintfW.USER32 ref: 004560E9
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: MessageSend_mallocwsprintf
                        • String ID: %d/%02d/%02d
                        • API String ID: 1262938277-328681919
                        • Opcode ID: dc5fd9a877cd0fc352ed6de9b5f97ee6fb2dcbb154e3a48ad4a1e49fbb654ae8
                        • Instruction ID: 2a73c44ac592e0fe880a68d863bd42ca8887a008949f121bccc13d44bcf2ebb3
                        • Opcode Fuzzy Hash: dc5fd9a877cd0fc352ed6de9b5f97ee6fb2dcbb154e3a48ad4a1e49fbb654ae8
                        • Instruction Fuzzy Hash: 13F08272744220A7E2105BA5AC01BBFB3D4EB84762F10443BFE44D12C0E66E8455D7BA
                        APIs
                        • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 0044226C
                        • PostMessageW.USER32(00000000,00000111,00000197,00000000), ref: 0044227F
                          • Part of subcall function 00436272: Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,0044269D,0000000A), ref: 00436287
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: FindMessagePostSleepWindow
                        • String ID: Shell_TrayWnd
                        • API String ID: 529655941-2988720461
                        • Opcode ID: 62d1e1a02585172d548c808ed695c1d9d3028cc69dace886715b1b3d1423c17e
                        • Instruction ID: f0ed9326d30a696a9ade51716a531e8bd1705000bbe21894ac7a57cb5589152b
                        • Opcode Fuzzy Hash: 62d1e1a02585172d548c808ed695c1d9d3028cc69dace886715b1b3d1423c17e
                        • Instruction Fuzzy Hash: 71D0A772F8130177E92077706D0FFCB26246F14710F010C3AB305AA1C0D4E8D440C358
                        APIs
                        • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00442240
                        • PostMessageW.USER32(00000000), ref: 00442247
                          • Part of subcall function 00436272: Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,0044269D,0000000A), ref: 00436287
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: FindMessagePostSleepWindow
                        • String ID: Shell_TrayWnd
                        • API String ID: 529655941-2988720461
                        • Opcode ID: d3682f88803cb2a3efb7847c83fab5a73234bf1983908037f6894d5424c159e3
                        • Instruction ID: d1e5b9be119239975405e397b0c0efdc35250005003305bf123d4268f2ecb06f
                        • Opcode Fuzzy Hash: d3682f88803cb2a3efb7847c83fab5a73234bf1983908037f6894d5424c159e3
                        • Instruction Fuzzy Hash: 4DD05E72B813013BE92076706D0FF8B26246B14710F010C2AB205AA1C0D4E8A4408358
                        APIs
                        • MessageBoxW.USER32(00000000,Error allocating memory.,AutoIt,00000010), ref: 00439522
                          • Part of subcall function 00411A1F: _doexit.LIBCMT ref: 00411A2B
                        Strings
                        Memory Dump Source
                        • Source File: 00000000.00000002.2262992097.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                        • Associated: 00000000.00000002.2262978923.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263066135.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263081159.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                        • Associated: 00000000.00000002.2263110228.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                        Joe Sandbox IDA Plugin
                        • Snapshot File: hcaresult_0_2_400000_Aviso de cuenta vencida de DHL - 1606622076_86576432567897664542354656.jbxd
                        Similarity
                        • API ID: Message_doexit
                        • String ID: AutoIt$Error allocating memory.
                        • API String ID: 1993061046-4017498283
                        • Opcode ID: 98c4a6cf209f69c689245cd57ea7e643062e7ce984d6ae84015e6f4dd77dfbd0
                        • Instruction ID: 5d68346425d2699d55792fe39b85c2381918ba1f955abba655776c5540820644
                        • Opcode Fuzzy Hash: 98c4a6cf209f69c689245cd57ea7e643062e7ce984d6ae84015e6f4dd77dfbd0
                        • Instruction Fuzzy Hash: 82B092343C038627E20437A01C0BF8C28049B64F42F220C2AB308384D259D90080231E